diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java index 8bf2c85b2f0..d705e1aef40 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java @@ -238,11 +238,11 @@ public AuthenticationData getExternalAuthenticationDetails(Authentication authen String userNameAttributePrefix = (String) attributeMappings.get(USER_NAME_ATTRIBUTE_NAME); String username; - if (StringUtils.hasText(userNameAttributePrefix)) { - username = (String) claims.get(userNameAttributePrefix); + if (hasText(userNameAttributePrefix)) { + username = getMappedClaim(userNameAttributePrefix, USER_NAME_ATTRIBUTE_NAME, claims); logger.debug(String.format("Extracted username for claim: %s and username is: %s", userNameAttributePrefix, username)); } else { - username = (String) claims.get(SUB); + username = getMappedClaim(null, SUB, claims); logger.debug(String.format("Extracted username for claim: %s and username is: %s", SUB, username)); } if (!hasText(username)) { @@ -424,7 +424,7 @@ private String getMappedClaim(String externalName, String internalName, Map entry = ((Collection) claimObject).stream().map(String.class::cast).collect(Collectors.toSet()); + Set entry = ((Collection) claimObject).stream().filter(String.class::isInstance).map(String.class::cast).collect(Collectors.toSet()); if (entry.size() == 1 ) { return entry.stream().collect(Collectors.toList()).get(0); } else if (entry.isEmpty()) { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java index cca68f4e86a..0b094c13811 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManagerTest.java @@ -44,6 +44,7 @@ import static org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants.*; import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.FAMILY_NAME_ATTRIBUTE_NAME; import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.GROUP_ATTRIBUTE_NAME; +import static org.cloudfoundry.identity.uaa.provider.ExternalIdentityProviderDefinition.USER_NAME_ATTRIBUTE_NAME; import static org.cloudfoundry.identity.uaa.util.UaaMapUtils.entry; import static org.cloudfoundry.identity.uaa.util.UaaMapUtils.map; import static org.cloudfoundry.identity.uaa.util.UaaStringUtils.DEFAULT_UAA_URL; @@ -355,14 +356,15 @@ public void getUser_doesNotThrowWhenIdTokenMappingIsArray() { JWSSigner signer = new KeyInfo(OIDC_PROVIDER_KEY, oidcProviderTokenSigningKey, DEFAULT_UAA_URL).getSigner(); Map claims = map( entry("external_family_name", Collections.emptyList()), - entry("external_given_name", Arrays.asList("bar", "bar")), - entry("external_email", "foo@bar.org"), + entry("external_given_name", List.of("bar", "bar")), + entry("external_email", List.of("foo@bar.org", "foo@bar.org")), entry(ISS, oidcConfig.getIssuer()), entry(AUD, "uaa-relying-party"), entry(EXPIRY_IN_SECONDS, ((int) (System.currentTimeMillis()/1000L)) + 60), entry(SUB, "abc-def-asdf") ); Map externalGroupMapping = map( + entry(USER_NAME_ATTRIBUTE_NAME, "external_email"), entry(FAMILY_NAME_ATTRIBUTE_NAME, "external_family_name"), entry(ExternalIdentityProviderDefinition.GIVEN_NAME_ATTRIBUTE_NAME, "external_given_name"), entry(ExternalIdentityProviderDefinition.EMAIL_ATTRIBUTE_NAME, "external_email"), @@ -379,6 +381,7 @@ public void getUser_doesNotThrowWhenIdTokenMappingIsArray() { assertNull(uaaUser.getFamilyName()); assertEquals("bar", uaaUser.getGivenName()); assertEquals("foo@bar.org", uaaUser.getEmail()); + assertEquals("foo@bar.org", uaaUser.getUsername()); } @Test