Conversation
This commit adds the following endpoints to integrate with Entra ID - Schemas - ResourceTypes - ServiceProviderConfig
| MUTABILITY_READ_WRITE, RETURNED_DEFAULT, UNIQUENESS_SERVER, null, null), | ||
| attr("name", "complex", false, "User's full name", false, null, | ||
| MUTABILITY_READ_WRITE, RETURNED_DEFAULT, UNIQUENESS_NONE, null, | ||
| Arrays.asList(givenName, familyName)), |
There was a problem hiding this comment.
Is formatted attribute missing?
There was a problem hiding this comment.
Yes that and some others. I am still testing it and apparently failed to mark this as WIP.
Sorry for that. I was planning to ping you and @enricovianello once I can verify it actually works (currently it still fails some scim validation)
There was a problem hiding this comment.
I will ping you here once i have more completeness
There was a problem hiding this comment.
Hi @rmiccoli ,
Could you have another look? I have tested this with MS Entra ID and it works right now.
Mainly I had to change:
- iam-login-service/src/main/java/it/infn/mw/iam/api/scim/provisioning/ScimUserProvisioning.java needed to handle quotes as apparently that is expected by microsoft entra on setup and is standard
- And empty results should return 200 with empty list instead of 403 according to the SCIM RFCs
This is added eventhough it's set to Not Empty to avoid cases this might get executed before
- Enhanced SCIM Discovery Controller with improved schema and resource type definitions. - Ensured filter parameters are correctly handled and return appropriate error messages.
Remove 'password' attribute from SCIM Discovery and update related tests
https://www.rfc-editor.org/rfc/rfc7644 describes that we should return 200 with an empty list instead of 404
| if (operations == null) { | ||
| return true; | ||
| } | ||
|
|
| MUTABILITY_READ_WRITE, RETURNED_DEFAULT, UNIQUENESS_SERVER, null, null), | ||
| attr("name", "complex", false, "User's full name", false, null, | ||
| MUTABILITY_READ_WRITE, RETURNED_DEFAULT, UNIQUENESS_NONE, null, | ||
| Arrays.asList(givenName, familyName)), |
There was a problem hiding this comment.
Hi @rmiccoli ,
Could you have another look? I have tested this with MS Entra ID and it works right now.
Mainly I had to change:
- iam-login-service/src/main/java/it/infn/mw/iam/api/scim/provisioning/ScimUserProvisioning.java needed to handle quotes as apparently that is expected by microsoft entra on setup and is standard
- And empty results should return 200 with empty list instead of 403 according to the SCIM RFCs
3 participants
This commit adds the following endpoints to integrate with Entra ID
Adds:
Changes:
-User Provisioning Controller needed to handle quotes when SCIM GET is done as apparently that is expected by microsoft entra on setup and is standard
This PR addresses #408
Note that I am not a (good) Java Developer so let me know if anything is missing and I will update it. I also want to update the API docs but I don't know how so if someone can point me in the right direction, I can do that too.
This is being tested with https://scimvalidator.microsoft.com/ and Microsoft Entra ID directly but I wanted to get it out incase I am doing something horribly wrong before I wrap it up