From 6888d4819f149883918ca0d7bb4c239b5245c69d Mon Sep 17 00:00:00 2001
From: Marco Villeneuve <arcshiftsolutions@gmail.com>
Date: Fri, 13 Dec 2024 19:04:08 -0800
Subject: [PATCH] Changes to support entra/basic/bcsc on new KC

---
 .../SoamFirstTimeLoginAuthenticator.java      | 22 +++++--------------
 .../SoamPostLoginAuthenticator.java           | 17 ++++----------
 2 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamFirstTimeLoginAuthenticator.java b/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamFirstTimeLoginAuthenticator.java
index e58ce60..0419a40 100644
--- a/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamFirstTimeLoginAuthenticator.java
+++ b/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamFirstTimeLoginAuthenticator.java
@@ -51,25 +51,13 @@ protected void authenticateImpl(AuthenticationFlowContext context, SerializedBro
       logger.debug("Context Key: " + s + " Value: " + brokerClaims.get(s));
     }
 
-    JsonWebToken token = (JsonWebToken) brokerContext.getContextData().get("VALIDATED_ID_TOKEN");
-
-    Map<String, Object> otherClaims = token.getOtherClaims();
-    for (String s : otherClaims.keySet()) {
-      logger.debug("VALIDATED_ID_TOKEN Key: " + s + " Value: " + otherClaims.get(s));
-    }
-
-    String accountType = (String) otherClaims.get("account_type");
-
-    //This is added for BCSC - direct IDP
-    if (accountType == null) {
-      accountType = ((List<String>) brokerContext.getContextData().get("user.attributes.account_type")).get(0);
-    }
+    String accountType = CommonUtils.getValueForAttribute("user.attributes.account_type", brokerContext);
 
     if (accountType == null) {
       throw new SoamRuntimeException("Account type is null; account type should always be available, check the IDP mappers for the hardcoded attribute");
     }
 
-    String username = ((List<String>) brokerContext.getContextData().get("user.attributes.username")).get(0);
+    String username = CommonUtils.getValueForAttribute("user.attributes.username", brokerContext);
 
     switch (accountType) {
       case "entra":
@@ -77,14 +65,14 @@ protected void authenticateImpl(AuthenticationFlowContext context, SerializedBro
         if (username == null) {
           throw new SoamRuntimeException("No entra oid value was found in token");
         }
-        createOrUpdateUser((String) otherClaims.get("entra_user_id"), accountType, "ENTRA", null);
+        createOrUpdateUser(CommonUtils.getValueForAttribute("user.attributes.entra_user_id", brokerContext), accountType, "ENTRA", null);
         break;
       case "bceidbasic":
         logger.debug("SOAM: Account type bceid found");
         if (username == null) {
           throw new SoamRuntimeException("No bceid_user_guid value was found in token");
         }
-        createOrUpdateUser((String) otherClaims.get("bceid_user_guid"), accountType, "BASIC", null);
+        createOrUpdateUser(CommonUtils.getValueForAttribute("user.attributes.bceid_user_guid", brokerContext), accountType, "BASIC", null);
         break;
       case "bcsc":
         logger.debug("SOAM: Account type bcsc found");
@@ -118,7 +106,7 @@ protected void authenticateImpl(AuthenticationFlowContext context, SerializedBro
       federatedUser.setEnabled(true);
 
       if (accountType.equals("bcsc")) {
-        federatedUser.setSingleAttribute("user_did", ((List<String>) brokerContext.getContextData().get("user.attributes.did")).get(0));
+        federatedUser.setSingleAttribute("user_did", CommonUtils.getValueForAttribute("user.attributes.did", brokerContext));
       }
 
       for (Map.Entry<String, List<String>> attr : serializedCtx.getAttributes().entrySet()) {
diff --git a/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamPostLoginAuthenticator.java b/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamPostLoginAuthenticator.java
index 29a6b91..1488935 100644
--- a/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamPostLoginAuthenticator.java
+++ b/docker/keycloak/extensions-24/services/src/main/java/com/github/bcgov/keycloak/authenticators/SoamPostLoginAuthenticator.java
@@ -52,28 +52,19 @@ public void authenticate(AuthenticationFlowContext context) {
         logger.debug("Context Key: " + s + " Value: " + brokerClaims.get(s));
       }
 
-      String accountType = context.getUser().getFirstAttribute("account_type");
-
-      //This is added for BCSC - direct IDP
-      if (accountType == null) {
-        accountType = (String) brokerContext.getContextData().get("user.attributes.account_type");
-      }
+      String accountType = context.getUser().getFirstAttribute("user.attributes.account_type");
 
       if (accountType == null) {
         throw new SoamRuntimeException("Account type is null; account type should always be available, check the IDP mappers for the hardcoded attribute");
       }
 
-      JsonWebToken token = (JsonWebToken) brokerContext.getContextData().get("VALIDATED_ID_TOKEN");
-
-      Map<String, Object> otherClaims = token.getOtherClaims();
-      logger.debug(ApplicationProperties.mapper.writeValueAsString(otherClaims));
       UserModel existingUser = context.getUser();
       String user_guid = null;
 
       switch (accountType) {
         case "entra":
           logger.debug("SOAM Post: Account type entra found");
-          user_guid = (String) otherClaims.get("entra_user_id");
+          user_guid = CommonUtils.getValueForAttribute("user.attributes.entra_user_id", brokerContext);
           existingUser.setSingleAttribute("user_guid", user_guid);
           if (user_guid == null) {
             throw new SoamRuntimeException("No entra_user_id value was found in token");
@@ -82,7 +73,7 @@ public void authenticate(AuthenticationFlowContext context) {
           break;
         case "bceidbasic":
           logger.debug("SOAM Post: Account type basic bceid found");
-          user_guid = (String) otherClaims.get("bceid_user_guid");
+          user_guid = CommonUtils.getValueForAttribute("user.attributes.bceid_user_guid", brokerContext);
           existingUser.setSingleAttribute("user_guid", user_guid);
           if (user_guid == null) {
             throw new SoamRuntimeException("No bceid_user_guid value was found in token");
@@ -91,7 +82,7 @@ public void authenticate(AuthenticationFlowContext context) {
           break;
         case "bcsc":
           logger.debug("SOAM Post: Account type bcsc found");
-          user_guid = ((List<String>) brokerContext.getContextData().get("user.attributes.did")).get(0);
+          user_guid = CommonUtils.getValueForAttribute("user.attributes.did", brokerContext);
           existingUser.setSingleAttribute("user_did", user_guid);
           if (user_guid == null) {
             throw new SoamRuntimeException("No bcsc_did value was found in token");