Fix error at cloning authentication context.

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/cache/AuthenticationContextLoader.java

@@ -314,11 +314,11 @@ private IdentityProvider getIdPByIdPName(String idPName, String tenantDomain)
     private IdentityProvider getIdPByResourceID(String resourceId, String tenantDomain)
             throws SessionDataStorageOptimizationException {
 
-        IdentityProviderManager manager =
-                (IdentityProviderManager) FrameworkServiceDataHolder.getInstance().getIdentityProviderManager();
         IdentityProvider idp;
         try {
-            idp = manager.getIdPByResourceId(resourceId, tenantDomain, false);
+            idp = ApplicationAuthenticatorManager.getInstance().getSerializableIdPByResourceId(
+                    resourceId, tenantDomain);
+
             if (idp == null) {
                 throw new SessionDataStorageOptimizationClientException(
                         String.format("Cannot find the Identity Provider by the resource ID: %s " +
@@ -332,7 +332,7 @@ private IdentityProvider getIdPByResourceID(String resourceId, String tenantDoma
             throw new SessionDataStorageOptimizationServerException(
                     String.format("IDP management server error. Failed to get the Identity Provider by " +
                                     "resource id: %s tenant domain: %s", resourceId, tenantDomain), e);
-        } catch (IdentityProviderManagementException e) {
+        } catch (IdentityProviderManagementException | FrameworkException e) {
             throw new SessionDataStorageOptimizationServerException(
                     String.format("Failed to get the Identity Provider by resource id: %s tenant domain: %s",
                             resourceId, tenantDomain), e);

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/OptimizedApplicationConfig.java

@@ -25,7 +25,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationClientException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationServerException;
-import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
+import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
 import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
 import org.wso2.carbon.identity.application.common.exception.AuthenticatorMgtException;
 import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
@@ -337,12 +337,10 @@ private IdentityProvider[] getFederatedIdPs(List<String> federatedIdPResourceIds
             throws FrameworkException {
 
         IdentityProvider[] idPs = new IdentityProvider[federatedIdPResourceIds.size()];
-        IdentityProviderManager manager =
-                (IdentityProviderManager) FrameworkServiceDataHolder.getInstance().getIdentityProviderManager();
         for (int i = 0; i < federatedIdPResourceIds.size(); i++) {
             try {
-                IdentityProvider idp = manager.getIdPByResourceId(federatedIdPResourceIds.get(i), tenantDomain,
-                        false);
+                IdentityProvider idp = ApplicationAuthenticatorManager.getInstance().getSerializableIdPByResourceId(
+                        federatedIdPResourceIds.get(i), tenantDomain);
                 if (idp == null) {
                     throw new SessionDataStorageOptimizationClientException(
                             String.format("Cannot find the IdP by the resource Id: %s Tenant Domain: %s",
@@ -379,12 +377,10 @@ private IdentityProvider[] getIdPsFromOptimizedFederatedIdPs(
             throws FrameworkException {
 
         List<IdentityProvider> idPList = new ArrayList<>();
-        IdentityProviderManager manager =
-                (IdentityProviderManager) FrameworkServiceDataHolder.getInstance().getIdentityProviderManager();
         for (OptimizedAuthStep.OptimizedFederatedIdP optimizedFederatedIdP : optimizedFederatedIdPs) {
             try {
-                IdentityProvider idPByResourceId = manager.getIdPByResourceId(optimizedFederatedIdP.getIdpResourceId(),
-                        tenantDomain, false);
+                IdentityProvider idPByResourceId = ApplicationAuthenticatorManager.getInstance()
+                        .getSerializableIdPByResourceId(optimizedFederatedIdP.getIdpResourceId(), tenantDomain);
                 if (idPByResourceId == null) {
                     throw new SessionDataStorageOptimizationClientException(
                             String.format("Cannot find the IdP by the resource Id: %s Tenant Domain: %s",

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/config/model/OptimizedAuthenticatorConfig.java

@@ -26,13 +26,11 @@
 import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationClientException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.session.storage.SessionDataStorageOptimizationServerException;
-import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
 import org.wso2.carbon.identity.application.authentication.framework.internal.core.ApplicationAuthenticatorManager;
 import org.wso2.carbon.identity.application.common.model.IdentityProvider;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementServerException;
-import org.wso2.carbon.idp.mgt.IdentityProviderManager;
 
 import java.io.Serializable;
 import java.util.ArrayList;
@@ -111,11 +109,10 @@ private IdentityProvider getIdPByResourceID(String resourceId, String tenantDoma
                     String.format("Null parameters passed while getting IDPs by the resource ID: %s " +
                     "tenant domain: %s", resourceId, tenantDomain));
         }
-        IdentityProviderManager manager =
-                (IdentityProviderManager) FrameworkServiceDataHolder.getInstance().getIdentityProviderManager();
         IdentityProvider idp;
         try {
-            idp = manager.getIdPByResourceId(resourceId, tenantDomain, false);
+            idp = ApplicationAuthenticatorManager.getInstance().getSerializableIdPByResourceId(
+                    resourceId, tenantDomain);
             if (idp == null) {
                 throw new SessionDataStorageOptimizationClientException(
                         String.format("Cannot find the Identity Provider by the resource ID: %s " +
@@ -129,7 +126,7 @@ private IdentityProvider getIdPByResourceID(String resourceId, String tenantDoma
             throw new SessionDataStorageOptimizationServerException(
                     String.format("IDP management server error occurred. Failed to get the Identity Provider by " +
                                     "resource id: %s tenant domain: %s", resourceId, tenantDomain), e);
-        } catch (IdentityProviderManagementException e) {
+        } catch (IdentityProviderManagementException | FrameworkException e) {
             throw new SessionDataStorageOptimizationException(
                     String.format("IDP management error occurred. Failed to get the Identity Provider by " +
                                     "resource id: %s tenant domain: %s", resourceId, tenantDomain), e);

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/context/AuthenticationContext.java

@@ -22,17 +22,12 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang3.SerializationUtils;
 import org.wso2.carbon.identity.application.authentication.framework.AuthenticatorStateInfo;
-import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
-import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedIdPData;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
-import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
-import org.wso2.carbon.identity.application.common.model.IdentityProvider;
-import org.wso2.carbon.identity.application.common.model.UserDefinedFederatedAuthenticatorConfig;
 import org.wso2.carbon.identity.base.IdentityRuntimeException;
 import org.wso2.carbon.identity.core.bean.context.MessageContext;
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
@@ -860,43 +855,6 @@ public void setExpiryTime(long expiryTimeNano) {
      */
     public Object clone () {
 
-        removeNonSerializableObjects();
         return SerializationUtils.clone(this);
     }
-
-    private void removeNonSerializableObjects() {
-
-        /* Remove non-serializable UserDefinedAuthenticatorEndpointConfig objects from the
-         UserDefinedFederatedAuthenticatorConfig in the context. The UserDefinedAuthenticatorEndpointConfig contains
-         the endpoint URI and the authentication type of the corresponding action. However, this information is not
-         used in the authentication flow. Instead, the action ID in the authenticator property is used to resolve the
-         corresponding action. */
-        if (sequenceConfig == null || sequenceConfig.getStepMap() == null) {
-            return;
-        }
-
-        for (StepConfig stepConfig : sequenceConfig.getStepMap().values()) {
-            if (stepConfig == null || stepConfig.getAuthenticatorList() == null) {
-                continue;
-            }
-
-            for (AuthenticatorConfig authenticatorConfig : stepConfig.getAuthenticatorList()) {
-                if (stepConfig.getAuthenticatorList() == null) {
-                    continue;
-                }
-
-                for (IdentityProvider idp : authenticatorConfig.getIdps().values()) {
-                    if (idp == null || idp.getFederatedAuthenticatorConfigs() == null) {
-                        continue;
-                    }
-
-                    for (FederatedAuthenticatorConfig authConfig : idp.getFederatedAuthenticatorConfigs()) {
-                        if (authConfig instanceof UserDefinedFederatedAuthenticatorConfig) {
-                            ((UserDefinedFederatedAuthenticatorConfig) authConfig).setEndpointConfig(null);
-                        }
-                    }
-                }
-            }
-        }
-    }
 }

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/core/ApplicationAuthenticatorManager.java

@@ -18,12 +18,14 @@
 
 package org.wso2.carbon.identity.application.authentication.framework.internal.core;
 
+import com.google.gson.Gson;
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
 import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
 import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
 import org.wso2.carbon.identity.application.common.exception.AuthenticatorMgtException;
 import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
+import org.wso2.carbon.identity.application.common.model.IdentityProvider;
 import org.wso2.carbon.identity.application.common.model.UserDefinedFederatedAuthenticatorConfig;
 import org.wso2.carbon.identity.application.common.model.UserDefinedLocalAuthenticatorConfig;
 import org.wso2.carbon.identity.core.util.IdentityConfigParser;
@@ -117,8 +119,8 @@ public List<ApplicationAuthenticator> getAllAuthenticators(String tenantDomain)
                         .getUserDefinedLocalAuthenticator(localConfig));
             }
 
-            FederatedAuthenticatorConfig[] fedConfig = IdentityProviderManager.getInstance()
-                    .getAllFederatedAuthenticators(tenantDomain);
+            FederatedAuthenticatorConfig[] fedConfig = FrameworkServiceDataHolder.getInstance()
+                    .getIdentityProviderManager().getAllFederatedAuthenticators(tenantDomain);
             for (FederatedAuthenticatorConfig fedAuth : fedConfig) {
                 if (fedAuth instanceof UserDefinedFederatedAuthenticatorConfig) {
                     allAuthenticators.add(FrameworkServiceDataHolder.getInstance().getUserDefinedAuthenticatorService()
@@ -164,8 +166,8 @@ public ApplicationAuthenticator getApplicationAuthenticatorByName(String authent
             }
 
             // Check whether the authenticator config is the user defined fed authenticator config, if so resolve it.
-            FederatedAuthenticatorConfig[] fedConfig = IdentityProviderManager.getInstance()
-                    .getAllFederatedAuthenticators(tenantDomain);
+            FederatedAuthenticatorConfig[] fedConfig = FrameworkServiceDataHolder.getInstance()
+                    .getIdentityProviderManager().getAllFederatedAuthenticators(tenantDomain);
             for (FederatedAuthenticatorConfig fedAuth : fedConfig) {
                 if (fedAuth instanceof UserDefinedFederatedAuthenticatorConfig &&
                         fedAuth.getName().equals(authenticatorName)) {
@@ -184,4 +186,23 @@ private boolean isAuthenticationActionEnabled() {
         return  Boolean.parseBoolean((String) IdentityConfigParser.getInstance()
                 .getConfiguration().get(AUTHENTICATION_ACTION_ENABLED_PROP));
     }
+
+    public IdentityProvider getSerializableIdPByResourceId(String resourceId, String tenantDomain)
+            throws FrameworkException, IdentityProviderManagementException {
+
+        /* Remove non-serializable UserDefinedAuthenticatorEndpointConfig objects from the identityProviders in the
+         authentication context.
+         The UserDefinedAuthenticatorEndpointConfig contains the endpoint URI and authentication type for the
+         corresponding action. However, this information is not utilized in the authentication flow. Instead,
+         the action ID in the authenticator property is used to resolve the corresponding action.
+         Since the FederatedAuthenticatorConfig model is used in the IdentityProvider class, when creating a deep
+         clone of the Identity Provider, convert the UserDefinedFederatedAuthenticatorConfig object to
+         a FederatedAuthenticatorConfig instance. */
+        IdentityProviderManager manager =
+                (IdentityProviderManager) FrameworkServiceDataHolder.getInstance().getIdentityProviderManager();
+        Gson gson = new Gson();
+        return gson.fromJson(
+                gson.toJson(manager.getIdPByResourceId(resourceId, tenantDomain, false)),
+                IdentityProvider.class);
+    }
 }

components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java

@@ -881,6 +881,11 @@ public IdentityProvider getIdPById(String id, String tenantDomain,
         return identityProvider;
     }
 
+    /* Note: The UserDefinedFederatedAuthenticatorConfig object in the IdentityProvider is not serializable using
+     org.apache.commons.lang3.SerializationUtils, which is used in the authentication framework to clone the
+     authentication context. Hence, use getSerializableIdPByResourceId(String, String) in FrameworkUtils, which provides
+     an in IdentityProvider instance with the UserDefinedFederatedAuthenticatorConfig converted to a
+     FederatedAuthenticatorConfig. */
     @Override
     public IdentityProvider getIdPByResourceId(String resourceId, String tenantDomain, boolean
             ignoreFileBasedIdps) throws IdentityProviderManagementException {