New Resource Type - Githubissues

Captain-P-Goldfish / scim-for-keycloak

a third party module that extends keycloak by SCIM functionality

BSD 3-Clause "New" or "Revised" License

183 stars 47 forks source link

New Resource Type #54

Closed PavanDhariwal closed 6 months ago

PavanDhariwal commented 2 years ago

Hello,

Was wondering how we go about creating a new resource type via this plugin. According to the official docs, it is possible to add a new resource type, however I'm getting a missing schema error when attempting to post via Postman. Any ideas?

https://datatracker.ietf.org/doc/html/rfc7643#page-18 https://datatracker.ietf.org/doc/html/rfc7643#section-6

Thanks in advance.

Captain-P-Goldfish commented 2 years ago

Hi,

it is not possible to add new ResourceTypes during runtime. It is possible to add new ResourceTypes by extending the implementation. The Roles-ResourceType describes simply an example that it is possible to do so and how to do it. Keycloak does not provide an implementation that is generic enough to easily add new ResourceTypes during runtime.

PavanDhariwal commented 2 years ago

OK, thanks for the info. Is it possible to update a schema by adding another attribute?

Captain-P-Goldfish commented 2 years ago

not without sourceCode changes. It would be possible though to implement it for users dynamically. Since keycloak has the user-attribute table. Currently it is not possible but it one could extend the admin UI interface by making changes or by overriding the update-endpoint for schemas and then it would be possible to dynamically add new attributes during runtime.

PavanDhariwal commented 2 years ago

OK, makes sense. Instead of opening another issue, I have another question. When posting a user with a password to keycloak via a SCIM call, the user is successfully created, however, said user is unable to retrieve a token unless the password is set in Keycloak via the Admin UI. Is this a bug or am I doing something wrong?

Captain-P-Goldfish commented 2 years ago

just tried and it worked without a problem:

PATCH https://my-keycloak/auth/realms/master/scim/v2/Users/f451a7c5-15d8-4ad9-98a2-2043efce00a4
Authorization: [ey...]
Content-Type: application/json+scim

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "replace",
      "path": "password",
      "value": "654321"
    }
  ]
}

Did you activate the changePassword option?

keycloak-screen

PavanDhariwal commented 2 years ago

Perfect. Thank you. Where is a list of commands I can read?

Captain-P-Goldfish commented 2 years ago

what do you mean with list of commands?