From bb8d0f7751ad34ff602659474ca65371cd5433f8 Mon Sep 17 00:00:00 2001
From: SujanSanjula96 <sanjulasujan@gmail.com>
Date: Thu, 2 Jan 2025 14:34:46 +0530
Subject: [PATCH] Fix SAML name ID format inconsistency

---
 .../wso2/carbon/identity/sso/saml/SAMLSSOConstants.java    | 1 +
 .../carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
index 5657c8c5..e640e819 100644
--- a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
+++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/SAMLSSOConstants.java
@@ -71,6 +71,7 @@ public class SAMLSSOConstants {
     public static final String SAML_IDP_INIT_LOGOUT_RESPONSE_SIGNING_ENABLED = "SSOService.SAMLIdpInitLogoutResponseSigningEnabled";
     public static final String SAML_ASSERTION_ENCRYPT_WITH_APP_CERT = "SSOService.SAMLAssertionEncyptWithAppCert";
     public static final String SEPARATE_MULTI_ATTRS_FROM_IDPS_USING_ATTRIBUTE_SEPARATOR = "SSOService.SeparateMultiAttributesFromIdP";
+    public static final String SAML_RETURN_VALID_NAME_ID_FORMAT = "SSOService.ReturnValidNameIDFormat";
     public static final String START_SOAP_BINDING = "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">" +
             "<SOAP-ENV:Body>";
     public static final String END_SOAP_BINDING = "</SOAP-ENV:Body>" +
diff --git a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
index 59d8f595..cf47ffd7 100644
--- a/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
+++ b/components/org.wso2.carbon.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
@@ -35,6 +35,7 @@
 import org.wso2.carbon.identity.sp.metadata.saml2.exception.InvalidMetadataException;
 import org.wso2.carbon.identity.sp.metadata.saml2.util.Parser;
 import org.wso2.carbon.identity.sso.saml.Error;
+import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
 import org.wso2.carbon.identity.sso.saml.SSOServiceProviderConfigManager;
 import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderDTO;
 import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOServiceProviderInfoDTO;
@@ -695,7 +696,11 @@ public SAMLSSOServiceProviderInfoDTO getServiceProviders() throws IdentityExcept
                 if (providerDTO.getNameIDFormat() == null) {
                     providerDTO.setNameIDFormat(NameIdentifier.UNSPECIFIED);
                 }
-                providerDTO.setNameIDFormat(providerDTO.getNameIDFormat().replace(":", "/"));
+                boolean returnValidNameIDFormat = Boolean.parseBoolean(
+                        IdentityUtil.getProperty(SAMLSSOConstants.SAML_RETURN_VALID_NAME_ID_FORMAT));
+                if (!returnValidNameIDFormat) {
+                    providerDTO.setNameIDFormat(providerDTO.getNameIDFormat().replace(":", "/"));
+                }
 
                 providerDTO.setIdPInitSSOEnabled(providerDO.isIdPInitSSOEnabled());
                 providerDTO.setIdPInitSLOEnabled(providerDO.isIdPInitSLOEnabled());