From dfd0d9daf04ffb967115f80ee8eef7e214fa9c13 Mon Sep 17 00:00:00 2001
From: Diego Ramp <diego.ramp@mobi.ch>
Date: Fri, 19 Dec 2025 10:13:47 +0100
Subject: [PATCH] add support for number and boolean claims in
 ClaimToUserSessionNoteMapper

Closes #45022
---
 .../mappers/ClaimToUserSessionNoteMapper.java | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/services/src/main/java/org/keycloak/broker/oidc/mappers/ClaimToUserSessionNoteMapper.java b/services/src/main/java/org/keycloak/broker/oidc/mappers/ClaimToUserSessionNoteMapper.java
index 0e8e3f64222..390a42fdbfd 100644
--- a/services/src/main/java/org/keycloak/broker/oidc/mappers/ClaimToUserSessionNoteMapper.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/mappers/ClaimToUserSessionNoteMapper.java
@@ -110,20 +110,9 @@ public class ClaimToUserSessionNoteMapper extends AbstractClaimMapper {
                 Boolean.parseBoolean(mapperModel.getConfig().get(ARE_CLAIM_VALUES_REGEX_PROPERTY_NAME));
 
         for (Map.Entry<String, List<String>> claim : claims.entrySet()) {
-            Object claimValueObj = getClaimValue(context, claim.getKey());
-            for (String value : claim.getValue()) {
-                if (claimValueObj != null) {
-                    if (!(claimValueObj instanceof String)) {
-                        LOG.warnf(
-                                "Claim '%s' does not contain a string value for user with brokerUserId '%s'. "
-                                + "Actual value is of type '%s': %s",
-                                claim.getKey(),
-                                context.getBrokerUserId(), claimValueObj.getClass(), claimValueObj);
-                        continue;
-                    }
-
-                    String claimValue = (String) claimValueObj;
-
+            String claimValue = getStringCompatibleClaimValue(context, claim.getKey());
+            if (claimValue != null) {
+                for (String value : claim.getValue()) {
                     boolean claimValuesMatch = areClaimValuesRegex ? valueMatchesRegex(value, claimValue)
                             : valueEquals(value, claimValue);
 
@@ -135,4 +124,17 @@ public class ClaimToUserSessionNoteMapper extends AbstractClaimMapper {
         }
     }
 
+    private String getStringCompatibleClaimValue(BrokeredIdentityContext context, String key) {
+        Object claimValueObj = getClaimValue(context, key);
+        if (claimValueObj instanceof String || claimValueObj instanceof Number || claimValueObj instanceof Boolean) {
+            return claimValueObj.toString();
+        }
+        LOG.warnf(
+                "Claim '%s' does not contain a string-compatible (String/Number/Boolean) value for user with brokerUserId '%s'. "
+                        + "Actual value is of type '%s': %s",
+                key,
+                context.getBrokerUserId(), claimValueObj.getClass(), claimValueObj);
+        return null;
+    }
+
 }