fix(SSO): 認証の結果のデータがXMLスキーマと合わない問題を修正

packages/backend/src/server/sso/JWTIdentifyProviderService.ts

@@ -171,11 +171,11 @@ export class JWTIdentifyProviderService {
 			const roles = await this.roleService.getUserRoles(user.id);
 
 			const payload: JWTPayload = {
-				name: user.name,
+				name: user.name ?? user.username,
 				preferred_username: user.username,
 				profile: `${this.config.url}/@${user.username}`,
-				picture: user.avatarUrl,
+				picture: user.avatarUrl ?? undefined,
-				email: profile.email,
+				email: profile.emailVerified ? profile.email : undefined,
 				email_verified: profile.emailVerified,
 				mfa_enabled: profile.twoFactorEnabled,
 				updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),

packages/backend/src/server/sso/SAMLIdentifyProviderService.ts

@@ -477,16 +477,9 @@ export class SAMLIdentifyProviderService {
 										'#text': ssoServiceProvider.issuer,
 									},
 									'saml:Subject': {
-										'saml:NameID': [
+										'saml:NameID': profile.emailVerified
-											{
+											? { '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', '#text': profile.email }
-												'@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
+											: { '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', '#text': user.id },
-												'#text': profile.email,
-											},
-											{
-												'@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-												'#text': user.id,
-											},
-										],
 										'saml:SubjectConfirmation': {
 											'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
 											'saml:SubjectConfirmationData': {
@@ -541,7 +534,7 @@ export class SAMLIdentifyProviderService {
 												'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
 												'saml:AttributeValue': {
 													'@xsi:type': 'xs:string',
-													'#text': user.name,
+													'#text': user.name ?? user.username,
 												},
 											},
 											{
@@ -568,30 +561,32 @@ export class SAMLIdentifyProviderService {
 													'#text': `${this.config.url}/@${user.username}`,
 												},
 											},
-											{
+											...(user.avatarUrl ? [{
 												'@Name': 'picture',
 												'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
 												'saml:AttributeValue': {
 													'@xsi:type': 'xs:string',
 													'#text': user.avatarUrl,
 												},
-											},
+											}] : []),
-											{
+											...(profile.emailVerified ? [
-												'@Name': 'mail',
+												{
-												'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+													'@Name': 'mail',
-												'saml:AttributeValue': {
+													'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-													'@xsi:type': 'xs:string',
+													'saml:AttributeValue': {
-													'#text': profile.email,
+														'@xsi:type': 'xs:string',
+														'#text': profile.email,
+													},
 												},
-											},
+												{
-											{
+													'@Name': 'email',
-												'@Name': 'email',
+													'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
-												'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
+													'saml:AttributeValue': {
-												'saml:AttributeValue': {
+														'@xsi:type': 'xs:string',
-													'@xsi:type': 'xs:string',
+														'#text': profile.email,
-													'#text': profile.email,
+													},
 												},
-											},
+											] : []),
 											{
 												'@Name': 'email_verified',
 												'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',