Hi Indunil, Please refer following mail in Architecture [1]. Seems Sathya is going to provide SCIM support for admin users by generating admin users' SCIM userId. After this implementation it seems this issue will be fixed.
[1] mail : [Architecture] [IS] SCIM Support for Admin Users Thanks, Hasanthi Dissanayake Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/> On Fri, Jul 21, 2017 at 2:11 PM, Gayan Gunawardana <[email protected]> wrote: > > > On Fri, Jul 21, 2017 at 2:06 PM, Indunil Upeksha Rathnayake < > [email protected]> wrote: > >> Hi, >> >> I have checked followings with IS 5.3.0 WUM updated pack. >> >> 1) List users >> curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users >> Result: *{"Errors":[{"description":"Users not found in the user >> store.","code":"404"}]}* >> >> 2) Filter admin user >> curl -v -k --user admin:admin https://localhost:9443/wso2/sc >> im/Users?filter=userName+Eq+%22admin%22 >> Result: >> *{"schemas":["urn:scim:schemas:core:1.0"],"totalResults":1,"Resources":[{"userName":"admin"}]}* >> >> Seems like there is a contradiction here. When listing all the users, >> admin user details won't retrieved, but retrieved with the filtering. Since >> admin user doesn't have a SCIM ID, it shouldn't retrieved in any scenarios. >> WDT? >> > Yes so filter command should not return admin user if it doesn't have SCIM > ID. > >> >> Thanks and Regards >> >> >> On Fri, Nov 6, 2015 at 9:33 AM, Nadeesha Meegoda <[email protected]> >> wrote: >> >>> Thanks Chamila. Unerstood! >>> >>> On Thu, Nov 5, 2015 at 9:48 PM, Chamila Wijayarathna <[email protected]> >>> wrote: >>> >>>> Hi Nadeesha, >>>> >>>> As I mentioned in my previous mail, super admin and tenant admin are >>>> not created with a SCIM ID, so you can't retrieve them using SCIM GET. >>>> >>>> I was suggesting above request to get other users of tenant, if you are >>>> interested, since the command you were using previously for retrieving >>>> tenant users were wrong. >>>> >>>> Thanks >>>> >>>> On Thu, Nov 5, 2015 at 5:03 PM, Nadeesha Meegoda <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> So I requested to get the SCIM ID as what Chamila mentioned by the >>>>> following command >>>>> curl -v -k --user [email protected]:123456 https://localhost:9443/wso2/sc >>>>> im/Users?filter=userNameEqtenant >>>>> >>>>> But still this doesn't give any result only a http 404 error. So >>>>> tenant admins also are considered for the special flaw? >>>>> >>>>> On Thu, Nov 5, 2015 at 3:41 PM, Gayan Gunawardana <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Thu, Nov 5, 2015 at 3:13 PM, Darshana Gunawardana < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Nov 5, 2015 at 12:45 PM, Gayan Gunawardana <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Nov 5, 2015 at 11:26 AM, Chamila Wijayarathna < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Nadeesha, >>>>>>>>> >>>>>>>>> When creating super admin or tenant admin users, they don't get >>>>>>>>> created with a SCIM ID since they are considered as special users in >>>>>>>>> IS. >>>>>>>>> Because of this when listing users through scim, those users will not >>>>>>>>> get >>>>>>>>> listed. >>>>>>>>> But if you want, you can add a SCIM ID manually by updating the >>>>>>>>> user and then you will be able to list the also as SCIM Users. >>>>>>>>> >>>>>>>>> When listing users of tenants, you need to use credentials of >>>>>>>>> tenant admin users. When sending SCIM request with admin:admin, you >>>>>>>>> will >>>>>>>>> only see users at super tenant. Also for filter, don't use @ >>>>>>>>> tenant.com, because if u logged in as tenant admin and list >>>>>>>>> users, there you won't see user name with @tenant.com, so your >>>>>>>>> curl command to filter a user at tenant should be as follows. >>>>>>>>> >>>>>>>>> curl -v -k --user [email protected]:admin123 http >>>>>>>>> s://localhost:9443/wso2/scim/Users?filter=userNameEqtenant >>>>>>>>> <https://localhost:9443/wso2/scim/[email protected]> >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> >>>>>>>>> On Wed, Nov 4, 2015 at 8:40 PM, Nadeesha Meegoda < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Chamila, >>>>>>>>>> >>>>>>>>>> I'm using the embedded ldap which comes default in IS. In that >>>>>>>>>> SCIM comes enabled as default. >>>>>>>>>> >>>>>>>>>> On Wed, Nov 4, 2015 at 6:27 PM, Chamila Wijayarathna < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Nadeesha, >>>>>>>>>>> >>>>>>>>>>> What is the value of SCIMEnabled configuration in your >>>>>>>>>>> user-mgt.xml? >>>>>>>>>>> >>>>>>>>>>> Are you using LDAP or JDBC user store manager? >>>>>>>>>>> >>>>>>>>>> @Chamila >>>>>>>> >>>>>>>> admin user is added in very fist server start up by calling >>>>>>>> "addInitialAdminData" in AbstractUserStoreManager. In embedded ldap >>>>>>>> scenario concrete "doAddUser" method will be invoked in >>>>>>>> ReadWriteLDAPUserStoreManager so user will be directly added to user >>>>>>>> store >>>>>>>> without going through SCIM listener (without going through any >>>>>>>> listener). >>>>>>>> Since there is no SCIM listener engagement SCIM ID will not be added to >>>>>>>> user store. >>>>>>>> >>>>>>>> I am not sure about we are not getting SCIM ID just because of >>>>>>>> admin user is a special user or kind of implementation we have right >>>>>>>> now. >>>>>>>> >>>>>>> >>>>>>> Chamila checked with me on this and he meant admin user is special >>>>>>> due to the same reason you explained above. Basically admin user is >>>>>>> created >>>>>>> through special flow compared to normal users. >>>>>>> >>>>>> If we generate SCIM ID even in that special flaw. Is that correct ? >>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>>> >>>>>>>> Adding Johann. >>>>>>>> >>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> >>>>>>>>>>> On Wed, Nov 4, 2015 at 6:20 PM, Nadeesha Meegoda < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi IS Team, >>>>>>>>>>>> >>>>>>>>>>>> I was trying to filter and get admin users SCIM ID and failed, >>>>>>>>>>>> even tried for tenant admin and still I couldn't filter and get >>>>>>>>>>>> the SCIM ID >>>>>>>>>>>> >>>>>>>>>>>> Command used : >>>>>>>>>>>> curl -v -k --user admin:admin https://localhost:9443/wso2/sc >>>>>>>>>>>> im/Users?filter=userNameEqadmin >>>>>>>>>>>> curl -v -k --user admin:admin https://localhost:9443/wso2/sc >>>>>>>>>>>> im/[email protected] >>>>>>>>>>>> >>>>>>>>>>>> Searching through the jira found out that in the past, listing >>>>>>>>>>>> admin users as scim users were removed as per [1] >>>>>>>>>>>> >>>>>>>>>>>> How can we filter and get the admin/tenant admin SCIM ID? >>>>>>>>>>>> >>>>>>>>>>>> [1] - https://wso2.org/jira/browse/IDENTITY-503 >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Nadeesha Meegoda* >>>>>>>>>>>> Software Engineer - QA >>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>> email : [email protected] >>>>>>>>>>>> mobile: +94783639540 >>>>>>>>>>>> <%2B94%2077%202273555> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Chamila Dilshan Wijayarathna,* >>>>>>>>>>> Software Engineer >>>>>>>>>>> Mobile:(+94)788193620 >>>>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Nadeesha Meegoda* >>>>>>>>>> Software Engineer - QA >>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>> lean.enterprise.middleware >>>>>>>>>> email : [email protected] >>>>>>>>>> mobile: +94783639540 >>>>>>>>>> <%2B94%2077%202273555> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Chamila Dilshan Wijayarathna,* >>>>>>>>> Software Engineer >>>>>>>>> Mobile:(+94)788193620 >>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> >>>>>>> >>>>>>> *Darshana Gunawardana*Senior Software Engineer >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> >>>>>>> *E-mail: [email protected] <[email protected]>* >>>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . >>>>>>> Middleware >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Gayan Gunawardana >>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>> Email: [email protected] >>>>>> Mobile: +94 (71) 8020933 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Nadeesha Meegoda* >>>>> Software Engineer - QA >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> email : [email protected] >>>>> mobile: +94783639540 >>>>> <%2B94%2077%202273555> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Chamila Dilshan Wijayarathna,* >>>> Software Engineer >>>> Mobile:(+94)788193620 >>>> WSO2 Inc., http://wso2.com/ >>>> >>> >>> >>> >>> -- >>> *Nadeesha Meegoda* >>> Software Engineer - QA >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> email : [email protected] >>> mobile: +94783639540 >>> <%2B94%2077%202273555> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Indunil Upeksha Rathnayake >> Software Engineer | WSO2 Inc >> Email [email protected] >> Mobile 0772182255 >> > > > > -- > Gayan Gunawardana > Senior Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
