Improve JIT provisioning

Thisara-Welmilla · Dec 12, 2023 · 1421a24 · 1421a24
1 parent 2f11a90
commit 1421a24
Showing 1 changed file with 37 additions and 24 deletions.
diff --git a/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java
@@ -205,30 +205,7 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request
                     }
                     String username = getUsernameFederatedUser(stepConfig, sequenceConfig,
                             externalIdPConfigName, context, localClaimValues, externalIdPConfig);
-                    if (context.getProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED) != null) {
-                        username = request.getParameter(FrameworkConstants.USERNAME);
-                        try {
-                            /*
-                            Checks whether the provided user is already existing in the system. If so an exception
-                            will be thrown.
-                            */
-                            UserRealm realm = getUserRealm(context.getTenantDomain());
-                            UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP()
-                                    .getProvisioningUserStoreId(), realm, username);
-                            String sanitizedUserName = UserCoreUtil.removeDomainFromName(
-                                    MultitenantUtils.getTenantAwareUsername(username));
-                            if (userStoreManager.isExistingUser(sanitizedUserName)) {
-                                // Logging the error because the thrown exception is handled in the UI.
-                                log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - "
-                                        + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage());
-                                handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(),
-                                        "provided.username.already.exists", null);
-                            }
-                        } catch (UserStoreException e) {
-                            handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(),
-                                    "error.user.existence", e);
-                        }
-                    }
+                    isUsernameExists(context, username);
                     callDefaultProvisioningHandler(username, context, externalIdPConfig, combinedLocalClaims,
                             stepConfig);
                     handleConsents(request, stepConfig, context.getTenantDomain());
@@ -353,6 +330,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request,
                                 username, request);
                         // Set the property to make sure the request is a returning one.
                         context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true);
+                        if (!externalIdPConfig.isModifyUserNameAllowed()) {
+                            isUsernameExists(context, username);
+                        }
                         return PostAuthnHandlerFlowStatus.INCOMPLETE;
                     }
                     if (StringUtils.isEmpty(associatedLocalUser) && externalIdPConfig.isAssociateLocalUserEnabled()) {
@@ -428,6 +408,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request,
                                     localClaimValues.get(EMAIL_ADDRESS_CLAIM))) {
                         username = UserCoreUtil.addTenantDomainToEntry(username, context.getTenantDomain());
                     }
+                    if (StringUtils.isEmpty(associatedLocalUser)) {
+                        isUsernameExists(context, username);
+                    }
                     callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues,
                             stepConfig);
                 }
@@ -1159,4 +1142,34 @@ private String getUserStoreDomain(String provisioningUserStoreId, UserRealm real
         }
         return userStoreDomain;
     }
+
+    /**
+     * This method throws a PostAuthenticationFailedException if the provided username is already existing in the
+     * system.
+     *
+     * @param context   AuthenticationContext.
+     * @param username  Username of the federated user.
+     * @throws PostAuthenticationFailedException if the provided username already exists.
+     */
+    private void isUsernameExists(AuthenticationContext context, String username)
+            throws PostAuthenticationFailedException {
+
+        try {
+            UserRealm realm = getUserRealm(context.getTenantDomain());
+            UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP()
+                    .getProvisioningUserStoreId(), realm, username);
+            String sanitizedUserName = UserCoreUtil.removeDomainFromName(
+                    MultitenantUtils.getTenantAwareUsername(username));
+            if (userStoreManager.isExistingUser(sanitizedUserName)) {
+                // Logging the error because the thrown exception is handled in the UI.
+                log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - "
+                        + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage());
+                handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(),
+                        ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode(), null);
+            }
+        } catch (UserStoreException e) {
+            handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(),
+                    "error.user.existence", e);
+        }
+    }
 }