Allow managing the username idn homograph validator

Closes #13346

services/src/main/java/org/keycloak/userprofile/AbstractUserProfileProvider.java

@@ -328,7 +328,6 @@ public abstract class AbstractUserProfileProvider<U extends UserProfileProvider>
                 AbstractUserProfileProvider::editUsernameCondition,
                 AbstractUserProfileProvider::readUsernameCondition,
                 new AttributeValidatorMetadata(UsernameHasValueValidator.ID),
-                new AttributeValidatorMetadata(UsernameIDNHomographValidator.ID),
                 new AttributeValidatorMetadata(DuplicateUsernameValidator.ID),
                 new AttributeValidatorMetadata(UsernameMutationValidator.ID)).setAttributeDisplayName("${username}");
 

services/src/main/resources/org/keycloak/userprofile/config/keycloak-default-user-profile.json

@@ -9,7 +9,8 @@
 			},
 			"validations": {
 				"length": { "min": 3, "max": 255 },
-				"username-prohibited-characters": {}
+				"username-prohibited-characters": {},
+				"up-username-not-idn-homograph": {}
 			}
 		},
 		{

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/user/profile/UserProfileTest.java

@@ -30,6 +30,7 @@ import static org.junit.Assert.fail;
 import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_ADMIN;
 import static org.keycloak.userprofile.config.UPConfigUtils.ROLE_USER;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -68,6 +69,7 @@ import org.keycloak.userprofile.UserProfileContext;
 import org.keycloak.userprofile.UserProfileProvider;
 import org.keycloak.userprofile.ValidationException;
 import org.keycloak.userprofile.config.UPConfigUtils;
+import org.keycloak.userprofile.validator.UsernameIDNHomographValidator;
 import org.keycloak.util.JsonSerialization;
 import org.keycloak.validate.ValidationError;
 import org.keycloak.validate.validators.EmailValidator;
@@ -875,6 +877,49 @@ public class UserProfileTest extends AbstractUserProfileTest {
         profile.validate();
     }
 
+    @Test
+    public void testRemoveDefaultValidationFromUsername() {
+        getTestingClient().server(TEST_REALM_NAME).run((RunOnServer) UserProfileTest::testRemoveDefaultValidationFromUsername);
+    }
+
+    private static void testRemoveDefaultValidationFromUsername(KeycloakSession session) throws IOException {
+        DeclarativeUserProfileProvider provider = getDynamicUserProfileProvider(session);
+
+        // reset configuration to default
+        provider.setConfiguration(null);
+
+        Map<String, Object> attributes = new HashMap<>();
+
+        attributes.put(UserModel.USERNAME, "你好世界");
+        attributes.put(UserModel.EMAIL, "test@keycloak.org");
+        attributes.put(UserModel.FIRST_NAME, "Foo");
+        attributes.put(UserModel.LAST_NAME, "Bar");
+
+        UserProfile profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
+
+        try {
+            profile.validate();
+            fail("Should fail validation");
+        } catch (ValidationException ve) {
+            assertTrue(ve.hasError(Messages.INVALID_USERNAME));
+        }
+
+        UPConfig config = UPConfigUtils.readConfig(new ByteArrayInputStream(provider.getConfiguration().getBytes()));
+
+        for (UPAttribute attribute : config.getAttributes()) {
+            if (UserModel.USERNAME.equals(attribute.getName())) {
+                attribute.getValidations().remove(UsernameIDNHomographValidator.ID);
+                break;
+            }
+        }
+
+        provider.setConfiguration(JsonSerialization.writeValueAsString(config));
+
+        profile = provider.create(UserProfileContext.UPDATE_PROFILE, attributes);
+
+        profile.validate();
+    }
+
     @Test
     public void testOptionalAttributes() {
         getTestingClient().server(TEST_REALM_NAME).run((RunOnServer) UserProfileTest::testOptionalAttributes);