Fix #34400: allow to use NameID as SAML username

Author: LEDfan

src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/ResponseAuthenticationConverter.java

@@ -39,6 +39,7 @@
 import java.util.stream.Collectors;
 
 import static eu.openanalytics.containerproxy.auth.impl.saml.SAMLConfiguration.DEFAULT_NAME_ATTRIBUTE;
+import static eu.openanalytics.containerproxy.auth.impl.saml.SAMLConfiguration.NAME_ATTRIBUTE_NAME_ID_VALUE;
 import static eu.openanalytics.containerproxy.auth.impl.saml.SAMLConfiguration.PROP_LOG_ATTRIBUTES;
 import static eu.openanalytics.containerproxy.auth.impl.saml.SAMLConfiguration.PROP_NAME_ATTRIBUTE;
 import static eu.openanalytics.containerproxy.auth.impl.saml.SAMLConfiguration.PROP_ROLES_ATTRIBUTE;
@@ -75,7 +76,13 @@ public AbstractAuthenticationToken convert(@Nonnull OpenSaml4AuthenticationProvi
             logAttributes(principal);
         }
 
-        Optional<String> nameValue = getSingleAttributeValue(principal, nameAttribute);
+        Optional<String> nameValue;
+        if (nameAttribute.equalsIgnoreCase(NAME_ATTRIBUTE_NAME_ID_VALUE)) {
+            nameValue = Optional.ofNullable(nameId);
+        } else {
+            nameValue = getSingleAttributeValue(principal, nameAttribute);
+        }
+
         if (nameValue.isEmpty()) {
             throw new UsernameNotFoundException(String.format("[SAML] User: \"%s\" => name attribute missing from SAML assertion", nameId));
         }

src/main/java/eu/openanalytics/containerproxy/auth/impl/saml/SAMLConfiguration.java

@@ -61,6 +61,7 @@
 public class SAMLConfiguration {
 
     public static final String DEFAULT_NAME_ATTRIBUTE = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";
+    public static final String NAME_ATTRIBUTE_NAME_ID_VALUE = "https://shinyproxy.io/nameid";
 
     public static final String PROP_LOG_ATTRIBUTES = "proxy.saml.log-attributes";
     public static final String PROP_FORCE_AUTHN = "proxy.saml.force-authn";