Hi Tharindu,
I tested this scenario on 5.4.1 updated pack and this scenario was working
properly. Please find the curl commands i executed below.
*PATCH ADD request*
curl -v -k --user admin:admin -X PATCH -d
'{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"displayName":"display"}}]}'
--header "Content-Type:application/json"
https://localhost:9443/scim2/Users/6a66ad20-3686-476c-a401-84cd47b05699
*Response *
200 Ok
{"emails":[{"type":"other","value":"[email protected]
"},{"type":"home","value":"[email protected]
"}],"meta":{"created":"2018-03-17T15:01:42Z","location":"
https://localhost:9443/scim2/Users/6a66ad20-3686-476c-a401-84cd47b05699
","lastModified":"2018-03-17T15:27:00Z"},"displayName":"display","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"EnterpriseUser":{"manager":{"displayName":"display"}},"name":{"familyName":"jackson"},"id":"6a66ad20-3686-476c-a401-84cd47b05699","userName":"kim3"}
However this also updates enterprise schema User displayName attribute as
both schemas:core:2.0:User and scim:schemas:extension:enterprise:2.0:User
has a displayName attribute mapped to WSO2 local claim
http://wso2.org/claims/displayName.
I could reproduce the behavior explained by Tharindu when I tried to PATCH
an existing attribute along with a non-existing attribute (both scenarios
worked correctly when executed independently) it failed with 500 Internal
Server error giving below stack trace.
Caused by: org.wso2.carbon.user.core.UserStoreException: One or more
attributes you are trying to add/update are not supported by underlying
LDAP for user : kim3
at
org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.handleException(ReadWriteLDAPUserStoreManager.java:2126)
at
org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doDeleteUserClaimValue(ReadWriteLDAPUserStoreManager.java:1103)
at
org.wso2.carbon.user.core.common.AbstractUserStoreManager.deleteUserClaimValue(AbstractUserStoreManager.java:1497)
... 66 more
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error
code 16 - NO_SUCH_ATTRIBUTE: failed for Modify Request
Object : 'uid=kim3,ou=Users,dc=wso2,dc=org'
Modification[0]
Operation : delete
Modification
displayName: (null)
: ERR_55 Trying to remove an non-existant attribute: ATTRIBUTE_TYPE (
2.16.840.1.113730.3.1.241
NAME 'displayName'
DESC RFC2798: preferred name to be used when displaying entries
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications
We need to investigate further to find out the exact cause. Created a
github issue to track this [1]
[1] https://github.com/wso2/product-is/issues/2978
Thanks.
Sathya
On Fri, Mar 16, 2018 at 3:16 PM, Tharindu Malawaraarachchi <
[email protected]> wrote:
> Hi all,
>
> I have been using SCIM 2.0 REST API of the wso2 Identity Server for
> testing my Ballerina SCIM 2.0 connector and I encountered some issues in
> the Identity Server SCIM implementation.
>
>
> - When I try to update some of the attributes of Identity Server
> resource User, it gives an internal server error and removes many of the
> attributes of the specified user. Please refer the below case.
>
>
> This is the existing User in the Identity Server User store.
>
>
>
> I try to update the displayName of this user by sending a PATCH request
> to https://localhost:9443/scim2/Users/1a3e769d-cbd3-
> 475d-abef-ce275ab22c4e
> <https://localhost:9443/scim2/Users/98951f31-e595-4b53-842e-d928c1396a4a> with
> a json body.
>
>
>
> Ideally, this should update the relevant field but instead gives an error.
>
>
> Further, it *removes many of the other fields from the specified User* in
> the user store.
> Now the specified User would look like below.
>
>
> This same issue happens when for few other attributes like emails,
> externalId, and userType when try to execute a PATCH request.
> --
> *Tharindu Malawaraarachchi*
> Software Engineer | WSO2
>
> [email protected]
> +94 719340143 <+94%2071%20934%200143>
> https://www.linkedin.com/in/tharindun/
>
>
--
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
<+94%2071%20411%205032>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
