diff --git a/apps/recovery-portal/src/main/webapp/self-registration-with-verification.jsp b/apps/recovery-portal/src/main/webapp/self-registration-with-verification.jsp index 452998ab557..32a0dfe0306 100644 --- a/apps/recovery-portal/src/main/webapp/self-registration-with-verification.jsp +++ b/apps/recovery-portal/src/main/webapp/self-registration-with-verification.jsp @@ -22,7 +22,8 @@ <%@ page import="org.apache.commons.lang.ArrayUtils" %> <%@ page import="org.apache.commons.lang.StringUtils" %> <%@ page import="org.owasp.encoder.Encode" %> -<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.Constants" %> +<%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.Constants" % +<%@ page import="org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils" %> <%@ page import="org.wso2.carbon.identity.captcha.util.CaptchaUtil" %> <%@ page import="org.wso2.carbon.identity.mgt.constants.SelfRegistrationStatusCodes" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %> @@ -37,6 +38,7 @@ <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.Claim" %> <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.User" %> <%@ page import="org.wso2.carbon.identity.core.util.IdentityTenantUtil" %> +<%@ page import="org.wso2.carbon.utils.multitenancy.MultitenantConstants" %> <%@ page import="org.wso2.carbon.utils.multitenancy.MultitenantUtils" %> <%@ page import="java.io.File" %> <%@ page import="java.util.Arrays" %> @@ -62,6 +64,7 @@ String username = request.getParameter("username"); String consentPurposeGroupName = "SELF-SIGNUP"; String consentPurposeGroupType = "SYSTEM"; + String JIT = "JIT"; String[] missingClaimList = new String[0]; String[] missingClaimDisplayName = new String[0]; Map uniquePIIs = null; @@ -84,10 +87,22 @@ } } User user = IdentityManagementServiceUtil.getInstance().resolveUser(username, tenantDomain, isSaaSApp); - if (skipSignUpEnableCheck) { - consentPurposeGroupName = "JIT"; + consentPurposeGroupName = JIT; + } + String tenantQualifiedUsername = username; + /** + * When using the email as a username is not enabled and allowing email usernames in addition to non-email + * usernames is enabled during JIT provisioning and if the username contains the tenant domain separator once + * and the tenant domain is not null, the tenant domain will be appended to the username. + */ + if (!MultitenantUtils.isEmailUserName() && FrameworkUtils.retainEmailDomainOnProvisioning() && + consentPurposeGroupName == JIT && username.contains(IdentityManagementEndpointConstants.TENANT_DOMAIN_SEPARATOR) && tenantDomain != null) { + if (username.split(IdentityManagementEndpointConstants.TENANT_DOMAIN_SEPARATOR).length == 2) { + tenantQualifiedUsername = username + IdentityManagementEndpointConstants.TENANT_DOMAIN_SEPARATOR + tenantDomain; + } } + User user = IdentityManagementServiceUtil.getInstance().resolveUser(tenantQualifiedUsername, tenantDomain, isSaaSApp); if (StringUtils.isEmpty(username)) { request.setAttribute("error", true); request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, "Pick.username"));