diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java index c34c25a0c511..ed270413aad8 100644 --- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java +++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java @@ -205,30 +205,7 @@ private PostAuthnHandlerFlowStatus handleResponseFlow(HttpServletRequest request } String username = getUsernameFederatedUser(stepConfig, sequenceConfig, externalIdPConfigName, context, localClaimValues, externalIdPConfig); - if (context.getProperty(FrameworkConstants.CHANGING_USERNAME_ALLOWED) != null) { - username = request.getParameter(FrameworkConstants.USERNAME); - try { - /* - Checks whether the provided user is already existing in the system. If so an exception - will be thrown. - */ - UserRealm realm = getUserRealm(context.getTenantDomain()); - UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP() - .getProvisioningUserStoreId(), realm, username); - String sanitizedUserName = UserCoreUtil.removeDomainFromName( - MultitenantUtils.getTenantAwareUsername(username)); - if (userStoreManager.isExistingUser(sanitizedUserName)) { - // Logging the error because the thrown exception is handled in the UI. - log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - " - + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage()); - handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(), - "provided.username.already.exists", null); - } - } catch (UserStoreException e) { - handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(), - "error.user.existence", e); - } - } + isUsernameExists(context, username); callDefaultProvisioningHandler(username, context, externalIdPConfig, combinedLocalClaims, stepConfig); handleConsents(request, stepConfig, context.getTenantDomain()); @@ -353,6 +330,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, username, request); // Set the property to make sure the request is a returning one. context.setProperty(FrameworkConstants.PASSWORD_PROVISION_REDIRECTION_TRIGGERED, true); + if (!externalIdPConfig.isModifyUserNameAllowed()) { + isUsernameExists(context, username); + } return PostAuthnHandlerFlowStatus.INCOMPLETE; } if (StringUtils.isEmpty(associatedLocalUser) && externalIdPConfig.isAssociateLocalUserEnabled()) { @@ -428,6 +408,9 @@ private PostAuthnHandlerFlowStatus handleRequestFlow(HttpServletRequest request, localClaimValues.get(EMAIL_ADDRESS_CLAIM))) { username = UserCoreUtil.addTenantDomainToEntry(username, context.getTenantDomain()); } + if (StringUtils.isEmpty(associatedLocalUser)) { + isUsernameExists(context, username); + } callDefaultProvisioningHandler(username, context, externalIdPConfig, localClaimValues, stepConfig); } @@ -1159,4 +1142,34 @@ private String getUserStoreDomain(String provisioningUserStoreId, UserRealm real } return userStoreDomain; } + + /** + * This method throws a PostAuthenticationFailedException if the provided username is already existing in the + * system. + * + * @param context AuthenticationContext. + * @param username Username of the federated user. + * @throws PostAuthenticationFailedException if the provided username already exists. + */ + private void isUsernameExists(AuthenticationContext context, String username) + throws PostAuthenticationFailedException { + + try { + UserRealm realm = getUserRealm(context.getTenantDomain()); + UserStoreManager userStoreManager = getUserStoreManager(context.getExternalIdP() + .getProvisioningUserStoreId(), realm, username); + String sanitizedUserName = UserCoreUtil.removeDomainFromName( + MultitenantUtils.getTenantAwareUsername(username)); + if (userStoreManager.isExistingUser(sanitizedUserName)) { + // Logging the error because the thrown exception is handled in the UI. + log.error(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode() + " - " + + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage()); + handleExceptions(ErrorMessages.USER_ALREADY_EXISTS_ERROR.getMessage(), + ErrorMessages.USER_ALREADY_EXISTS_ERROR.getCode(), null); + } + } catch (UserStoreException e) { + handleExceptions(ErrorMessages.ERROR_WHILE_CHECKING_USERNAME_EXISTENCE.getMessage(), + "error.user.existence", e); + } + } }