Comments (7)
This is a bit difficult. The specification says that some providers MAY include the common attributes. I intentionally built it like this for 2 reasons:
- It is easier to keep full control on your schema so you do not need to define attributes like
externalId
if you do not need it. - The schemas are only registered once in the
SchemaFactory
class. So if we create a simple new extension-schema for the user endpoint with new custom-attributes we probably do not want to have anid
orexternalId
and also no ameta
-Attribute definition on it.
If somehow possible I would ask the Azure support to support this case based on this snippet from the specification:
For backward compatibility, some existing schema definitions MAY list
common attributes as part of the schema. The attribute
characteristics (see [Section 2.2](https://datatracker.ietf.org/doc/html/rfc7643#section-2.2)) listed here SHALL take precedence
over older definitions that may be included in existing schemas.
RFC7643 section 3.1: https://datatracker.ietf.org/doc/html/rfc7643#section-3.1
Common Attributes
Each SCIM resource (Users, Groups, etc.) includes the following
common attributes. With the exception of the "ServiceProviderConfig"
and "ResourceType" server discovery endpoints and their associated
resources, these attributes MUST be defined for all resources,
including any extended resource types. When accepted by a service
provider (e.g., after a SCIM create), the attributes "id" and "meta"
(and its associated sub-attributes) MUST be assigned values by the
service provider. Common attributes are considered to be part of
every base resource schema and do not use their own "schemas" URI.
For backward compatibility, some existing schema definitions MAY list
common attributes as part of the schema. The attribute
characteristics (see [Section 2.2](https://datatracker.ietf.org/doc/html/rfc7643#section-2.2)) listed here SHALL take precedence
over older definitions that may be included in existing schemas.
id
A unique identifier for a SCIM resource as defined by the service
provider. Each representation of the resource MUST include a
non-empty "id" value. This identifier MUST be unique across the
SCIM service provider's entire set of resources. It MUST be a
stable, non-reassignable identifier that does not change when the
same resource is returned in subsequent requests. The value of
the "id" attribute is always issued by the service provider and
MUST NOT be specified by the client. The string "bulkId" is a
reserved keyword and MUST NOT be used within any unique identifier
value. The attribute characteristics are "caseExact" as "true", a
mutability of "readOnly", and a "returned" characteristic of
"always". See [Section 9](https://datatracker.ietf.org/doc/html/rfc7643#section-9) for additional considerations regarding
privacy.
If that is not possible some parts of the API need to be changed in order to get this to work.
from scim-sdk.
Unfortunatelly, I'm not working for Azure. I can try to send a request to their support team and ask, but I think it may take a while.
Could you recommend some kind of a workaround without changing of the API code?
from scim-sdk.
Is this happening when Azure is reading the /Schemas
endpoint?
It is possible to override the endpoint if you register it with your own definition. In this case you could extend the original endpoint and manipulate the outgoing result.
from scim-sdk.
you could do it like this:
resourceEndpoint.registerEndpoint(new MyCustomSchemaEndpointDefinition(resourceEndpoint.getResourceTypeFactory()));
you can see the original code-part in ResourceEndpointHandler
line 107
registerEndpoint(new SchemaEndpointDefinition(resourceTypeFactory));
from scim-sdk.
Is this happening when Azure is reading the
/Schemas
endpoint?
Yes
It is possible to override the endpoint if you register it with your own definition. In this case you could extend the original endpoint and manipulate the outgoing result.
Thank you, will try
from scim-sdk.
Here is a simple example how I would do it. It is important that the schema objects are getting copied!
public class CustomSchemasHandler extends SchemaHandler
{
public CustomSchemasHandler(ResourceTypeFactory resourceTypeFactory)
{
super(resourceTypeFactory);
}
@Override
public Schema getResource(String id,
List<SchemaAttribute> attributes,
List<SchemaAttribute> excludedAttributes,
Context context)
{
Schema registeredSchema = super.getResource(id, attributes, excludedAttributes, context);
Schema copiedSchema = JsonHelper.copyResourceToObject(registeredSchema, Schema.class);
return makeChangesToSchema(copiedSchema);
}
@Override
public PartialListResponse<Schema> listResources(long startIndex,
int count,
FilterNode filter,
SchemaAttribute sortBy,
SortOrder sortOrder,
List<SchemaAttribute> attributes,
List<SchemaAttribute> excludedAttributes,
Context context)
{
PartialListResponse<Schema> originalListResponse = super.listResources(startIndex,
count,
filter,
sortBy,
sortOrder,
attributes,
excludedAttributes,
context);
List<Schema> copiedSchemas = originalListResponse.getResources()
.stream()
.map(schema -> JsonHelper.copyResourceToObject(schema,
Schema.class))
.map(this::makeChangesToSchema)
.collect(Collectors.toList());
PartialListResponse<Schema> copiedListResponse = PartialListResponse.<Schema> builder()
.totalResults(originalListResponse.getTotalResults())
.resources(copiedSchemas)
.build();
return copiedListResponse;
}
/**
* TODO make adjustments to Schema
*/
private Schema makeChangesToSchema(Schema schema)
{
// TODO make adjustments to Schema
// ...
return schema;
}
}
from scim-sdk.
Thank you for your response
from scim-sdk.
Related Issues (20)
- Non-compliant Azure Patch Request on Add operation sends a simple User:manager attribute where scim-sdk (rightly) expects a complex attribute HOT 2
- Validation on response objects HOT 4
- Add transaction support HOT 9
- patch fails for complex-reference-type when using bulk
- ID missing after patch in update-method
- Allow Content-Type=application/json for incoming requests as SCIM server HOT 6
- Filtration/Pagination does not work as expected HOT 4
- Issue with concurrent Patch requests HOT 8
- With autoFiltering enabled, invalid compare operator causes Null Pointer Exception HOT 2
- Empty string in MsAzurePatchComplexValueRebuilder causes NullPointerException
- [Server] Patch request with invalid id causes Null Pointer Exception HOT 1
- [Server] Patch request without request body causes Null Pointer Exception
- MS Entra (Azure) sends boolean values as a String with the capital first letter HOT 5
- Patch for nonexistent user causes NPE - returns status 500 and logs exception with stack-trace
- Patch replace operation with MS Azure patch-filter-expression workaround deletes other items in a list HOT 12
- Patch "add" operation with MS Azure patch-filter-expression workaround add new record even if matching exists HOT 4
- Patch add operation with MsAzure patch complex-attribute-value reference workaround fails for string value HOT 4
- Enterprise User manager.value is required in the SDK even though it is not according to the SCIM RFC HOT 1
- Implementation of attributes and excludedAttributes in SearchRequest are not according to the SCIM RFC HOT 1
- Any example of project that has done server implementation? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scim-sdk.