OverrideUsernameClaimFromInternalUsername is hard-coded to true in user-mgt.xml.j2

Describe the issue: The OverrideUsernameClaimFromInternalUsername property was introduced some years ago to help "enable username claim retrieve from the UM_USER_NAME in JDBC datasources" [1] and remained hardcoded to true [2] with no other way of changing it than other in a custom UserStoreManager's constructor:

public CustomUserStoreManager(. . .) {
  super(. . .);
  realmConfig.setIsOverrideUsernameClaimFromInternalUsername("false");
}

When this property is enabled, it replaces the value for the username claim with the internal username [3], which in case of case-insensitive user stores, may vary from the true value stored in the database server as the Identity Server won't retrieve the username again if it was already provided on login [4]. Having this as false is crucial to retrieve the proper value of the username claim on JWT instead of using what was provided by the user.

How to reproduce: None.

Expected behaviour: Able to customise the value of OverrideUsernameClaimFromInternalUsername in the deployment.toml, as secondary user store managers have this false by default.

Environment information:

Product Version: IS 5.11.0

References: [1] https://github.com/wso2/carbon-kernel/blob/v4.6.1/distribution/kernel/carbon-home/repository/conf/user-mgt.xml#L27 [2] https://github.com/wso2/carbon-kernel/commit/e3e3bcc24eab5b9d4b45ea8e9832374b10acee81#diff-85b4eaefd7de0b005e45d18d427d9047cc914bd7b6ecc7c94cd9cfecae889006R28 [3] https://github.com/wso2/carbon-kernel/blob/v4.6.1/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java#L7765-L7771 [4] https://github.com/wso2/carbon-kernel/blob/v4.6.1/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/AbstractUserStoreManager.java#L12089-L12091

Optional Fields

Related issues:

wso2 / product-is

OverrideUsernameClaimFromInternalUsername is hard-coded to true in user-mgt.xml.j2 #16310

Optional Fields