Lowercase username and email when fetching values from LDAP object

Closes #43254

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPUtils.java

@@ -27,6 +27,7 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 import java.util.TimeZone;
 import java.util.function.Consumer;
@@ -185,7 +186,7 @@ public class LDAPUtils {
                     config.getUsernameLdapAttribute() + ", user DN: " + ldapUser.getDn() + ", attributes from LDAP: " + ldapUser.getAttributes());
         }
 
-        return ldapUsername;
+        return Optional.of(ldapUsername).map(String::toLowerCase).orElse(null);
     }
 
     public static void checkUuid(LDAPObject ldapUser, LDAPConfig config) {

federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/UserAttributeLDAPStorageMapper.java

@@ -17,6 +17,8 @@
 
 package org.keycloak.storage.ldap.mappers;
 
+import static java.util.Optional.ofNullable;
+
 import org.jboss.logging.Logger;
 import org.keycloak.component.ComponentModel;
 import org.keycloak.models.KeycloakSession;
@@ -46,6 +48,7 @@ import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -293,7 +296,9 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
                 @Override
                 public String getUsername() {
                     if (UserModel.USERNAME.equals(userModelAttrName)) {
-                        return ldapUser.getAttributeAsString(ldapAttrName);
+                        return ofNullable(ldapUser.getAttributeAsString(ldapAttrName))
+                                .map(String::toLowerCase)
+                                .orElse(null);
                     }
                     return super.getUsername();
                 }
@@ -301,7 +306,9 @@ public class UserAttributeLDAPStorageMapper extends AbstractLDAPStorageMapper {
                 @Override
                 public String getEmail() {
                     if (UserModel.EMAIL.equals(userModelAttrName)) {
-                        return ldapUser.getAttributeAsString(ldapAttrName);
+                        return ofNullable(ldapUser.getAttributeAsString(ldapAttrName))
+                                .map(String::toLowerCase)
+                                .orElse(null);
                     }
                     return super.getEmail();
                 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java

@@ -457,6 +457,19 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
         Assert.assertEquals("jbrown5@email.org", user5.getEmail());
     }
 
+    @Test
+    public void testUsernameAndEmailInLowerCaseFromLDAP() {
+        testingClient.server().run(session -> {
+            LDAPTestContext ctx = LDAPTestContext.init(session);
+            LDAPObject ldapObject = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "JBrown9", "John", "Brown9", "JBrown9@Email.org", null, "1234");
+            LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), ldapObject, "Password1");
+            UserModel model = session.users().searchForUserStream(ctx.getRealm(), Map.of(UserModel.USERNAME, "JBrown9")).findAny().orElse(null);
+            Assert.assertNotNull(model);
+            assertEquals("jbrown9", model.getUsername());
+            assertEquals("jbrown9@email.org", model.getEmail());
+        });
+    }
+
     @Test
     public void deleteFederationLink() throws Exception {
         // KEYCLOAK-4789: Login in client, which requires consent