search

Captain-P-Goldfish / scim-for-keycloak

a third party module that extends keycloak by SCIM functionality
BSD 3-Clause "New" or "Revised" License
183 stars 47 forks source link

Azure AD SCIM 2.0 protocol compliance #26

Closed JessThrysoee closed 2 years ago

JessThrysoee commented 2 years ago

Azure AD has a feature flag for closer SCIM 2.0 protocol compliance

On Use-with-Microsoft-Azure-AD in step 5, perhaps suggest adding the aadOptscim062020 query param in the provisioning, to fix some of the Patch behaviour, e.g

Tenant URL = https://your.keycloak-server.ch/auth/realms/beta/scim/v2/?aadOptscim062020

A similar suggestion is probably appropriate in SCIM-SDK on Support-for-MS-Azure-requests ?

Captain-P-Goldfish commented 2 years ago

I checked on the microsoft documentation and most cases are not releavant anymore because they are supported by SCIM-SDK 1.12.1 except for one specific case. A patch-operation of the following form:

{
          "op": "replace",
          "value": {
              "displayName": "Bjfe",
              "name.givenName": "Kkom",
              "name.familyName": "Unua",
              "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber": "Aklq"
          }
      }

would still ignore the attributes name.givenNameand name.familyName. All other cases should be supported even without the extra parameter or am I wrong?