Avoid federated users idp domain being dropped when email as username is not enabled. #804
Conversation
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/7794726432
RushanNanayakkara
force-pushed
the
fix-jit-username
branch
4 times, most recently
from
4820f2a to
ad8dee2
Compare
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/7828605015
...very/src/main/java/org/wso2/carbon/identity/recovery/signup/UserSelfRegistrationManager.java
Show resolved
Hide resolved
RushanNanayakkara
force-pushed
the
fix-jit-username
branch
from
ad8dee2 to
c33d7ff
Compare
RushanNanayakkara
force-pushed
the
fix-jit-username
branch
from
c33d7ff to
969c336
Compare
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/7868279668
Purpose
In the current implementation when a federated user is trying to provision through provisioning types other than silent provisioning, if the username locally exists after removing the domain from the remote idp username (eg: "foo" from "[email protected]"), it is identified as same username and an error is thrown. However this is incorrect since "foo" and "[email protected]" are two different usernames. This is due to when tenant aware username is generated, it removing the last domain after the domain separator symbol.
This PR fixes the issue by adding the tenant domain at the end of the federating user's name.
Related Issue
wso2/product-is#19294
Dependent PR
wso2/carbon-identity-framework#5468