Organization users accessing myAccount failures

[sadilchamishka]

Describe the issue:

There are couple of failures due to user resolving failures in the MyAccount for the organization SSO users. The reason for the most of the failures are due to the correct username is not properly set in the carbon context at the authentication valve level. As being federated users, the userid@tenant-domain is set as the username.

• Improve the post authentication handler to set the correct username in the carbon context for organization SSO users wso2-extensions/identity-carbon-auth-rest#254

Some of the failures are shown below.

	... 61 more
Caused by: org.wso2.carbon.user.core.UserStoreException: 30007 - UserNotFound: User 315fbf99-819f-40c5-b99f-527202261252@b00a5c27-fa50-4e9c-96e9-854ac16be78c does not exist in: PRIMARY
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValues(AbstractUserStoreManager.java:2130)
	... 66 more

[2023-11-11 09:09:31,306] [b534dcba-4b1b-41e3-ad8c-e0f5c136881f] ERROR {org.wso2.carbon.identity.rest.api.user.mfa.v1.core.MFAService} - errorCode: MFA-15003, | message: MFAService failed while trying to retrieve claim values from the userstore for the user : 315fbf99-819f-40c5-b99f-527202261252@b00a5c27-fa50-4e9c-96e9-854ac16be78c org.wso2.carbon.user.core.UserStoreException: 30007 - UserNotFound: User 315fbf99-819f-40c5-b99f-527202261252@b00a5c27-fa50-4e9c-96e9-854ac16be78c does not exist in: PRIMARY
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:258)
	at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValues(AbstractUserStoreManager.java:2103)
	at org.wso2.carbon.identity.rest.api.user.mfa.v1.core.MFAService.getEnabledAuthenticators(MFAService.java:79)
	at org.wso2.carbon.identity.rest.api.user.mfa.v1.impl.MeApiServiceImpl.meMfaAuthenticatorsGet(MeApiServiceImpl.java:39)
	at org.wso2.carbon.identity.rest.api.user.mfa.v1.MeApi.meMfaAuthenticatorsGet(MeApi.java:65)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

2023-11-11 09:09:31,292] [d17f00b1-1d47-475a-a2ad-d05c5fe05b33] ERROR {org.wso2.carbon.identity.rest.api.user.backupcode.v1.core.BackupCodeService} - errorCode: BCA-15003 | message: Cannot retrieve backup codes of the authenticated user. org.wso2.carbon.identity.application.authenticator.backupcode.exception.BackupCodeException: Error occurred failed while trying to access userRealm of the user : 315fbf99-819f-40c5-b99f-527202261252@b00a5c27-fa50-4e9c-96e9-854ac16be78c@b00a5c27-fa50-4e9c-96e9-854ac16be78c
	at org.wso2.carbon.identity.application.authenticator.backupcode.BackupCodeAPIHandler.getRemainingBackupCodesCount(BackupCodeAPIHandler.java:71)
	at org.wso2.carbon.identity.rest.api.user.backupcode.v1.core.BackupCodeService.getBackupCodes(BackupCodeService.java:65)
	at org.wso2.carbon.identity.rest.api.user.backupcode.v1.impl.MeApiServiceImpl.meBackupCodesGet(MeApiServiceImpl.java:42)
	at org.wso2.carbon.identity.rest.api.user.backupcode.v1.MeApi.meBackupCodesGet(MeApi.java:78)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

This failure is not directly due to not being properly set the username in the carbon context. Here it tries to find the user-id of the federated user from the AUTHZ_USER table. But for organization SSO users, the correct user-id is set in the carbon context at the authentication valve level. Hence there is a different fix for the below failure, which is to use the already existing user-id in the carbon context only for organization SSO federated users.

• Fix the federated association failure when organization user accessing MyAccount identity-api-user#186

[2023-11-11 09:43:32,008] [e93a1843-44ce-4559-b43c-8f6c1fc2ea12] ERROR {org.wso2.carbon.identity.rest.api.user.association.v1.core.UserAssociationService} - errorCode: 10005 | message: 10005 - The provided user identifier is invalid org.wso2.carbon.identity.user.profile.mgt.association.federation.exception.FederatedAssociationManagerClientException: 10005 - The provided user identifier is invalid
	at org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManagerImpl.handleFederatedAssociationManagerClientException(FederatedAssociationManagerImpl.java:457)
	at org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManagerImpl.validateUserExistence(FederatedAssociationManagerImpl.java:432)
	at org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManagerImpl.getFederatedAssociationsOfUser(FederatedAssociationManagerImpl.java:144)
	at org.wso2.carbon.identity.rest.api.user.association.v1.core.UserAssociationService.getFederatedAssociationsOfUser(UserAssociationService.java:70)
	at org.wso2.carbon.identity.rest.api.user.association.v1.impl.MeApiServiceImpl.meFederatedAssociationsGet(MeApiServiceImpl.java:61)
	at org.wso2.carbon.identity.rest.api.user.association.v1.MeApi.meFederatedAssociationsGet(MeApi.java:187)

How to reproduce:

1 - Create an organization.
2 - Create an user in the organization.
3 - Try to login to the MyAccount space of the organization via the organization SSO flow.

Expected behavior:

Organization users should be able to experience the MyAccount without any failures.

Environment information (Please complete the following information; remove any unnecessary fields) :

• Product Version: [7.0.0-alpha2]
• OS: [Mac]
• Database: [H2]
• Userstore: [JDBC]