Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-compliant Azure Patch Request on Add operation sends a simple User:manager attribute where scim-sdk (rightly) expects a complex attribute #541

Closed
rmartinsTGTG opened this issue Oct 30, 2023 · 2 comments
Closed

Non-compliant Azure Patch Request on Add operation sends a simple User:manager attribute where scim-sdk (rightly) expects a complex attribute #541

rmartinsTGTG opened this issue Oct 30, 2023 · 2 comments

Comments

@rmartinsTGTG
Copy link

rmartinsTGTG commented Oct 30, 2023
edited
Loading

I've come across an issue with a PATCH request coming in from an MS Azure SCIM client:

A PATCH request is received with this body:

{
    "Operations": [
        {
            "op": "Add",
            "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager",
            "value": "271"
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ]
}

which leads to this library correctly rejecting and throwing bad request exception here:
https://github.com/Captain-P-Goldfish/SCIM-SDK/blob/master/scim-sdk-server/src/main/java/de/captaingoldfish/scim/sdk/server/patch/PatchTargetHandler.java#L518

This issue reproduces with a patch config enabled with all the MsAzure workarounds:


        .patchConfig(PatchConfig.builder()
            .supported(true)
            .activateMsAzureWorkaround(true)
            .activateMsAzureValueSubAttributeWorkaround(true)
            .activateSailsPointWorkaround(true)
            .build())

I've also looked at the existing issues, which are similar but not quite the same, and they don't address this particular issue.
#516
#416

My question is:
Would it be possible to implement an additional MS Azure workaround to support this, similar to the others?
activateMsAzureWorkaround activateMsAzureValueSubAttributeWorkaround

The correct request would look like this:

{
    "Operations": [
        {
            "op": "Add",
            "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager",
            "value": {
                "value": "271"
            }
        }
    ],
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ]
}

The issue from Microsoft side is described in this ticket:
https://learn.microsoft.com/en-us/answers/questions/188003/scim-user-provisioning-setup-with-manager-attribut

but it's dragging for a long time and doesn't look like it's gaining traction for quite some time.

The link to the specification clearly states it's a complex attribute, of course:
https://datatracker.ietf.org/doc/html/rfc7643#section-4.3
@rmartinsTGTG rmartinsTGTG changed the title Non-compliant Azure Patch Request on Add operation sends a simple User:manager attribute where scim-sdk (rightly) expects a complex attribute Non-compliant Azure Patch Request on Add operation sends a simple User:manager attribute where scim-sdk (rightly) expects a complex attribute Oct 30, 2023
@Captain-P-Goldfish
Copy link
Owner

yes we can do this.

the workaround will be implemented like this:

  • if the path points to a complex attribute and the value is a simple value-node the node is wrapped in an object with the value-key-attribute. Just like you showed it in your example.

But I am starting to wonder why microsoft is not fixing their issues...

@rmartinsTGTG
Copy link
Author

Nice. Thanks for the quick reply!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Captain-P-Goldfish @rmartinsTGTG