Hi, Currently in Identity Server when the local mapped claims of SCIM claims are WSO2 identity claims, those claims are not getting updated in SCIM related operations.
In IdentityStoreEventListener, most of the user related operations are intercepted such that identity claims can be handled separately. It validates the claim URI to be of the type of an identity claim URI before storing the claims in IdentityDataStore [2]. In the claim maps we pass to the user-store manager from SCIM operations, the claim URIs belong to the SCIM claim dialect [1]. When the claim URI is of SCIM dialect, it will get skipped from IdentityStoreEventListener validations. Hence we cannot map SCIM claims to identity claims internally. As a solution to this, before passing the claim values to user-store manager for user related operations (e.g. add user, update user) we can convert the claims URIs to the mapped claims in local dialect. In SCIM PUT operation, we delete each user claim separately before updating user claim values [3]. However intercepting delete user claim values ( doPreDeleteUserClaimValue /doPostDeleteUserClaimValue) are not supported in IdentityStoreEventListener currently. Therefore it is not possible to update Identity claims via SCIM PUT operation. As possible solutions to this issue we have following two options. 1. Implement doPreDeleteUserClaimValue/doPostDeleteUserClaimValue methods in IdentityStoreEventListener. 2. Skip Identity Claims when deleting existing claims before setting the new claims in SCIM PUT operation as the doPreSetUserClaimValues() in IdentityStoreEventListener will replace the existing claims with the new claims. Appreciate your suggestions on this. [1] https://github.com/wso2-extensions/identity-inbound-provisioning-scim/blob/master/components/org.wso2.carbon.identity.scim.provider/src/main/java/org/wso2/carbon/identity/scim/provider/impl/SCIMUserManager.java#L191 [2] https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/listener/IdentityStoreEventListener.java#L107 [3] https://github.com/wso2-extensions/identity-inbound-provisioning-scim/blob/master/components/org.wso2.carbon.identity.scim.provider/src/main/java/org/wso2/carbon/identity/scim/provider/impl/SCIMUserManager.java#L510 [4] https://github.com/wso2-extensions/identity-governance/blob/master/components/org.wso2.carbon.identity.governance/src/main/java/org/wso2/carbon/identity/governance/listener/IdentityStoreEventListener.java#L203 Thanks. Sathya -- Sathya Bandara Software Engineer WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032> <+94%2071%20411%205032>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
