Improve username validation for JIT provision.

Thisara-Welmilla · Dec 13, 2023 · 5deb77a · 5deb77a
1 parent 2f11a90
commit 5deb77a
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 1 deletion.
diff --git a/...cation/authentication/framework/handler/provisioning/impl/DefaultProvisioningHandler.java b/...cation/authentication/framework/handler/provisioning/impl/DefaultProvisioningHandler.java
@@ -306,7 +306,9 @@ tobeDeleted claims (claims came from federated idp as null). If there is a match
                     need to write a provisioning handler extending the "DefaultProvisioningHandler".
                      */
                 UserCoreUtil.setSkipPasswordPatternValidationThreadLocal(true);
-                UserCoreUtil.setSkipUsernamePatternValidationThreadLocal(true);
+                if (FrameworkUtils.isSkipUsernamePatternValidation()) {
+                    UserCoreUtil.setSkipUsernamePatternValidationThreadLocal(true);
+                }
                 if (FrameworkUtils.isJITProvisionEnhancedFeatureEnabled()) {
                     setJitProvisionedSource(tenantDomain, idp, userClaims);
                 }

diff --git a/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java
@@ -2663,6 +2663,18 @@ public static String getUserNameProvisioningUIUrl() {
         return userNamePrvisioningUrl;
     }
 
+    /**
+     * To get the username provisioning url from the configuration file.
+     *
+     * @return relevant username provisioning url.
+     */
+    public static boolean isSkipUsernamePatternValidation() {
+
+        return Boolean.parseBoolean(
+                IdentityUtil.getProperty("JITProvisioning.SkipUsernamePatternValidation"));
+    }
+
+
     /**
      * This method is to provide flag about Adaptive authentication is availability.
      *

diff --git a/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -1766,6 +1766,7 @@
     <JITProvisioning>
         <UserNameProvisioningUI>{{authentication.jit_provisioning.username_provisioning_url}}</UserNameProvisioningUI>
         <PasswordProvisioningUI>{{authentication.jit_provisioning.password_provisioning_url}}</PasswordProvisioningUI>
+        <SkipUsernamePatternValidation>{{authentication.jit_provisioning.skip_username_pattern_validation}}</SkipUsernamePatternValidation>
         <EnableEnhancedFeature>{{authentication.jit_provisioning.enable_enhanced_feature}}</EnableEnhancedFeature>
         <!-- Claims which must not delete during the syncing process of existing claim mappings with IDP claim mappings
         for JIT provisioned user. -->

diff --git a/...y.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/...y.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
@@ -497,6 +497,7 @@
   "authentication_policy.check_account_exist": true,
   "authentication.jit_provisioning.username_provisioning_url": "/accountrecoveryendpoint/register.do",
   "authentication.jit_provisioning.password_provisioning_url": "/accountrecoveryendpoint/signup.do",
+  "authentication.jit_provisioning.skip_username_pattern_validation": false,
   "authentication.jit_provisioning.enable_enhanced_feature": false,
 
   "application_mgt.enable_role_validation": false,