OAuth identity lookups should be case-insensitive
Zendesk: https://gitlab.zendesk.com/agent/tickets/83340
A customer using SAML started having an issue where a particular user could no longer sign in. They received an error 'Identities user has already been taken'. In a debug call we watched the logs as the user attempted to sign in. We saw the SAML response and decoded it to find the Name ID was being sent in all upper case from the IdP. The user's SAML identity in GitLab was in title/camel case.
The identity lookup at https://gitlab.com/gitlab-org/gitlab-ce/find_file/ce87f42dc928377abdd1dd445598afb8150d4521 uses find_by
rather than an iwhere
which caused this problem. As a workaround we changed the user's SAML identity extern_uid to all caps and they were able to sign in.
This is similar to the fix needed for Kerberos Spnego in https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3047. Identity lookups should always be case-insensitive since we can't guarantee how they'll come from the external system.
cc/ @mikegreiling @DouweM