Fix SAML name ID format inconsistency

wso2-extensions · Jan 2, 2025 · bb8d0f7 · bb8d0f7
1 parent 8ab8362
commit bb8d0f7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/...n.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java b/...n.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
@@ -71,6 +71,7 @@ public class SAMLSSOConstants {
     public static final String SAML_IDP_INIT_LOGOUT_RESPONSE_SIGNING_ENABLED = "SSOService.SAMLIdpInitLogoutResponseSigningEnabled";
     public static final String SAML_ASSERTION_ENCRYPT_WITH_APP_CERT = "SSOService.SAMLAssertionEncyptWithAppCert";
     public static final String SEPARATE_MULTI_ATTRS_FROM_IDPS_USING_ATTRIBUTE_SEPARATOR = "SSOService.SeparateMultiAttributesFromIdP";
+    public static final String SAML_RETURN_VALID_NAME_ID_FORMAT = "SSOService.ReturnValidNameIDFormat";
     public static final String START_SOAP_BINDING = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
             "<SOAP-ENV:Body>";
     public static final String END_SOAP_BINDING = "</SOAP-ENV:Body>" +

diff --git a/...ty.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java b/...ty.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
@@ -35,6 +35,7 @@
 import org.wso2.carbon.identity.sp.metadata.saml2.exception.InvalidMetadataException;
 import org.wso2.carbon.identity.sp.metadata.saml2.util.Parser;
 import org.wso2.carbon.identity.sso.saml.Error;
+import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
 import org.wso2.carbon.identity.sso.saml.SSOServiceProviderConfigManager;
 import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
 import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderInfoDTO;
@@ -695,7 +696,11 @@ public SAMLSSOServiceProviderInfoDTO getServiceProviders() throws IdentityExcept
                 if (providerDTO.getNameIDFormat() == null) {
                     providerDTO.setNameIDFormat(NameIdentifier.UNSPECIFIED);
                 }
-                providerDTO.setNameIDFormat(providerDTO.getNameIDFormat().replace(":", "/"));
+                boolean returnValidNameIDFormat = Boolean.parseBoolean(
+                        IdentityUtil.getProperty(SAMLSSOConstants.SAML_RETURN_VALID_NAME_ID_FORMAT));
+                if (!returnValidNameIDFormat) {
+                    providerDTO.setNameIDFormat(providerDTO.getNameIDFormat().replace(":", "/"));
+                }
 
                 providerDTO.setIdPInitSSOEnabled(providerDO.isIdPInitSSOEnabled());
                 providerDTO.setIdPInitSLOEnabled(providerDO.isIdPInitSLOEnabled());