It doesnt allow to login to myaccount when multiattribute login is enabled and optional field claim set is kept empty

[ShanikaWickramasinghe]

How to reproduce:

1. Enable multiattribute login from resident identity provider
2. Keep the attribute claim as http://wso2.org/claims/username in the Allowed Attribute Claim List
3. Access myaccount and try to login as admin:admin
4. It wont allow the admin user to login
5. Come back for management console resident IDP > multi attribute login > enable multi attribute login and keep the claim set as empty ( as this is given as a optional field)
6. Access my account try to login as admin:admin
   7.It wont allow the admin user to login

Untitled_.Mar.20.2022.2_35.PM.mp4

Expected Behavior

If the user is allowed to keep the claim set as empty even though multi attribute login is enabled (as claim set is a optional field) there is a chance for a user to try these negative flows. We need to handle these flows with proper restrictions for the user if that flow is not allowed.

Suggestion - We should improve here as if the multi attribute login is enabled then the claim set field needs to become a mandatory field
In console claim set is a mandatory field. Suggesting to do the same for the management console

Environment
IS 5.12.0 alpha 16
h2/default

[AnuradhaSK]

• In governance connector property updates it's hard to mandate/validate property inputs. None of the governance properties are validated when updating via mgt console.

In Beta console app also, we have a UI validation only. Even the multi attribute login is enabled/disabled allowed claim list is mandatory. This need to be fixed in UI side.

• Currently under Multi-attribute login, If allowed claim attribute list is empty, and Enable Multi-attribute login is ticketed users even can't log into apps using username. (only in the default pack)
• If the allowed claim list is empty Username claim is set by default https://github.com/wso2-extensions/identity-governance/blob/68e3f2d5e246b6a75f48e314ee1019230c662b55/components/org.wso2.carbon.identity.multi.attribute.login/org.wso2.carbon.identity.multi.attribute.login.service/src/main/java/org/wso2/carbon/identity/multi/attribute/login/service/MultiAttributeLoginServiceServiceImpl.java#L86-L87
• But in the default pack we don't have a configured regex for username. If username has a regex, this case works.
• As the solution, now we resolve user if allowed attributes has only the username claim, but username claim has no configured regex pattern.
• Fix: Process resolveUser and authenticateWithIdentifier if username is the only allowed claim and no claim regex is configured wso2-extensions/identity-governance#580