search

Captain-P-Goldfish / SCIM-SDK

a scim implementation as described in RFC7643 and RFC7644
https://github.com/Captain-P-Goldfish/SCIM/wiki
BSD 3-Clause "New" or "Revised" License
122 stars 38 forks source link

Patch add operation with MsAzure patch complex-attribute-value reference workaround fails for string value #686

Closed vojtechpustovka closed 3 months ago

vojtechpustovka commented 4 months ago

I have a SCIM request from Microsoft Entra that looks like this:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "add",
      "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager",
      "value": "2c2f6fb8-254f-492e-b7fe-c09c5a61c8a2"
    }
  ]
}

and the MsAzure patch complex-attribute-value workaround enabled:

.patchConfig(PatchConfig.builder()
                        .supported(true)
                        .activateMsAzureComplexSimpleValueWorkaround(true)
                        .build())

I would expect this request to go through successfully, but I am getting

{
  "detail" : "Value for attribute 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager' must be an object but was '\"2c2f6fb8-254f-492e-b7fe-c09c5a61c8a2\"'",
  "schemas" : [ "urn:ietf:params:scim:api:messages:2.0:Error" ],
  "status" : 400
}
Captain-P-Goldfish commented 4 months ago

No, the error is correct.

The patch request must look like this:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "add",
      "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager",
      "value": {
           "value": "2c2f6fb8-254f-492e-b7fe-c09c5a61c8a2"
      } 
    }
  ]
}

or this

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "add",
      "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value",
      "value": "2c2f6fb8-254f-492e-b7fe-c09c5a61c8a2"
    }
  ]
}

The manager-attribute is an object containing several attributes. So if you try to assign a value to manager the API won't know to which subAttribute the value should be assigned. In this specific case it is probably the value-attribute of the manager

vojtechpustovka commented 4 months ago

I disagree. This is exactly what https://github.com/Captain-P-Goldfish/SCIM-SDK/wiki/Support-for-MS-Azure-requests#support-for-msazure-patch-complex-attribute-value-reference is supposed to handle. It is a known Entra issue.

I already proposed a fix for this. It is caused by an unfortunate side-effect of how Java works with JSON.

Captain-P-Goldfish commented 4 months ago

sorry, I read the issue too fast and was missing the important parts. Dancing on too many weedings at the moment :-)

vojtechpustovka commented 3 months ago

Opened a new PR as requested. https://github.com/Captain-P-Goldfish/SCIM-SDK/pull/691. Sorry for the confusion.