jelhub / scimgateway Goto Github PK
View Code? Open in Web Editor NEWUsing SCIM protocol as a gateway for user provisioning to other endpoints
License: MIT License
Using SCIM protocol as a gateway for user provisioning to other endpoints
License: MIT License
While trying to do a manual provisioning as part of testing, I realise that only the userName and active attribute is sent. However from Azure's end, it shows the target attribute which I require to create the user. It seems I might have not configure something but I'm not sure what else needs to be configured on the SCIM gateway for me to receive the rest of the attributes.
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"userName": "_____________",
"active": true,
"meta": {
"resourceType": "User"
}
}
Hi there,
Would be possible to show de scim schemas and wsdls ?
Besides, is there a way to present those via some URI?
Hi jelhub
I am using loki plugin and doing filter request as following :
https://domain/Users?filter=userName+eq+%22bjensen1%22
It works fine when user is found, but when user is not found, its sending 404 response instead of 200 with empty array.
Azure AD expects following response when user is not found :
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 0,
"Resources": [],
"startIndex": 1,
"itemsPerPage": 20
}
Can you please explain regarding this.
Thanks & Regards
I mean vulnerability. Sorry.
SOAP dependency is outdated and insecure. See attachment below (a screen shot). Need to make we pull in a newer version of SOAP that is using a newer version of ejs. ejs is the source of the security issue. BTW, You'll notice SOAP's master branch has been updated.
If you like I could update your project.json and submit a pull request?
Jeff
PS. I'm a co-worker of C. Watson.
PS. More details about the vulnerability can be found here: https://snyk.io/vuln/npm:ejs:20161128
My Identity provider wants to PUT all the Users and Groups in a batch. scimgateway does not seem to support PUT for this, only POST and PATCH. That will not work with their software (ADFS?)
I Tried the Loki plugin with scim 2.0 and this JSON
[
{
"externalId": "Donald_D",
"userName": "Donald_D",
"active": "true",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
},
{
"externalId": "Huey_D",
"userName": "Huey_D",
"active": "true",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
},
{
"externalId": "Dewey_D",
"userName": "Dewey_D",
"active": "true",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
},
{
"externalId": "Louie_D",
"userName": "Louie_D",
"active": "true",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
}
]
Hi Jarle,
When a user, JohnDoe is created in Active Directory with SCIM Id mapped to LDAP DN it does not return the DN (for example: CN%3DJohnDoe%3Dxxx%3Dxxx%2CDC%3Dxx) but still JohnDoe.
When the SCIM Id is mapped to, for example, LDAP objectGUID or objectID, it still returns 'JohnDoe'.
Is DN the only attribute which can be used in combination with the SCIM Id attribute?
Regards,
Michael
Pagination is not working as expected in plugin-loki. For e.g. ?startIndex=10&count=5 returns no records when total records > 15.
Hello @jelhub ,
First of all, thank you for including the mongodb plugin!
However, I am testing version 4.0.0 and this endpoint doesn't return any results.
After taking a look at this, I've tried with "ge" instead. But again, no results found.
Note: At MongoDB, I have the two test mode users (bjensen and jsmith).
Could you run this scenario, please?
Best Regards,
Filipe Ribeiro
Hi
The mssql plugin does not return data in my installation.
It appears that the exploreUsers method returns an empty data set before the query is run. If I add logging statements in the Tedious Request callback the data is returned from SQL Server.
I cannot see how to resolve the synchronization with Tedious. Hope you can help.
When the PUT body is passed to the modifyUser function, it is always an empty object because of this line:
scimgateway/lib/scimgateway.js
Line 1655 in f02de6e
Tried using auth.bearerJwt option but it fails as the code is initializing only if secret is specified. Once secret is specified the token validation uses only the secret. Was able to get it working after fixing the code related to auth.bearerJwt initializatin.
modifyUser does not work correctly for PUT requests. It always returns a 204. That is only a valid response for PATCH requests. Per spec, a PUT request must return a 200 with the entire resource within the response body".
"Unless otherwise specified, a successful PUT operation returns a 200
OK response code and the entire resource within the response body,
enabling the client to correlate the client's and the service
provider's views of the updated resource."
Hi there,
I am using a Open LDAP Container image (osixia/openldap:1.5.0
) , the initial tree structure is based on:
dc=example,dc=org
I imported the attached LDIF:
democorp (1).ldif.zip
So, I have new users into my ldap tree, when I do configure my ldap plugin, like this:
"username": "cn=admin,dc=example,dc=org",
"password": "NGYzYjU3NTE3NjAwYWU0MmNiMTBmNTcxNGI3MjY5NGU6MjM1YWRjODI1M2FkMDljNjQyMTBlOTYxNjA1ZTZlNTY=",
"ldap": {
"userBase": "dc=example,dc=org",
"groupBase": "",
"userFilter": "",
"groupFilter": null,
"userNamingAttr": "cn",
"groupNamingAttr": "cn",
"userObjectClasses": [
"person",
"organizationalPerson",
"inetOrgPerson",
"top"
],
When I try to execute an HTTP GET, I am getting the following result:
{
"Resources": [],
"itemsPerPage": 0,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 0
}
Any idea of what I might be doing wrong? I've been investigating many ways to solve it, but not success so far.
Thanks in advance
Edgar
Hi jelhub
By default, scimgateway creates log file on logs/plugin-loki.log path. Can we provide custom path for log-file ?
Regards
On cloud systems and especially MS Azure the network abstractions sometimes take alternate forms. Within Azure ports are identified as "named pipes" which may take a form other than numeric.
In the isValidconfig
function checks for a numeric value:
else if (key === 'port') { // number
//on PaaS sometimes the port is delivered as non-numeric string
//if (!val || typeof (val) !== 'number') return false;
}
This needed to be commented out in order to run the solution on MS Azure. Since the plugin-xxxx.json config is tightly coupled with the plugin-xxxx.js modules would it make sense to move the validation to the plugin-xxxx.js?
In that fashion users can provide their own solution for the validation step that matches their context.
Hi @jelhub
Using LDAP plugin - we can retrieve the AD users/groups details successfully. And We can register the SCIM GW application on Oracle cloud. However during users sync noticed that it is failing with error like "Primary email must be set"
When we invoke get /Users endpoint from browser - we see email details of type and value but no 'primary' information .
I have noticed that in plugin-ldap.js we need to expose the emails.primary attribute in /Users endpoint.
following are attributes mapping from cloud to application
$(account.primaryEmail) --> emails[primary eq true and type eq "work"].value
Please let me know your thoughts on this one.
many thanks
When fetching user (/Users), the groups' attribute is returned containing a list of all the groups the user is part of. Then each of those groups within the users returns a list of all their members.
(Not representative of a complete response, here is an example of how the payload is currently structured)
{
"id": "fbc56952-0c46-4c00-80b3-fc48fbef8eaa",
"groups": [
{
"value": "383e9f70-a1af-4e26-b068-d2454aca0260",
"members": [
{
"value": "fbc56952-0c46-4c00-80b3-fc48fbef8eaa"
},
{
"value": "b6ccf7e6-ac9e-4db8-b81c-b0167d431a95"
}
]
}
]
}
This can create large responses when the user belongs to many groups with many users (in my case, 120MB for a single user).
I propose changing https://github.com/jelhub/scimgateway/blob/master/lib/scimgateway.js#L791 to remove the members.value
. This could be breaking for people relying on it, or it could be hidden behind a feature flag.
Doing this is within the SCIM Schema specification. As outlined in section 4.1.2 https://www.rfc-editor.org/rfc/rfc7643#section-4.1.2, under the heading of groups,
SCIM service provider exposes a "Group" resource, the "value" sub-attribute MUST be the "id", and the "$ref" sub-attribute must be the URI of the corresponding "Group" resources to which the user belongs.
This, in my eyes, would mean that members is at least an optional attribute to return on the user response payload. This is further backed up by the full user representation listed here https://www.rfc-editor.org/rfc/rfc7643#section-8.2. While the specification refers to a non-normative example, it provides an insight into what the specification authors were expecting as part of the standard.
Let me know what you think. I've already implemented the change on my fork (without the feature flag). So happy to carry this forward to a PR if you agree with the above.
Cheers,
Sam
In developing a custom plugin, I would like to fully support the filtering as specified in the SCIM standard. However, it appears that the code only allows for displayname filtering .. and returns a 404 on any filter that doesn't include that attribute.
Is it possible to bypass the filter check, and pass the entirety of the filter querystring onto the plugin for manual parsing?
Hi,
We are looking at using scimgateway to expose SCIM 2.0 interface, and are building a custom plugin to integrate with our own identity service backend. We have a question around a piece of code we came across as we develop our plugin.
When we create a user record in our plugin, our plugin returns the full user object (including the ID) of the newly created user in the response. However, this piece of code substitute our id
with the userName
- jsonBody.id = jsonBody.userName
. And do another GET
on the same object using the userName
field.
https://github.com/jelhub/scimgateway/blob/master/lib/scimgateway.js#L1094-L1101
If userName
doesn't exist on the return object, it would do the same with externalId
field.
Any reasons the scimgateway needs to:
id
returned by the plugin with either userName
or externalId
andWhile the plugin returns full user object.
We are just wondering if there's a usecase that scimgateway is catering for that we are not aware of.
Thanks,
Josh
When registering a new app in Okta with SCIM 2.0, it makes a GET call to /Users with startIndex
and count
keys but no attributes
key. This will always fail in the current version of scimgateway.
scimgateway/lib/scimgateway.js
Line 708 in 1a9501c
Relvant part of Okta protocol reference: https://developer.okta.com/docs/reference/scim/scim-20/#retrieving-users
Hi guys,
I set up scimgateway on my local machine, I linked my azure provisioning to my local scimgateway.
Create user, update user works just fine but delete is not working, scimgateway response no content.
Here is the log of delete user on my local scimgateway:
2021-12-22T14:01:40.129 debug: scimgateway[plugin-loki] [Modify User] [email protected]
2021-12-22T14:01:40.130 debug: scimgateway[plugin-loki] convertedBody={"active":false}
2021-12-22T14:01:40.130 debug: scimgateway[plugin-loki] calling "modifyUser" and awaiting result
2021-12-22T14:01:40.130 debug: plugin-loki[undefined] handling "modifyUser" [email protected] attrObj={"active":false}
2021-12-22T14:01:40.131 info: scimgateway[plugin-loki] 176ms [my-azure-ip] token PATCH http://mylocalsimgateway.com Inbound = {"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"Replace","path":"active","value":"False"}]} Outbound = {"statusCode":204,"statusMessage":"No Content"}
Is this an issue of azure provisioning or my local scimgateway?
Hi there,
Seems that scim-plugin.js is a proxy/façade for the other scim extensions, am I right?
If it is the goal for scim-plugin.js how to add more than one endpoint as the requests destionation?
Cheers
Edgar
Hi,
Do you know of anyone who has developed a plugin for MongoDB or MySQL? I can't seem to find any references anywhere.
If you develop that ourselves, would you like to add it to your repository?
Cheers.
Our IDP will be sending a token to SCIM Gateway. In the handlers (createUser, updateUser, etc.) we want access to this token since it will then be used to communicate with our back end.
But the handler API is
scimgateway.createUser = async (baseEntity, userObj)
instead of
scimgateway.createUser = async (ctx, userObj)
Is there any other way of accessing the token of the original request to SCIM Gateway?
Hello,
I'm currently implementing a custom scimgateway plugin, that must work with SCIM 2.0.
I have run some tests, using Azure AD Provisioning Service as IdP. During tests excution, I identified an issue in parsing body of Users PATCH requests.
Consider the following PATCH body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "Add",
"path": "name.givenName",
"value": "Barbara"
},
{
"op": "Add",
"path": "name.familyName",
"value": "Jensen"
},
{
"op": "Add",
"path": "name.formatted",
"value": "Barbara Jensen"
}
]
}
After parsing the body, scimgateway invokes my plugin by passing the following object:
{
name: {
givenName: undefined,
familyName: undefined,
formatted: undefined
}
}
i.e. all values in the internal object are undefined
.
This seems to be caused by the following line:
scimgateway/lib/scimgateway.js
Line 1560 in 27fe37a
If i replace element.value[0].value
with element.value
, i.e.:
} else dot.str(element.path, element.value, scimdata) // handle e.g name.familyName
then it seems to work as expected. Indeed, after applying this change, my plugin code receives the following data:
{
name: {
givenName: 'Barbara',
familyName: 'Jensen',
formatted: 'Barbara Jensen'
}
}
I am willing to open a PR for this issue. However, I'm not sure if this change would be correct in any scenario or if it is just a workaround for this case.
Instructions for running a new scimgateway project as a docker container. This includes a solution for file system persistence (for the plugin configs and loki.db) between container restarts:
Documentation / How to:
https://gist.github.com/visualjeff/796f9b49d1b3ec633f794df719e6e1c6#file-gistfile1-txt
Three files need to be added to a new scimgateway project to dockerize it:
Jeff
Hi, how the best way to create a Group modify method? I couldn't find this method, only modify users.
Hi Jelhub,
Interesting project you have here!
I was wondering. Would it also be possible to create an LDAP provisioner?
I've found https://www.npmjs.com/package/ldapjs and I guess it should be possible but I lack knowledge of NodeJs
hi @jelhub
While trying to update existing user from SCIM GW (plugin LDAP - which reads users/groups from on prem AD).
We are seeing this error on OCI IDCS
'The attribute urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User:syncedFromApp.type is immutable.' error occurred at step: 'Update User'
Please note that we are using authorized sync to sync users from SCIM to Oracle Cloud IDCS.
Do we need to remove the existing user and sync it again or update should work fine as-is which is not happening in this case. Please let me know
thanks
scimgateway
configuration.PATCH requests come in with urn:ietf:params:scim:api:messages:2.0:PatchOp for the schema value. The router.patch method is simply echoing back the schema that is sent from the server. It needs to be sure to return ['urn:ietf:params:scim:schemas:core:2.0:Group'] for the schema.
I inserted the following:
ctx.body = jsonBody // using original body instead of retrieving actual data
// The schema comes in ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]. That needs to be converted to
// ['urn:ietf:params:scim:schemas:core:2.0:Group'] for the response. Line below was inserted
ctx.body.schemas=['urn:ietf:params:scim:schemas:core:2.0:Group']
This updates the schema to ensure the correct value is returned. Servers validating the schema value will fail until this is done
\Code\my-scimgateway>npm install scimgateway
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '@azure/[email protected]',
npm WARN EBADENGINE required: { node: '10 || 12 || 14 || 16 || 18' },
npm WARN EBADENGINE current: { node: 'v19.2.0', npm: '8.19.3' }
npm WARN EBADENGINE }
up to date, audited 352 packages in 4s
52 packages are looking for funding
run npm fund
for details
5 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit
for details.
hi @jelhub
Can we enable support for multiple DNs which has "(" and "&" to restrict the scope of AD
many thanks
Hi,
I would like to use Okta and Auth0 such that the input is Okta (SCIM 2.0) and the output is Auth0.
I assume that Okta is compatible with scimgateway.
Is there a plugin in the work for Auth0? Assuming Auth0 is extremely popular, I was hoping there is already a plugin available.
Thanks
Hi
Started a fresh install and found that mssql does not work. Tedious is not connecting to server at all.
I guess it has something to do with the new way to make a connection that was introduced in v10.
When using 9.2.1 it works.
https://github.com/tediousjs/tedious/releases
10.0.0 (2021-01-13)
BREAKING CHANGES
Creating a new Connection instance will no longer establish a connection to the server automatically. Please use the new connect helper function or call the .connect method on the newly created Connection object instead.
best regards
Magnus
Using the ability for .npmrc
properties to be available via process.env
, add a check for a property which can disable postinstall script to simplify keeping up to date.
PR on it's way...
this is what I added to the README:
When maintaining a set of modifications it useful to disable the postinstall operations to keep your changes intact by setting the property scimgateway_postinstall_skip = true
in .npmrc
.
to not have (allows me to delete) plugins and integrations with databases I don’t use
My organization has been experimenting with https://github.com/jelhub/scimgateway as a provisioning solution hosted and connected to MS Azure AAD. We found some limitations with the code and will make recommendations to correct these. This can apply to any cloud provider hosted solution and not just MS Azure.
The first problem we encountered is with the secrets management strategy chosen. With cloud fabric solutions you might not be guaranteed a static hostname be delivered to your app -- this is the case with MS Azure and any strategies used that rely on a static hostname should have a strategy to mitigate the fact when not be guaranteed static.
In the config recovery code (lib/utils.js) we added:
var myhost = process.env.hostname_deg || require('os').hostname();
var chi = require('path').basename(configFile) + myhost;
To ensure a static value on MS Azure this is required.
The hostname_deg value must be set on the environment variables prior to execution.
Hi,
I have created an 'initials' attribute in a custom schema.
},
"initials": {
"mapTo": "name.initials",
"type": "string"
},
[
{
"name":"User",
"attributes":[
{
"name":"name.initials",
"type":"string",
"multiValued":false,
"description":"initials",
"readOnly":false,
"required":false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none",
"caseExact":false
}
]
},
{
"name":"Group",
"attributes":[
]
"name": {
"formatted": "John Doe",
"familyName": "Doe",
"givenName": "John",
"initials": "J"
But all GET operations regarding the USER or USERS does not show this specific custom attribute in the request.
I understand that the custom attributes are imported in the core schema during startup. Am I doing something wrong or could this be a bug or by design? Is it possible to configure that a custom attribute will be shown in the GET results?
Latest version of SCIM Gateway is being used for testing.
Thank you for your work!
Michael
We store secure values in a secretes engine as individually managed units. Assembling all those values into files at deployment time is not a best practice.
The predominant way to provide these secretes is by mounting them directly in the file system as individual files with raw text values. I'd like to propose to extend the process.env.|file.
model adding process.text.
which would allow a file to be read as just a (UTF-8
) string.
When posting a patch to replace all group memberships per the following:
{ "op":"remove", "path": "members" }, { "op":"add", "path":"members", "value": { "value": "Group1" } }
The gateway can process the filters individually, but not together. Per the SCIM standard, the operations should be accepted, and processed sequentially based on the input. As this is part of a custom plugin, perhaps the easiest way to deal with this is to allow bypassing the built in parse of the operations, and pass the entire body to the handler in the plugin. This could be based on a flag in the plugin configuration for ease of use.
Any documentation to run this as a docker container ?
The body parser is set to use the default json limit of 1mb for incoming payloads. There are cases which large groups that you could exceed that size.
https://github.com/jelhub/scimgateway/blob/master/lib/scimgateway.js#L578-L582
Adding in the jsonLimit
limit to a higher amount or a configurable amount would be useful.
hi @jelhub
Thanks for SCIM GW. I have synced users from on-prem AD to Oracle IDCS
while verifying the sync user information - "Federated" option is disabled in IDCS
Inorder to enable this - I'm wondering if we need to create the following custom attribute on on-prem AD by updating the schema or just map custom attribute in SCIM GW.
please share your thoughts
https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/oracle-cloud-infrastructure-console-provisioning-tutorial
thanks
Hi @jelhub
Now with the plugin - ldap I see the users/groups are synched to Oracle IDCS
however when tried to login to OCI console - it throws "Invalid username / password"
do we need to mapping for password attribute as well from SCIM GW to IDCS. please let us know.
many thanks
You can debug a running docker container (using Visual Studio Code) if you add the following file (docker-compose-debug.yml) to your project:
version: '2'
services:
scimgateway:
ports:
- "8880:8880"
- "5858:5858"
When you start-up the app using this command:
docker-compose -f docker-compose.yml -f docker-compose-debug.yml up -d
Start Visual Studio Code and follow these debugging instructions: https://code.visualstudio.com/docs/nodejs/nodejs-debugging
Jeff
PS. Hopefully users might find this helpful.
Hi,
I am using 3.2.9
I can return /Users and /Groups, however, unlike the test rest/loki plugin, I get no User Schema in response(null):
{"Resources":[[{"uri":"/principal/internal/user/adam.arnold","id":"11","userName":"adam.arnold","type":"user","AlternateId":"ec29f73d-ec39-4327-9e35-13c0d21b2021","IdP":"internal"},null],[{"uri":"/principal/internal/user/pjones","id":"10","userName":"pjones","type":"user","AlternateId":"236ef0fc-0915-43a0-bbcf-1bdf0fe0d6d7","IdP":"internal"},null],
"totalResults":6,"itemsPerPage":6,"startIndex":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"meta":{"resourceType":"User"}}
This is my ExploreUser js:
// =================================================
// exploreUsers
// =================================================
scimgateway.exploreUsers = async (baseEntity, attributes, startIndex, count) => {
const action = 'exploreUsers'
scimgateway.logger.debug(${pluginName}[${baseEntity}] handling "${action}" attributes=${attributes} startIndex=${startIndex} count=${count}
)
const ret = { // itemsPerPage will be set by scimgateway
Resources: [],
totalResults: null
}
const method = 'GET'
const path = /principal?verbose=true&depth=5&page_size=50&page_number=1
const authorization ='Bearer '+access_token
const options = {
headers: {
'Authorization': authorization , // body must be query string formatted (no JSON)
'Content-Type': 'application/json' , // body must be query string formatted (no JSON)
'Accept': 'application/json' // body must be query string formatted (no JSON)
}
}
const body = authorization
// const body = JSON.stringify(data)
try {
const response = await doRequest(baseEntity, method, path, body,options)
const res = JSON.stringify(response.body)
const obj = JSON.parse(res)
// const err = new Error(Response message: ${response.statusMessage} - ${JSON.stringify(response.body)}
)
console.log('User Count :'+obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length)
// throw (err)
if (response.statusCode < 200 || response.statusCode > 299) {
const err = new Error(Error message: ${response.statusMessage} - ${JSON.stringify(response.body)} - ${access_token}
)
throw (err)
} else if (!response.body.IdentityProviders) {
const err = new Error(${action}: Got empty response on REST request
)
throw (err)
}
if (!startIndex && !count) { // client request without paging
startIndex = 1
count = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length
}
console.log('count = '+count)
const arrAttr = attributes.split(',')
// const arrAttr = parsedAttr.split(',')
for (let index = startIndex - 1; index < obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length && (index + 1 - startIndex) < count; ++index) {
const retObj = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index]
console.log('endpointMapper test : '+scimgateway.endpointMapper('inbound', 'Uri', scimgateway.endpointMap.SecretsSafeUser) )
console.log('endpointMapper test : '+scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) )
let parsedAttr = scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser)
//const [scimUser] = scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser)
if (!attributes) ret.Resources.push(parsedAttr)
else { // return according to attributes (userName or externalId should normally be included and id=userName/externalId)
console.log('EEEEEEEEEEEEEEEEEE else 154')
let found = false
const obj = {}
for (let i = 0; i < arrAttr.length; i++) {
const key = arrAttr[i].split('.')[0] // title => title, name.familyName => name
if (retObj[key]) {
obj[key] = retObj[key]
found = true
}
}
if (found) ret.Resources.push(obj)
}
}
// not needed if client or endpoint do not support paging
ret.totalResults = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length
ret.startIndex = startIndex
return ret // all explored users
} catch (err) {
const newErr = err
throw newErr
}
}
The server is failing the simplecloud.info compliance SCIM 1.1 tests relating to PATCH tests 7-16 when configured for plugin-test.
Hi @jelhub
Thanks for scimgateway.
One question I have is can we provision auth0 users/groups to Oracle Cloud Infra (OCI) since auth0 doesn't support SCIM 2.0 protocol
Please share your thoughts
thanks, shahid
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.