wso2 · Eranda2001 · Feb 6, 2025 · Feb 6, 2025 · Feb 14, 2025 · Feb 25, 2025
diff --git a/...ain/java/org/wso2/carbon/identity/application/common/ApplicationAuthenticatorService.java b/...ain/java/org/wso2/carbon/identity/application/common/ApplicationAuthenticatorService.java
@@ -301,10 +301,62 @@ public UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(
     }
 
     /**
-     * Update a Local Application Authenticator configuration.
+     * Add a system defined Local Application Authenticator configuration.
      *
-     * @param authenticatorName   Name of Local Application Authenticator configuration to be deleted.
+     * @param authenticatorConfig Local Application Authenticator configuration.
      * @param tenantDomain        Tenant domain.
+     * @throws AuthenticatorMgtException If an error occurs while adding the authenticator configuration.
+     */
+    public LocalAuthenticatorConfig addSystemDefinedLocalAuthenticator(
+            LocalAuthenticatorConfig authenticatorConfig, String tenantDomain)
+            throws AuthenticatorMgtException {
+
+        if (isAuthenticatorExistsInDB(authenticatorConfig.getName(), tenantDomain)) {
+            throw buildClientException(AuthenticatorMgtError.ERROR_AUTHENTICATOR_ALREADY_EXIST,
+                    authenticatorConfig.getName());
+        }
+        for (LocalAuthenticatorConfig localAuthenticator : localAuthenticators) {
+            if (localAuthenticator.getName().equals(authenticatorConfig.getName())) {
+                authenticatorConfig.setEnabled(localAuthenticator.getEnabled());
+                authenticatorConfig.setDisplayName(localAuthenticator.getDisplayName());
+                break;
+            }
+        }
+        return dao.addSystemLocalAuthenticator(
+                authenticatorConfig, IdentityTenantUtil.getTenantId(tenantDomain));
+    }
+
+    /**
+     * Update a Local Application Authenticator configuration.
+     *
+     * @param authenticatorConfig Local Application Authenticator configuration.
+     */
+    public LocalAuthenticatorConfig updateAuthenticatorAmrValue(
+            LocalAuthenticatorConfig authenticatorConfig, String tenantDomain)
+            throws AuthenticatorMgtException {
+
+        authenticatorValidator.validateAmrValue(authenticatorConfig.getAmrValue());
+        LocalAuthenticatorConfig existingConfig = resolveExistingSystemLocalAuthenticator(authenticatorConfig.getName(),
+                tenantDomain);
+        if (existingConfig == null) {
+            for (LocalAuthenticatorConfig localAuthenticator : localAuthenticators) {
+                if (localAuthenticator.getName().equals(authenticatorConfig.getName())) {
+                    existingConfig = addSystemDefinedLocalAuthenticator(authenticatorConfig, tenantDomain);
+                    return existingConfig;
+                }
+            }
+            throw buildClientException(AuthenticatorMgtError.ERROR_NOT_FOUND_AUTHENTICATOR,
+                    authenticatorConfig.getName());
+        }
+        return dao.updateSystemLocalAuthenticatorAmrValue(
+                existingConfig, authenticatorConfig, IdentityTenantUtil.getTenantId(tenantDomain));
+    }
+
+    /**
+     * Update a Local Application Authenticator configuration.
+     *
+     * @param authenticatorName Name of Local Application Authenticator configuration to be deleted.
+     * @param tenantDomain Tenant domain.
      * @throws AuthenticatorMgtException If an error occurs while deleting the authenticator configuration.
      */
     public void deleteUserDefinedLocalAuthenticator(String authenticatorName, String tenantDomain)
@@ -339,7 +391,7 @@ public UserDefinedLocalAuthenticatorConfig getUserDefinedLocalAuthenticator(Stri
      * Check whether any local or federated authenticator configuration exists with the given name.
      *
      * @param authenticatorName Name of the authenticator.
-     * @param tenantDomain      Tenant domain.
+     * @param tenantDomain Tenant domain.
      * @return True if an authenticator with the given name exists.
      * @throws AuthenticatorMgtException If an error occurs while checking the existence of the authenticator.
      */
@@ -374,4 +426,16 @@ private UserDefinedLocalAuthenticatorConfig resolveExistingAuthenticator(String
 
         return dao.getUserDefinedLocalAuthenticator(authenticatorName, IdentityTenantUtil.getTenantId(tenantDomain));
     }
+
+    private LocalAuthenticatorConfig resolveExistingSystemLocalAuthenticator(String authenticatorName,
+            String tenantDomain) throws AuthenticatorMgtException {
+
+        return dao.getSystemLocalAuthenticator(authenticatorName, IdentityTenantUtil.getTenantId(tenantDomain));
+    }
+
+    private boolean isAuthenticatorExistsInDB(String authenticatorName, String tenantDomain)
+            throws AuthenticatorMgtException {
+
+        return dao.isExistingAuthenticatorName(authenticatorName, IdentityTenantUtil.getTenantId(tenantDomain));
+    }
 }
diff --git a/...va/org/wso2/carbon/identity/application/common/cache/SystemDefinedAuthenticatorCache.java b/...va/org/wso2/carbon/identity/application/common/cache/SystemDefinedAuthenticatorCache.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.common.cache;
+
+import org.wso2.carbon.identity.core.cache.BaseCache;
+import org.wso2.carbon.utils.CarbonUtils;
+
+/**
+ * Cache for the system defined authenticator configurations.
+ */
+public class SystemDefinedAuthenticatorCache extends
+        BaseCache<SystemDefinedAuthenticatorCacheKey, SystemDefinedAuthenticatorCacheEntry> {
+
+    private static final String SYSTEM_DEFINED_AUTHENTICATOR_CACHE_NAME = "SystemDefinedAuthenticatorCache";
+    private static final SystemDefinedAuthenticatorCache INSTANCE = new SystemDefinedAuthenticatorCache();
+
+    private SystemDefinedAuthenticatorCache() {
+        super(SYSTEM_DEFINED_AUTHENTICATOR_CACHE_NAME);
+    }
+
+    public static SystemDefinedAuthenticatorCache getInstance() {
+
+        CarbonUtils.checkSecurity();
+        return INSTANCE;
+    }
+}
diff --git a/...g/wso2/carbon/identity/application/common/cache/SystemDefinedAuthenticatorCacheEntry.java b/...g/wso2/carbon/identity/application/common/cache/SystemDefinedAuthenticatorCacheEntry.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.common.cache;
+
+import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
+import org.wso2.carbon.identity.core.cache.CacheEntry;
+
+/**
+ * Cache Entry for the system defined authenticator configurations.
+ */
+public class SystemDefinedAuthenticatorCacheEntry extends CacheEntry {
+
+    private LocalAuthenticatorConfig authenticatorConfig;
+
+    public SystemDefinedAuthenticatorCacheEntry(LocalAuthenticatorConfig authenticatorConfig) {
+
+        this.authenticatorConfig = authenticatorConfig;
+    }
+
+    public LocalAuthenticatorConfig getAuthenticatorConfig() {
+
+        return authenticatorConfig;
+    }
+
+    public void setAuthenticatorConfig(LocalAuthenticatorConfig authenticatorConfig) {
+
+        this.authenticatorConfig = authenticatorConfig;
+    }
+}
diff --git a/...org/wso2/carbon/identity/application/common/cache/SystemDefinedAuthenticatorCacheKey.java b/...org/wso2/carbon/identity/application/common/cache/SystemDefinedAuthenticatorCacheKey.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.common.cache;
+
+import org.wso2.carbon.identity.core.cache.BaseCache;
+import org.wso2.carbon.identity.core.cache.CacheKey;
+
+/**
+ * Cache key for the system defined authenticator configurations.
+ */
+public class SystemDefinedAuthenticatorCacheKey extends CacheKey {
+
+    private final String authenticatorName;
+
+    public SystemDefinedAuthenticatorCacheKey(String authenticatorName) {
+
+        this.authenticatorName = authenticatorName;
+    }
+
+    public String getAuthenticatorName() {
+
+        return authenticatorName;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+
+        if (!(o instanceof AuthenticatorCacheKey)) {
+            return false;
+        }
+        return authenticatorName.equals(((AuthenticatorCacheKey) o).getAuthenticatorName());
+    }
+
+    @Override
+    public int hashCode() {
+
+        return authenticatorName.hashCode();
+    }
+}
diff --git a/...va/org/wso2/carbon/identity/application/common/constant/AuthenticatorMgtSQLConstants.java b/...va/org/wso2/carbon/identity/application/common/constant/AuthenticatorMgtSQLConstants.java
@@ -47,6 +47,7 @@ public static class Column {
         public static final String IS_SECRET = "IS_SECRET";
         public static final String IMAGE_URL = "IMAGE_URL";
         public static final String DESCRIPTION = "DESCRIPTION";
+        public static final String AMR_VALUE = "AMR_VALUE";
 
         private Column() {
 
@@ -64,9 +65,32 @@ public static class Query {
                 " (:TENANT_ID;, (SELECT ID FROM IDP WHERE IDP.NAME = :IDP_NAME; AND IDP.TENANT_ID = :TENANT_ID;), " +
                 ":NAME;, :IS_ENABLED;, :DEFINED_BY;, :AUTHENTICATION_TYPE;, :DISPLAY_NAME;, " +
                 ":IMAGE_URL;, :DESCRIPTION;)";
+        public static final String ADD_AUTHENTICATOR_SQL_WITH_AMR = "INSERT INTO IDP_AUTHENTICATOR " +
+                "(TENANT_ID, IDP_ID, NAME, IS_ENABLED, DEFINED_BY, AMR_VALUE, AUTHENTICATION_TYPE," +
+                " DISPLAY_NAME, IMAGE_URL, DESCRIPTION) VALUES" +
+                " (:TENANT_ID;, (SELECT ID FROM IDP WHERE IDP.NAME = :IDP_NAME; AND IDP.TENANT_ID = :TENANT_ID;), " +
+                ":NAME;, :IS_ENABLED;, :DEFINED_BY;, :AUTHENTICATION_TYPE;, :DISPLAY_NAME;, " +
+                ":IMAGE_URL;, :DESCRIPTION;)";
+        public static final String ADD_SYSTEM_LOCAL_AUTHENTICATOR_SQL = "INSERT INTO IDP_AUTHENTICATOR " +
+                "(TENANT_ID, IDP_ID, NAME, IS_ENABLED, DEFINED_BY, AMR_VALUE, AUTHENTICATION_TYPE, DISPLAY_NAME) " +
+                "VALUES " +
+                "(:TENANT_ID;, " +
+                "(SELECT ID FROM IDP WHERE NAME = :IDP_NAME; AND TENANT_ID = :TENANT_ID;), " +
+                ":NAME;, :IS_ENABLED;, :DEFINED_BY;, :AMR_VALUE;, :AUTHENTICATION_TYPE;, :DISPLAY_NAME;)";
         public static final String UPDATE_AUTHENTICATOR_SQL = "UPDATE IDP_AUTHENTICATOR SET IS_ENABLED = " +
                 ":IS_ENABLED;, DISPLAY_NAME = :DISPLAY_NAME;, IMAGE_URL = :IMAGE_URL;, DESCRIPTION = :DESCRIPTION; " +
                 "WHERE NAME = :NAME; AND TENANT_ID = :TENANT_ID;";
+        public static final String UPDATE_AUTHENTICATOR_SQL_WITH_AMR = "UPDATE IDP_AUTHENTICATOR SET IS_ENABLED = " +
+                ":IS_ENABLED;, DISPLAY_NAME = :DISPLAY_NAME;, IMAGE_URL = :IMAGE_URL;, DESCRIPTION = :DESCRIPTION;, " +
+                "AMR_VALUE = :AMR_VALUE" +
+                " " +
+                "WHERE NAME = :NAME; AND TENANT_ID = :TENANT_ID;";
+        public static final String UPDATE_AUTHENTICATOR_AMR_VALUE_SQL = "UPDATE IDP_AUTHENTICATOR SET AMR_VALUE = " +
+                ":AMR_VALUE; WHERE NAME = :NAME; AND TENANT_ID = :TENANT_ID;";
+        public static final String GET_SYSTEM_DEFINED_LOCAL_AUTHENTICATOR_SQL = "SELECT * FROM IDP_AUTHENTICATOR " +
+                "WHERE DEFINED_BY = :DEFINED_BY; AND NAME = :NAME; AND TENANT_ID = :TENANT_ID;" +
+                "AND IDP_ID IN (SELECT ID FROM IDP WHERE IDP.NAME = :IDP_NAME; " +
+                "AND IDP.TENANT_ID = :TENANT_ID;)";
         public static final String GET_USER_DEFINED_LOCAL_AUTHENTICATOR_SQL = "SELECT * FROM IDP_AUTHENTICATOR " +
                 "WHERE DEFINED_BY = :DEFINED_BY; AND NAME = :NAME; AND TENANT_ID = :TENANT_ID;" +
                 "AND IDP_ID IN (SELECT ID FROM IDP WHERE IDP.NAME = :IDP_NAME; " +
@@ -79,6 +103,13 @@ public static class Query {
                         "WHERE DEFINED_BY = :DEFINED_BY; AND TENANT_ID = :TENANT_ID; " +
                         "AND IDP_ID IN (SELECT ID FROM IDP WHERE IDP.NAME = :IDP_NAME; " +
                         "AND IDP.TENANT_ID = :TENANT_ID;)";
+        public static final String GET_ALL_USER_DEFINED_AUTHENTICATOR_SQL_WITH_AMR =
+                "SELECT AUTHENTICATION_TYPE, NAME, DISPLAY_NAME, AMR_VALUE, IMAGE_URL, DESCRIPTION, IS_ENABLED, " +
+                        "DEFINED_BY, ID " +
+                        "FROM IDP_AUTHENTICATOR " +
+                        "WHERE DEFINED_BY = :DEFINED_BY; AND TENANT_ID = :TENANT_ID; " +
+                        "AND IDP_ID IN (SELECT ID FROM IDP WHERE IDP.NAME = :IDP_NAME; " +
+                        "AND IDP.TENANT_ID = :TENANT_ID;)";
         public static final String DELETE_AUTHENTICATOR_SQL = "DELETE FROM IDP_AUTHENTICATOR WHERE NAME = :NAME; " +
                 " AND TENANT_ID = :TENANT_ID;";
         public static final String GET_AUTHENTICATOR_ID_SQL = "SELECT ID FROM IDP_AUTHENTICATOR " +

diff --git a/...main/java/org/wso2/carbon/identity/application/common/dao/AuthenticatorManagementDAO.java b/...main/java/org/wso2/carbon/identity/application/common/dao/AuthenticatorManagementDAO.java
@@ -19,6 +19,8 @@
 package org.wso2.carbon.identity.application.common.dao;
 
 import org.wso2.carbon.identity.application.common.exception.AuthenticatorMgtException;
+import org.wso2.carbon.identity.application.common.exception.AuthenticatorMgtServerException;
+import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
 import org.wso2.carbon.identity.application.common.model.UserDefinedLocalAuthenticatorConfig;
 
 import java.util.List;
@@ -53,6 +55,17 @@ UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(
             UserDefinedLocalAuthenticatorConfig updatedAuthenticatorConfig, int tenantId)
             throws AuthenticatorMgtException;
 
+    /**
+     *
+     * @param existingAuthenticatorConfig Existing Local application authenticator configuration.
+     * @param amrValue New local application authenticator configuration.
+     * @param tenantId Tenant Id.
+     * @return Updated LocalAuthenticatorConfig.
+     * @throws AuthenticatorMgtException If an error occurs while updating the authenticator configuration.
+     */
+    LocalAuthenticatorConfig updateSystemLocalAuthenticatorAmrValue(LocalAuthenticatorConfig existingAuthenticatorConfig,
+                                                                   LocalAuthenticatorConfig amrValue, int tenantId) throws AuthenticatorMgtException;
+
     /**
      * Retrieve a local user defined application authenticator configuration by name.
      *
@@ -64,6 +77,16 @@ UserDefinedLocalAuthenticatorConfig updateUserDefinedLocalAuthenticator(
     UserDefinedLocalAuthenticatorConfig getUserDefinedLocalAuthenticator(
             String authenticatorConfigName, int tenantId) throws AuthenticatorMgtException;
 
+    /**
+     *
+     * @param authenticatorConfigName  Name of the local application authenticator configuration.
+     * @param tenantId Tenant Id.
+     * @return Retrieved LocalAuthenticatorConfig.
+     * @throws AuthenticatorMgtException If an error occurs while retrieving the authenticator configuration.
+     */
+    LocalAuthenticatorConfig getSystemLocalAuthenticator(String authenticatorConfigName, int tenantId)
+            throws AuthenticatorMgtException;
+
     /**
      * Retrieve all user defined local application authenticator configurations.
      *
@@ -93,4 +116,14 @@ void deleteUserDefinedLocalAuthenticator(String authenticatorConfigName, UserDef
      * @throws AuthenticatorMgtException If an error occurs while checking the existence of the authenticator.
      */
     boolean isExistingAuthenticatorName(String authenticatorName, int tenantId) throws AuthenticatorMgtException;
+
+    /**
+     * Add a new system local authenticator configuration.
+     *
+     * @param authenticatorConfig   Local application authenticator configuration.
+     * @param tenantId              Tenant Id.
+     * @return Created LocalAuthenticatorConfig.
+     */
+    LocalAuthenticatorConfig addSystemLocalAuthenticator(LocalAuthenticatorConfig authenticatorConfig, int tenantId)
+            throws AuthenticatorMgtException;
 }