fix issue 3083: check user_name claim type (#3084)

* Add test for issue 3083

* Fix: use same more robust method to get user_name

similar to other attributes

server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java

@@ -238,11 +238,11 @@ public AuthenticationData getExternalAuthenticationDetails(Authentication authen
 
             String userNameAttributePrefix = (String) attributeMappings.get(USER_NAME_ATTRIBUTE_NAME);
             String username;
-            if (StringUtils.hasText(userNameAttributePrefix)) {
-                username = (String) claims.get(userNameAttributePrefix);
+            if (hasText(userNameAttributePrefix)) {
+                username = getMappedClaim(userNameAttributePrefix, USER_NAME_ATTRIBUTE_NAME, claims);
                 logger.debug(String.format("Extracted username for claim: %s and username is: %s", userNameAttributePrefix, username));
             } else {
-                username = (String) claims.get(SUB);
+                username = getMappedClaim(null, SUB, claims);
                 logger.debug(String.format("Extracted username for claim: %s and username is: %s", SUB, username));
             }
             if (!hasText(username)) {
@@ -424,7 +424,7 @@ private String getMappedClaim(String externalName, String internalName, Map<Stri
             return (String) claimObject;
         }
         if (claimObject instanceof Collection) {
-            Set<String> entry = ((Collection<?>) claimObject).stream().map(String.class::cast).collect(Collectors.toSet());
+            Set<String> entry = ((Collection<?>) claimObject).stream().filter(String.class::isInstance).map(String.class::cast).collect(Collectors.toSet());
             if (entry.size() == 1 ) {
                 return entry.stream().collect(Collectors.toList()).get(0);
             } else if (entry.isEmpty()) {

server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java

@@ -44,6 +44,7 @@
 import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.*;
 import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.FAMILY_NAME_ATTRIBUTE_NAME;
 import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.GROUP_ATTRIBUTE_NAME;
+import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.USER_NAME_ATTRIBUTE_NAME;
 import static org.cloudfoundry.identity.uaa.util.UaaMapUtils.entry;
 import static org.cloudfoundry.identity.uaa.util.UaaMapUtils.map;
 import static org.cloudfoundry.identity.uaa.util.UaaStringUtils.DEFAULT_UAA_URL;
@@ -355,14 +356,15 @@ public void getUser_doesNotThrowWhenIdTokenMappingIsArray() {
     JWSSigner signer = new KeyInfo(OIDC_PROVIDER_KEY, oidcProviderTokenSigningKey, DEFAULT_UAA_URL).getSigner();
     Map<String, Object> claims = map(
         entry("external_family_name", Collections.emptyList()),
-        entry("external_given_name", Arrays.asList("bar", "bar")),
-        entry("external_email", "foo@bar.org"),
+        entry("external_given_name", List.of("bar", "bar")),
+        entry("external_email", List.of("foo@bar.org", "foo@bar.org")),
         entry(ISS, oidcConfig.getIssuer()),
         entry(AUD, "uaa-relying-party"),
         entry(EXPIRY_IN_SECONDS, ((int) (System.currentTimeMillis()/1000L)) + 60),
         entry(SUB, "abc-def-asdf")
     );
     Map<String, Object> externalGroupMapping = map(
+        entry(USER_NAME_ATTRIBUTE_NAME, "external_email"),
         entry(FAMILY_NAME_ATTRIBUTE_NAME, "external_family_name"),
         entry(ExternalIdentityProviderDefinition.GIVEN_NAME_ATTRIBUTE_NAME, "external_given_name"),
         entry(ExternalIdentityProviderDefinition.EMAIL_ATTRIBUTE_NAME, "external_email"),
@@ -379,6 +381,7 @@ public void getUser_doesNotThrowWhenIdTokenMappingIsArray() {
     assertNull(uaaUser.getFamilyName());
     assertEquals("bar", uaaUser.getGivenName());
     assertEquals("foo@bar.org", uaaUser.getEmail());
+    assertEquals("foo@bar.org", uaaUser.getUsername());
   }
 
     @Test