Comments (5)
Azure scimvalidator fully complient now fixed in v4.2.2
from scimgateway.
Hi,
#1)
You are right, in general attributes should be case insensitive.
#2)
Seems https://github.com/jelhub/scimgateway/blob/master/lib/scimgateway.js#L527 does not work any longer and now needs to be applied after the body have been set.
#3)
Validator should accept 204 when attributes query not been specified in request.
You may test:
PATCH /Users/bjensen
giving 204
PATCH /Users/bjensen?attributes=active,emails
giving 200 + attributes specified
PATCH /Users/bjensen?excludedAttributes=emails
giving 200 + all but excludedAttributes
PATCH SCIM definition:
On successful completion, the server either MUST return a 200 OK
response code and the entire resource within the response body,
subject to the "attributes" query parameter (see Section 3.9), or MAY
return HTTP status code 204 (No Content) and the appropriate response
headers for a successful PATCH request. The server MUST return a 200
OK if the "attributes" parameter is specified in the request.
#4)
Regarding:
"modifyUser can't handle operations where the identifier isn't the type, but the "primary" key, e.g. on roles"
For plugin-mongodb (and loki) the logic for arrays like roles are https://github.com/jelhub/scimgateway/blob/master/lib/plugin-mongodb.js#L359
If modified role have a value and type (if type defined) that match an existing role value/type then do nothing
else insert the modified role
Could you please describe a use case showing the problem
In general, do you have an IdP that fails on #1, #2 and #3 (except for the mentioned Microsoft validator)?
Are you going to build your own plugin, or is everything about the plugin-mongodb that comes with the gateway?
Regards,
Jarle
from scimgateway.
Assume #4 is also related to the Microsoft validator
I will look into it
from scimgateway.
Hi Jarle,
thanks so much first of all for your long answer. Sorry for my late response as well. I looked into v4.2.2 and i've seen you did #1, #2, #3 the 200 instead of 204 always and #4 as well.
So i can confirm, that the validator works now fine again. Thanks for the update!
Since you asked what i'm trying to achieve, i briefly tell you: For our company we just need a connection to the azure ad of our client. on our platform users should be created and updated whenever the ad is changed. normally i would integrate the data directly into my db, but i just wanted a quick gathering of the data of the azure and then write myself a cronjob which inserts all data into my own database afterwards, after each update.
then i just need 3 attributes from the user inserted. next step is to make sso possible and connect the ad of my client to this.
thanks again so much for your update.
if you have the feeling you can and want to help against payment on the connection sso and some questions, you can contact me over my github or [email protected].
from scimgateway.
Hi,
I have done some more adjustments.
Please use latest version v4.2.3
Regards,
Jarle
from scimgateway.
Related Issues (20)
- Is it possible to set 401 or 403 status HOT 5
- How to change ServiceProviderConfig HOT 2
- How to limit the attributes in default schema? HOT 2
- Feature request: option to disable ping success logging HOT 2
- Problem with modifyUser when user does not exist HOT 3
- createUser is returning userName instead of id HOT 5
- Cannot distinguish PATCH/add and PUT in modifyGroups HOT 2
- Configurable path for plugin-config.json HOT 2
- Override base URL for metadata.location HOT 3
- Support for PATCH with replace used on an array to set it to empty HOT 2
- 500 with PATCH and no members from Okta HOT 1
- PATCH replace empty members is not calling modifyGroup HOT 5
- Azure Soft Delete (IsSoftDeleted) -> scimgateway.modifyUser() not triggered HOT 7
- createUser error: Cannot read properties of undefined (reading 'value') from plugin-mssql.js HOT 1
- Azure AD -> OpenLDAP - group provisionig fails - "endpointMapper: skipping - no mapping found for attributes: members" HOT 6
- Azure AD -> OpenLDAP - group provisionig fails - "modifyGroup error: only supports modification of members" HOT 3
- Multiple mail aliases wont work HOT 10
- Issues with default? behavior for generating "id" value on created resources HOT 4
- Azure User Provisioning HOT 3
- Azure function HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scimgateway.