add a config to autofill the username with subject attribute while ji…

…t provisioning
wso2 · Dec 19, 2024 · 11e0128 · 11e0128
1 parent c5817a8
commit 11e0128
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 0 deletions.
diff --git a/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java b/...thentication/framework/handler/request/impl/JITProvisioningPostAuthenticationHandler.java
@@ -694,6 +694,10 @@ private void redirectToAccountCreateUI(ExternalIdPConfig externalIdPConfig, Auth
             uriBuilder.addParameter(FrameworkConstants.SERVICE_PROVIDER, context.getSequenceConfig()
                     .getApplicationConfig().getApplicationName());
             uriBuilder.addParameter(FrameworkConstants.USERNAME, username);
+            if (!externalIdPConfig.isModifyUserNameAllowed() || (externalIdPConfig.isModifyUserNameAllowed() &&
+                    FrameworkUtils.isUsernameFieldAutofillWithSubjectAttr())) {
+                uriBuilder.addParameter(FrameworkConstants.USERNAME, username);
+            }
             uriBuilder.addParameter(FrameworkConstants.SKIP_SIGN_UP_ENABLE_CHECK, String.valueOf(true));
             uriBuilder.addParameter(FrameworkConstants.SESSION_DATA_KEY, context.getContextIdentifier());
             addMissingClaims(uriBuilder, context);

diff --git a/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java b/...va/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java
@@ -3014,6 +3014,19 @@ public static String getUserNameProvisioningUIUrl() {
         return userNamePrvisioningUrl;
     }
 
+    /**
+     * Checks if the username field should be autofilled with the subject attribute
+     * during Just-In-Time (JIT) provisioning with prompt for username, password, and consent.
+     *
+     * @return true if the username field should be autofilled with the
+     * subject attribute; false otherwise.
+     */
+    public static boolean isUsernameFieldAutofillWithSubjectAttr() {
+
+        return Boolean.parseBoolean(
+                IdentityUtil.getProperty("JITProvisioning.AutofillUsernameFieldWithSubjectAttribute"));
+    }
+
     /**
      * This method determines whether username pattern validation should be skipped for JIT provisioning users based
      * on the configuration file.

diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml
@@ -1237,6 +1237,7 @@
 
     <JITProvisioning>
         <UserNameProvisioningUI>/accountrecoveryendpoint/register.do</UserNameProvisioningUI>
+        <AutofillUsernameFieldWithSubjectAttribute>true</AutofillUsernameFieldWithSubjectAttribute>
         <PasswordProvisioningUI>/accountrecoveryendpoint/signup.do</PasswordProvisioningUI>
         <FailAuthnOnProvisionFailure>false</FailAuthnOnProvisionFailure>
         <EnableEnhancedFeature>false</EnableEnhancedFeature>

diff --git a/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2 b/...ures/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2
@@ -2018,6 +2018,7 @@
 
     <JITProvisioning>
         <UserNameProvisioningUI>{{authentication.jit_provisioning.username_provisioning_url}}</UserNameProvisioningUI>
+        <AutofillUsernameFieldWithSubjectAttribute>{{authentication.jit_provisioning.autofill_username_field_with_subject_attribute}}</AutofillUsernameFieldWithSubjectAttribute>
         <PasswordProvisioningUI>{{authentication.jit_provisioning.password_provisioning_url}}</PasswordProvisioningUI>
         <FailAuthnOnProvisionFailure>{{authentication.jit_provisioning.fail_authn_on_provision_failure}}</FailAuthnOnProvisionFailure>
         <SkipUsernamePatternValidation>{{authentication.jit_provisioning.skip_username_pattern_validation}}</SkipUsernamePatternValidation>

diff --git a/...y.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json b/...y.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json
@@ -526,6 +526,7 @@
 
   "authentication_policy.check_account_exist": true,
   "authentication.jit_provisioning.username_provisioning_url": "/accountrecoveryendpoint/register.do",
+  "authentication.jit_provisioning.autofill_username_field_with_subject_attribute": true,
   "authentication.jit_provisioning.password_provisioning_url": "/accountrecoveryendpoint/signup.do",
   "authentication.jit_provisioning.skip_username_pattern_validation": false,
   "authentication.jit_provisioning.fail_authn_on_provision_failure": false,