SSO - The user names in the SSO provider and in Kapua can be different.

[gbarbon]

Describe the bug

It is possible to add an external user in Kapua via REST API with a name that is not the same of the user name in the SSO provider. This should not be possible, since they should have the same name.

To Reproduce

Using the userCreate REST API (with the scopeId of the desired account, the externalId corresponding to the ID in the SSO provider and a name that do not correspond to the name of the same entity in the SSO provider), for instance:

{
  "scopeId": "...",
  "name": "not-my-name-in-sso",
  "userType": "EXTERNAL",
  "externalId" : "5726876c-...."
}

Expected behavior

It should be impossible to insert a user with a name that is different form the one in the SSO provider, and the POST should give an appropriate response code. However, I understand that this is something hard to check, because I suppose it implies also connecting to the SSO provider to check the existence of an entity with the same name.

Since issue #2760 aims to enable the creation of an external user in the Console, there should be the same check also for this procedure.

Screenshots

N/A

Version of Kapua 1.2.0-SNAPSHOT

Type of deployment [ ] Local Vagrant deployment [x] Docker [ ] Openshift (in its variants) [x] Others

Main component affected [ ] Console (in case of console please report info on which browser you encountered the problem) [x] REST API [ ] Message Broker [x] - Others

Additional context

This is related to PR #2754 "Refactoring of the SSO module".