Question: Configure roles attribute from azure ad + Bug: Content-Type, case sensitivity, 204 on patch about scimgateway HOT 5 CLOSED

Azure scimvalidator fully complient now fixed in v4.2.2

from scimgateway.

Hi,

#1)
You are right, in general attributes should be case insensitive.

#2)
Seems https://github.com/jelhub/scimgateway/blob/master/lib/scimgateway.js#L527 does not work any longer and now needs to be applied after the body have been set.

#3)
Validator should accept 204 when attributes query not been specified in request.

You may test:
PATCH /Users/bjensen
giving 204

PATCH /Users/bjensen?attributes=active,emails
giving 200 + attributes specified

PATCH /Users/bjensen?excludedAttributes=emails
giving 200 + all but excludedAttributes

PATCH SCIM definition:
On successful completion, the server either MUST return a 200 OK
response code and the entire resource within the response body,
subject to the "attributes" query parameter (see Section 3.9), or MAY
return HTTP status code 204 (No Content) and the appropriate response
headers for a successful PATCH request. The server MUST return a 200
OK if the "attributes" parameter is specified in the request.

#4)
Regarding:
"modifyUser can't handle operations where the identifier isn't the type, but the "primary" key, e.g. on roles"

For plugin-mongodb (and loki) the logic for arrays like roles are https://github.com/jelhub/scimgateway/blob/master/lib/plugin-mongodb.js#L359

If modified role have a value and type (if type defined) that match an existing role value/type then do nothing
else insert the modified role

Could you please describe a use case showing the problem

In general, do you have an IdP that fails on #1, #2 and #3 (except for the mentioned Microsoft validator)?
Are you going to build your own plugin, or is everything about the plugin-mongodb that comes with the gateway?

Regards,
Jarle

from scimgateway.

Assume #4 is also related to the Microsoft validator
I will look into it

from scimgateway.

Hi Jarle,

thanks so much first of all for your long answer. Sorry for my late response as well. I looked into v4.2.2 and i've seen you did #1, #2, #3 the 200 instead of 204 always and #4 as well.

So i can confirm, that the validator works now fine again. Thanks for the update!

Since you asked what i'm trying to achieve, i briefly tell you: For our company we just need a connection to the azure ad of our client. on our platform users should be created and updated whenever the ad is changed. normally i would integrate the data directly into my db, but i just wanted a quick gathering of the data of the azure and then write myself a cronjob which inserts all data into my own database afterwards, after each update.

then i just need 3 attributes from the user inserted. next step is to make sso possible and connect the ad of my client to this.

thanks again so much for your update.

if you have the feeling you can and want to help against payment on the connection sso and some questions, you can contact me over my github or [email protected].

from scimgateway.

Hi,
I have done some more adjustments.
Please use latest version v4.2.3

Regards,
Jarle

from scimgateway.