From 4630b53313cc51d9c73a0fb667a913676f1b16bd Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Wed, 13 Aug 2025 09:44:39 +0200
Subject: [PATCH] fix(idp): make external id check case insensitive (#10460)

# Which Problems Are Solved

When searching for an existing external userID from an IdP response, the
comparison is case sensitive. This can lead to issues esp. when using
SAML, since the `NameID`'s value case could change. The existing user
would not be found and the login would try to create a new one, but fail
since the uniqueness check of IdP ID and external userID is not case
insensitive.

# How the Problems Are Solved

Search case insensitive for external useriDs.

# Additional Changes

None

# Additional Context

- closes #10457, #10387
- backport to v3.x
---
 internal/query/idp_user_link.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/query/idp_user_link.go b/internal/query/idp_user_link.go
index 7f162f235e..1a03b3f832 100644
--- a/internal/query/idp_user_link.go
+++ b/internal/query/idp_user_link.go
@@ -178,7 +178,7 @@ func NewIDPUserLinksResourceOwnerSearchQuery(value string) (SearchQuery, error)
 }
 
 func NewIDPUserLinksExternalIDSearchQuery(value string) (SearchQuery, error) {
-	return NewTextQuery(IDPUserLinkExternalUserIDCol, value, TextEquals)
+	return NewTextQuery(IDPUserLinkExternalUserIDCol, value, TextEqualsIgnoreCase)
 }
 
 func prepareIDPUserLinksQuery() (sq.SelectBuilder, func(*sql.Rows) (*IDPUserLinks, error)) {