OAuth error from IdP if mapped claim is no string

[strehle]

What version of UAA are you running?

75.18.0, develop UAA

How are you deploying the UAA?

I am deploying the UAA

• locally only using gradlew

Created oauth provider in uaa.yml to forward authentication requests to another OIDC provider.
The received id_token is mapped to UAA user.

What did you do?

Exception

There was an error when authenticating against the external identity provider: class java.util.ArrayList cannot be cast to class java.lang.String (java.util.ArrayList and java.lang.String are in module java.base of loader 'bootstrap')

e.g.

What did you expect to see? What goal are you trying to achieve with the UAA?

Error handling which describes the problem.

What did you see instead?

Error stack from uaa log
[2022-04-04T11:21:01.081495Z] uaa - 1045980 [http-nio-8080-exec-6] .... ERROR --- ExternalOAuthAuthenticationFilter: ExternalOAuth Authentication exception
org.springframework.security.authentication.InsufficientAuthenticationException: Unable to map email claim
at org.cloudfoundry.identity.uaa.provider.oauth.ExternalOAuthAuthenticationManager.getUser(ExternalOAuthAuthenticationManager.java:358) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.cloudfoundry.identity.uaa.provider.oauth.ExternalOAuthAuthenticationManager.getUser(ExternalOAuthAuthenticationManager.java:105) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager.authenticate(ExternalLoginAuthenticationManager.java:119) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.cloudfoundry.identity.uaa.provider.oauth.ExternalOAuthAuthenticationFilter.authenticationWasSuccessful(ExternalOAuthAuthenticationFilter.java:111) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.cloudfoundry.identity.uaa.provider.oauth.ExternalOAuthAuthenticationFilter.doFilter(ExternalOAuthAuthenticationFilter.java:65) ~[cloudfoundry-identity-server-0.0.0.jar:?]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.6.2.jar:5.6.2]
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.6.2.jar:5.6.2]

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/181771375

The labels on this github issue will be updated when the story is started.