search

Captain-P-Goldfish / scim-for-keycloak

a third party module that extends keycloak by SCIM functionality
BSD 3-Clause "New" or "Revised" License
182 stars 46 forks source link

MS Entra (Azure) sends boolean values ​​as a String with the capital first letter Issue #119

Closed DL-YYA closed 2 weeks ago

DL-YYA commented 2 weeks ago

Hi, I noticed that SCIM-SDK has fixed this issue in #664. So I was wondering if this fix will be included in the latest scim-for-keycloak-kc-24-2.2.0?

Captain-P-Goldfish commented 2 weeks ago

already added in the current SNAPSHOT versions today :-)

DL-YYA commented 2 weeks ago

Hi, I have installed the latest scim-for-keycloak-kc-24-2.2.0. tested with postman as follows:

{ "schemas":
       ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
     "Operations":[
       {
        "op":"Replace",
        "path":"active",
        "value":"False"
       }]
   }

But it didn't work, what do I need to configure in addition? The error log is as follows:

2024-06-20 02:26:07,520 TRACE [de.captaingoldfish.scim.sdk.common.utils.JsonHelper] (executor-thread-43) Trying to read json document: { "schemas":
       ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
     "Operations":[
       {
        "op":"Replace",
        "path":"active",
        "value":"False"
       }]
   }
2024-06-20 02:26:07,521 DEBUG [de.captaingoldfish.scim.sdk.keycloak.logger.RequestLogger] (executor-thread-43) REQUEST: 93f054b6-364b-41db-bb4f-9a1d7e0b9a2f
Realm: scim-test
PATCH https://***/scim/v2/Users/7268ca1f-5977-47da-a023-cb6dd120f59f
Accept: */*
User-Agent: PostmanRuntime/7.39.0
Connection: ¡®upgrade
X-Forwarded-Proto: https
Accept-Encoding: gzip, deflate, br
X-Forwarded-Port: 443
X-Amzn-Trace-Id: Root=1-6673933f-7d1962b6547814bc2069c2d9
Authorization: ***************
Cache-Control: no-cache
host: ***
X-Forwarded-For: ***
Postman-Token: 64a623fe-c7dc-4fe9-a71d-0c45632121c8
Content-Length: 195
Content-Type: application/scim+json

{
  "schemas" : [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
  "Operations" : [ {
    "op" : "Replace",
    "path" : "active",
    "value" : "False"
  } ]
}
2024-06-20 02:26:07,523 DEBUG [de.captaingoldfish.scim.sdk.keycloak.auth.Authentication] (executor-thread-43) user 'service-account-scim-client' was successfully authenticated
2024-06-20 02:26:07,526 TRACE [de.captaingoldfish.scim.sdk.common.utils.JsonHelper] (executor-thread-43) Trying to read json document: { "schemas":
       ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
     "Operations":[
       {
        "op":"Replace",
        "path":"active",
        "value":"False"
       }]
   }
2024-06-20 02:26:07,528 DEBUG [de.captaingoldfish.scim.sdk.server.endpoints.validation.ValidationContext] (executor-thread-43) Value of attribute 'urn:ietf:params:scim:schemas:core:2.0:User:active' is not of type 'boolean' but of type 'string' with value '"False"': de.captaingoldfish.scim.sdk.server.schemas.exceptions.AttributeValidationException: Value of attribute 'urn:ietf:params:scim:schemas:core:2.0:User:active' is not of type 'boolean' but of type 'string' with value '"False"'
        at de.captaingoldfish.scim.sdk.server.schemas.validation.SimpleAttributeValidator.parseNodeTypeAndValidate(SimpleAttributeValidator.java:153)
        at de.captaingoldfish.scim.sdk.server.schemas.validation.ValidationSelector.validateNode(ValidationSelector.java:85)
        at de.captaingoldfish.scim.sdk.server.schemas.validation.RequestAttributeValidator.validateAttribute(RequestAttributeValidator.java:40)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler$PatchValidations.validateCurrentAttribute(PatchRequestHandler.java:1018)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler$PatchValidations.access$1200(PatchRequestHandler.java:970)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler$AbstractPatchOperationHandler.handleSingleResourceField(PatchRequestHandler.java:484)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler$PatchPathHandler.handlePathOperation(PatchRequestHandler.java:758)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler$PatchPathHandler.access$300(PatchRequestHandler.java:701)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler.handleSinglePatchOperation(PatchRequestHandler.java:262)
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler.handlePatchRequest(PatchRequestHandler.java:215)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.lambda$patchResource$24(ResourceEndpointHandler.java:1024)
        at de.captaingoldfish.scim.sdk.server.interceptor.NoopInterceptor.doAround(NoopInterceptor.java:21)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.patchResource(ResourceEndpointHandler.java:1011)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.resolveRequest(ResourceEndpoint.java:295)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.handleRequest(ResourceEndpoint.java:194)
        at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.lambda$handleScimRequest$2(AbstractEndpoint.java:75)
        at de.captaingoldfish.scim.sdk.keycloak.scim.RetryStrategy.doWithRetries(RetryStrategy.java:71)
        at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.handleScimRequest(AbstractEndpoint.java:72)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint.handleScimRequest(ScimResourceServerEndpoint.java:124)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint.handleScimPatchRequest(ScimResourceServerEndpoint.java:89)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint$quarkusrestinvoker$handleScimPatchRequest_e58d4f8a5c56e81acada2ec0ef3ac16143e93153.invoke(Unknown Source)
        at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:840)

2024-06-20 02:26:07,528 DEBUG [de.captaingoldfish.scim.sdk.server.endpoints.validation.ValidationContext] (executor-thread-43) active: Value of attribute 'urn:ietf:params:scim:schemas:core:2.0:User:active' is not of type 'boolean' but of type 'string' with value '"False"'
2024-06-20 02:26:07,528 DEBUG [de.captaingoldfish.scim.sdk.common.response.ErrorResponse] (executor-thread-43) The request document contains errors: de.captaingoldfish.scim.sdk.server.endpoints.validation.RequestContextException: The request document contains errors
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler.handlePatchRequest(PatchRequestHandler.java:220)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.lambda$patchResource$24(ResourceEndpointHandler.java:1024)
        at de.captaingoldfish.scim.sdk.server.interceptor.NoopInterceptor.doAround(NoopInterceptor.java:21)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.patchResource(ResourceEndpointHandler.java:1011)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.resolveRequest(ResourceEndpoint.java:295)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.handleRequest(ResourceEndpoint.java:194)
        at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.lambda$handleScimRequest$2(AbstractEndpoint.java:75)
        at de.captaingoldfish.scim.sdk.keycloak.scim.RetryStrategy.doWithRetries(RetryStrategy.java:71)
        at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.handleScimRequest(AbstractEndpoint.java:72)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint.handleScimRequest(ScimResourceServerEndpoint.java:124)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint.handleScimPatchRequest(ScimResourceServerEndpoint.java:89)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint$quarkusrestinvoker$handleScimPatchRequest_e58d4f8a5c56e81acada2ec0ef3ac16143e93153.invoke(Unknown Source)
        at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:840)

2024-06-20 02:26:07,529 DEBUG [de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint] (executor-thread-43) Error-response, rolling back transaction
2024-06-20 02:26:07,529 DEBUG [de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint] (executor-thread-43) The request document contains errors: de.captaingoldfish.scim.sdk.server.endpoints.validation.RequestContextException: The request document contains errors
        at de.captaingoldfish.scim.sdk.server.patch.PatchRequestHandler.handlePatchRequest(PatchRequestHandler.java:220)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.lambda$patchResource$24(ResourceEndpointHandler.java:1024)
        at de.captaingoldfish.scim.sdk.server.interceptor.NoopInterceptor.doAround(NoopInterceptor.java:21)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpointHandler.patchResource(ResourceEndpointHandler.java:1011)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.resolveRequest(ResourceEndpoint.java:295)
        at de.captaingoldfish.scim.sdk.server.endpoints.ResourceEndpoint.handleRequest(ResourceEndpoint.java:194)
        at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.lambda$handleScimRequest$2(AbstractEndpoint.java:75)
        at de.captaingoldfish.scim.sdk.keycloak.scim.RetryStrategy.doWithRetries(RetryStrategy.java:71)
        at de.captaingoldfish.scim.sdk.keycloak.scim.AbstractEndpoint.handleScimRequest(AbstractEndpoint.java:72)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint.handleScimRequest(ScimResourceServerEndpoint.java:124)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint.handleScimPatchRequest(ScimResourceServerEndpoint.java:89)
        at de.captaingoldfish.scim.sdk.keycloak.scim.ScimResourceServerEndpoint$quarkusrestinvoker$handleScimPatchRequest_e58d4f8a5c56e81acada2ec0ef3ac16143e93153.invoke(Unknown Source)
        at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
        at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
        at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
        at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:582)
        at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
        at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
        at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
        at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:840)

2024-06-20 02:26:07,530 DEBUG [de.captaingoldfish.scim.sdk.keycloak.logger.RequestLogger] (executor-thread-43) RESPONSE: 93f054b6-364b-41db-bb4f-9a1d7e0b9a2f
Realm: scim-test
Status: 400

Content-Type: application/scim+json

{
  "detail" : "Value of attribute 'urn:ietf:params:scim:schemas:core:2.0:User:active' is not of type 'boolean' but of type 'string' with value '\"False\"'",
  "schemas" : [ "urn:ietf:params:scim:api:messages:2.0:Error" ],
  "status" : 400,
  "errors" : {
    "fieldErrors" : {
      "active" : [ "Value of attribute 'urn:ietf:params:scim:schemas:core:2.0:User:active' is not of type 'boolean' but of type 'string' with value '\"False\"'" ]
    }
  }
}
Captain-P-Goldfish commented 2 weeks ago

Hi,

I just tried again with kc23 and kc24 in version 2.2.0-SNAPSHOT

  1. downloaded the plugin from my website:
    • kc23 sha256 checksum: e17ae235a0fc13d784fb9767733f8856a812ea3a2933bfe37e0b22111559badf scim-for-keycloak-kc-23-2.2.0-SNAPSHOT-free.jar
    • kc24 sha256 checksum: 8a0a26550795e661c1749cf05ee8290e2d8412cf6135778ffca2affa1372aba5 scim-for-keycloak-kc-24-2.2.0-SNAPSHOT-free.jar
  2. and tried the following request with both versions:
    PATCH https://localhost:8444/realms/goldfish/scim/v2/Users/46f43caa-070b-471b-bb10-13a37422fc7e
    Content-Type: application/scim+json

    {
      "schemas" : [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ],
      "Operations" : [ {
        "op" : "replace",
        "path" : "active",
        "value" : "True"
      } ]
    }
result was:
    PATCH https://localhost:8444/realms/goldfish/scim/v2/Users/46f43caa-070b-471b-bb10-13a37422fc7e

    HTTP/2 204 No Content
    location: https://localhost:8444/realms/goldfish/scim/v2/Users/46f43caa-070b-471b-bb10-13a37422fc7e
    referrer-policy: no-referrer
    strict-transport-security: max-age=31536000; includeSubDomains
    x-content-type-options: nosniff
    x-xss-protection: 1; mode=block
    x-http2-stream-id: 3

    <Response body is empty>

    Response code: 204 (No Content); Time: 496ms (496 ms); Content length: 0 bytes (0 B)

please check if the checksum is matching the plugin artifact that you have currently installed

DL-YYA commented 2 weeks ago

Hi, I installed the latest JAR package and it worked, thanks!