Hi,
On Fri, Jul 21, 2017 at 2:29 PM, Gayan Gunawardana <[email protected]> wrote: > Whatever the implementation behavior should be identical among user list > command and user filter command. With new implementation if admin user has > SCIM ID it will be returned from both list and filter. > Yes. I have created a JIRA to handle this issue. [1] https://wso2.org/jira/browse/IDENTITY-6177 > On Fri, Jul 21, 2017 at 2:17 PM, Hasanthi Purnima Dissanayake < > [email protected]> wrote: > >> Hi Indunil, >> >> Please refer following mail in Architecture [1]. Seems Sathya is going to >> provide SCIM support for admin users by generating admin users' SCIM >> userId. After this implementation it seems this issue will be fixed. >> >> [1] mail : [Architecture] [IS] SCIM Support for Admin Users >> >> Thanks, >> >> Hasanthi Dissanayake >> >> Software Engineer | WSO2 >> >> E: [email protected] >> M :0718407133| http://wso2.com <http://wso2.com/> >> >> On Fri, Jul 21, 2017 at 2:11 PM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> >>> >>> On Fri, Jul 21, 2017 at 2:06 PM, Indunil Upeksha Rathnayake < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I have checked followings with IS 5.3.0 WUM updated pack. >>>> >>>> 1) List users >>>> curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users >>>> Result: *{"Errors":[{"description":"Users not found in the user >>>> store.","code":"404"}]}* >>>> >>>> 2) Filter admin user >>>> curl -v -k --user admin:admin https://localhost:9443/wso2/sc >>>> im/Users?filter=userName+Eq+%22admin%22 >>>> Result: >>>> *{"schemas":["urn:scim:schemas:core:1.0"],"totalResults":1,"Resources":[{"userName":"admin"}]}* >>>> >>>> Seems like there is a contradiction here. When listing all the users, >>>> admin user details won't retrieved, but retrieved with the filtering. Since >>>> admin user doesn't have a SCIM ID, it shouldn't retrieved in any scenarios. >>>> WDT? >>>> >>> Yes so filter command should not return admin user if it doesn't have >>> SCIM ID. >>> >>>> >>>> Thanks and Regards >>>> >>>> >>>> On Fri, Nov 6, 2015 at 9:33 AM, Nadeesha Meegoda <[email protected]> >>>> wrote: >>>> >>>>> Thanks Chamila. Unerstood! >>>>> >>>>> On Thu, Nov 5, 2015 at 9:48 PM, Chamila Wijayarathna <[email protected] >>>>> > wrote: >>>>> >>>>>> Hi Nadeesha, >>>>>> >>>>>> As I mentioned in my previous mail, super admin and tenant admin are >>>>>> not created with a SCIM ID, so you can't retrieve them using SCIM GET. >>>>>> >>>>>> I was suggesting above request to get other users of tenant, if you >>>>>> are interested, since the command you were using previously for >>>>>> retrieving >>>>>> tenant users were wrong. >>>>>> >>>>>> Thanks >>>>>> >>>>>> On Thu, Nov 5, 2015 at 5:03 PM, Nadeesha Meegoda <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> So I requested to get the SCIM ID as what Chamila mentioned by the >>>>>>> following command >>>>>>> curl -v -k --user [email protected]:123456 >>>>>>> https://localhost:9443/wso2/scim/Users?filter=userNameEqtenant >>>>>>> >>>>>>> But still this doesn't give any result only a http 404 error. So >>>>>>> tenant admins also are considered for the special flaw? >>>>>>> >>>>>>> On Thu, Nov 5, 2015 at 3:41 PM, Gayan Gunawardana <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Nov 5, 2015 at 3:13 PM, Darshana Gunawardana < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Nov 5, 2015 at 12:45 PM, Gayan Gunawardana <[email protected] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Nov 5, 2015 at 11:26 AM, Chamila Wijayarathna < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Nadeesha, >>>>>>>>>>> >>>>>>>>>>> When creating super admin or tenant admin users, they don't get >>>>>>>>>>> created with a SCIM ID since they are considered as special users >>>>>>>>>>> in IS. >>>>>>>>>>> Because of this when listing users through scim, those users will >>>>>>>>>>> not get >>>>>>>>>>> listed. >>>>>>>>>>> But if you want, you can add a SCIM ID manually by updating the >>>>>>>>>>> user and then you will be able to list the also as SCIM Users. >>>>>>>>>>> >>>>>>>>>>> When listing users of tenants, you need to use credentials of >>>>>>>>>>> tenant admin users. When sending SCIM request with admin:admin, you >>>>>>>>>>> will >>>>>>>>>>> only see users at super tenant. Also for filter, don't use @ >>>>>>>>>>> tenant.com, because if u logged in as tenant admin and list >>>>>>>>>>> users, there you won't see user name with @tenant.com, so your >>>>>>>>>>> curl command to filter a user at tenant should be as follows. >>>>>>>>>>> >>>>>>>>>>> curl -v -k --user [email protected]:admin123 http >>>>>>>>>>> s://localhost:9443/wso2/scim/Users?filter=userNameEqtenant >>>>>>>>>>> <https://localhost:9443/wso2/scim/[email protected]> >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> >>>>>>>>>>> On Wed, Nov 4, 2015 at 8:40 PM, Nadeesha Meegoda < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Chamila, >>>>>>>>>>>> >>>>>>>>>>>> I'm using the embedded ldap which comes default in IS. In that >>>>>>>>>>>> SCIM comes enabled as default. >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Nov 4, 2015 at 6:27 PM, Chamila Wijayarathna < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Nadeesha, >>>>>>>>>>>>> >>>>>>>>>>>>> What is the value of SCIMEnabled configuration in your >>>>>>>>>>>>> user-mgt.xml? >>>>>>>>>>>>> >>>>>>>>>>>>> Are you using LDAP or JDBC user store manager? >>>>>>>>>>>>> >>>>>>>>>>>> @Chamila >>>>>>>>>> >>>>>>>>>> admin user is added in very fist server start up by calling >>>>>>>>>> "addInitialAdminData" in AbstractUserStoreManager. In embedded ldap >>>>>>>>>> scenario concrete "doAddUser" method will be invoked in >>>>>>>>>> ReadWriteLDAPUserStoreManager so user will be directly added to user >>>>>>>>>> store >>>>>>>>>> without going through SCIM listener (without going through any >>>>>>>>>> listener). >>>>>>>>>> Since there is no SCIM listener engagement SCIM ID will not be added >>>>>>>>>> to >>>>>>>>>> user store. >>>>>>>>>> >>>>>>>>>> I am not sure about we are not getting SCIM ID just because of >>>>>>>>>> admin user is a special user or kind of implementation we have right >>>>>>>>>> now. >>>>>>>>>> >>>>>>>>> >>>>>>>>> Chamila checked with me on this and he meant admin user is special >>>>>>>>> due to the same reason you explained above. Basically admin user is >>>>>>>>> created >>>>>>>>> through special flow compared to normal users. >>>>>>>>> >>>>>>>> If we generate SCIM ID even in that special flaw. Is that correct >>>>>>>> ? >>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Adding Johann. >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Nov 4, 2015 at 6:20 PM, Nadeesha Meegoda < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi IS Team, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I was trying to filter and get admin users SCIM ID and >>>>>>>>>>>>>> failed, even tried for tenant admin and still I couldn't filter >>>>>>>>>>>>>> and get the >>>>>>>>>>>>>> SCIM ID >>>>>>>>>>>>>> >>>>>>>>>>>>>> Command used : >>>>>>>>>>>>>> curl -v -k --user admin:admin https://localhost:9443/wso2/sc >>>>>>>>>>>>>> im/Users?filter=userNameEqadmin >>>>>>>>>>>>>> curl -v -k --user admin:admin https://localhost:9443/wso2/sc >>>>>>>>>>>>>> im/[email protected] >>>>>>>>>>>>>> >>>>>>>>>>>>>> Searching through the jira found out that in the past, >>>>>>>>>>>>>> listing admin users as scim users were removed as per [1] >>>>>>>>>>>>>> >>>>>>>>>>>>>> How can we filter and get the admin/tenant admin SCIM ID? >>>>>>>>>>>>>> >>>>>>>>>>>>>> [1] - https://wso2.org/jira/browse/IDENTITY-503 >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> *Nadeesha Meegoda* >>>>>>>>>>>>>> Software Engineer - QA >>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>> email : [email protected] >>>>>>>>>>>>>> mobile: +94783639540 >>>>>>>>>>>>>> <%2B94%2077%202273555> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> *Chamila Dilshan Wijayarathna,* >>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>> Mobile:(+94)788193620 >>>>>>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Nadeesha Meegoda* >>>>>>>>>>>> Software Engineer - QA >>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>> email : [email protected] >>>>>>>>>>>> mobile: +94783639540 >>>>>>>>>>>> <%2B94%2077%202273555> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Chamila Dilshan Wijayarathna,* >>>>>>>>>>> Software Engineer >>>>>>>>>>> Mobile:(+94)788193620 >>>>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Gayan Gunawardana >>>>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>>>> Email: [email protected] >>>>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> >>>>>>>>> *Darshana Gunawardana*Senior Software Engineer >>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>> >>>>>>>>> *E-mail: [email protected] <[email protected]>* >>>>>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . >>>>>>>>> Middleware >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: [email protected] >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Nadeesha Meegoda* >>>>>>> Software Engineer - QA >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> email : [email protected] >>>>>>> mobile: +94783639540 >>>>>>> <%2B94%2077%202273555> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Chamila Dilshan Wijayarathna,* >>>>>> Software Engineer >>>>>> Mobile:(+94)788193620 >>>>>> WSO2 Inc., http://wso2.com/ >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Nadeesha Meegoda* >>>>> Software Engineer - QA >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> email : [email protected] >>>>> mobile: +94783639540 >>>>> <%2B94%2077%202273555> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Indunil Upeksha Rathnayake >>>> Software Engineer | WSO2 Inc >>>> Email [email protected] >>>> Mobile 0772182255 >>>> >>> >>> >>> >>> -- >>> Gayan Gunawardana >>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > Gayan Gunawardana > Senior Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- Indunil Upeksha Rathnayake Software Engineer | WSO2 Inc Email [email protected] Mobile 0772182255
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
