Fix pre process username method when input validation enabled

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java

@@ -193,7 +193,9 @@
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.ORG_WISE_MULTI_ATTRIBUTE_SEPARATOR_ENABLED;
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.ORG_WISE_MULTI_ATTRIBUTE_SEPARATOR_RESOURCE_NAME;
 import static org.wso2.carbon.identity.core.util.IdentityCoreConstants.ORG_WISE_MULTI_ATTRIBUTE_SEPARATOR_RESOURCE_TYPE;
+import static org.wso2.carbon.identity.core.util.IdentityTenantUtil.isAppendTenantDomainWithUserName;
 import static org.wso2.carbon.identity.core.util.IdentityTenantUtil.isLegacySaaSAuthenticationEnabled;
+import static org.wso2.carbon.identity.core.util.IdentityTenantUtil.isTenantQualifiedUrlsEnabled;
 import static org.wso2.carbon.identity.core.util.IdentityUtil.getLocalGroupsClaimURI;
 
 /**
@@ -3068,6 +3070,9 @@ public static String preprocessUsername(String username, AuthenticationContext c
                 return username;
             }
             return username + "@" + context.getUserTenantDomain();
+        } else if (isTenantQualifiedUrlsEnabled() && isAppendTenantDomainWithUserName()) {
+            // This will be a user with tenant domain as email domain.
+            return username + "@" + context.getUserTenantDomain();
         }
         return username;
     }
@@ -3100,6 +3105,9 @@ public static String preprocessUsername(String username, ServiceProvider service
                 return username;
             }
             return username + "@" + appTenantDomain;
+        } else if (isTenantQualifiedUrlsEnabled() && isAppendTenantDomainWithUserName()) {
+            // This will be a user with tenant domain as email domain.
+            return username + "@" + appTenantDomain;
         }
         return username;
     }

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityCoreConstants.java

@@ -36,6 +36,9 @@ public class IdentityCoreConstants {
 
     public static final String TENANT_NAME_FROM_CONTEXT = "TenantNameFromContext";
     public static final String ENABLE_TENANT_QUALIFIED_URLS = "EnableTenantQualifiedUrls";
+    public static final String APPEND_TENANT_DOMAIN_IN_USERNAME_PREPROCESSING
+            = "AppendTenantDomainInUserNamePreprocessing";
+
     public static final String ENABLE_TENANTED_SESSIONS = "EnableTenantedSessions";
     public static final String PROXY_CONTEXT_PATH = "ProxyContextPath";
     public static final int DEFAULT_HTTPS_PORT = 443;

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/util/IdentityTenantUtil.java

@@ -412,6 +412,17 @@ public static boolean isTenantQualifiedUrlsEnabled() {
         return Boolean.parseBoolean(IdentityUtil.getProperty(IdentityCoreConstants.ENABLE_TENANT_QUALIFIED_URLS));
     }
 
+    /**
+     * Checks whether to add tenant domain when preprocessing UserNames.
+     *
+     * @return true if the config is set to true, false otherwise.
+     */
+    public static boolean isAppendTenantDomainWithUserName() {
+
+        return Boolean.parseBoolean(IdentityUtil.getProperty
+                (IdentityCoreConstants.APPEND_TENANT_DOMAIN_IN_USERNAME_PREPROCESSING));
+    }
+
 
     /**
      * Checks if the tenanted session support is enabled.

components/input-validation-mgt/org.wso2.carbon.identity.input.validation.mgt/src/main/java/org/wso2/carbon/identity/input/validation/mgt/userinfo/UserInfoHandlerImpl.java

@@ -62,13 +62,8 @@ public String getTenantAwareUsername(String username) {
 
         // Check if the tenant domain matches the email domain
         if (tenantDomain.equalsIgnoreCase(emailDomain)) {
-            boolean isEmailTypeUserName = isEmailAsUserName(tenantDomain);
             int lastAtSymbolIndex = username.lastIndexOf('@');
-
-            // If it's not an email type username or there are multiple '@' symbols, return the modified username
-            if (!isEmailTypeUserName || username.indexOf('@') != lastAtSymbolIndex) {
-                return username.substring(0, lastAtSymbolIndex);
-            }
+            return username.substring(0, lastAtSymbolIndex);
         }
         // Return the username as is
         return username;

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2

@@ -3234,6 +3234,12 @@
     -->
     <EnableLegacySaaSAuthentication>{{authentication.enable_legacy_saas_mode | default(false)}}</EnableLegacySaaSAuthentication>
 
+    <!--
+        When this property is set to 'true', in user name preprocessing method tenant domain will be added for the email
+        type user names which have tenant domain as email domain.
+    -->
+    <AppendTenantDomainInUserNamePreprocessing>{{authentication.append_tenant_domain_with_user_name | default(false)}}</AppendTenantDomainInUserNamePreprocessing>
+
     <EnablePerUserFunctionalityLocking>{{user.enable_per_user_functionality_locking}}</EnablePerUserFunctionalityLocking>
 
     <TenantContextsToRewrite>