search

jelhub / scimgateway

Using SCIM protocol as a gateway for user provisioning to other endpoints
MIT License
173 stars 56 forks source link

No schemas included for /Users objects #44

Closed mbluteau44 closed 3 years ago

mbluteau44 commented 3 years ago

Hi,

I am using 3.2.9

I can return /Users and /Groups, however, unlike the test rest/loki plugin, I get no User Schema in response(null):

{"Resources":[[{"uri":"/principal/internal/user/adam.arnold","id":"11","userName":"adam.arnold","type":"user","AlternateId":"ec29f73d-ec39-4327-9e35-13c0d21b2021","IdP":"internal"},null],[{"uri":"/principal/internal/user/pjones","id":"10","userName":"pjones","type":"user","AlternateId":"236ef0fc-0915-43a0-bbcf-1bdf0fe0d6d7","IdP":"internal"},null], "totalResults":6,"itemsPerPage":6,"startIndex":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"meta":{"resourceType":"User"}}

This is my ExploreUser js: // ================================================= // exploreUsers // ================================================= scimgateway.exploreUsers = async (baseEntity, attributes, startIndex, count) => { const action = 'exploreUsers' scimgateway.logger.debug(${pluginName}[${baseEntity}] handling "${action}" attributes=${attributes} startIndex=${startIndex} count=${count}) const ret = { // itemsPerPage will be set by scimgateway Resources: [], totalResults: null } const method = 'GET' const path = /principal?verbose=true&depth=5&page_size=50&page_number=1 const authorization ='Bearer '+access_token const options = { headers: { 'Authorization': authorization , // body must be query string formatted (no JSON) 'Content-Type': 'application/json' , // body must be query string formatted (no JSON) 'Accept': 'application/json' // body must be query string formatted (no JSON) } } const body = authorization // const body = JSON.stringify(data) try { const response = await doRequest(baseEntity, method, path, body,options) const res = JSON.stringify(response.body) const obj = JSON.parse(res) // const err = new Error(Response message: ${response.statusMessage} - ${JSON.stringify(response.body)}) console.log('User Count :'+obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length) // throw (err) if (response.statusCode < 200 || response.statusCode > 299) { const err = new Error(Error message: ${response.statusMessage} - ${JSON.stringify(response.body)} - ${access_token}) throw (err) } else if (!response.body.IdentityProviders) { const err = new Error(${action}: Got empty response on REST request) throw (err) } if (!startIndex && !count) { // client request without paging startIndex = 1 count = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length } console.log('count = '+count)

const arrAttr = attributes.split(',')

// const arrAttr = parsedAttr.split(',') for (let index = startIndex - 1; index < obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length && (index + 1 - startIndex) < count; ++index) { const retObj = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index] console.log('endpointMapper test : '+scimgateway.endpointMapper('inbound', 'Uri', scimgateway.endpointMap.SecretsSafeUser) ) console.log('endpointMapper test : '+scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) ) let parsedAttr = scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) //const [scimUser] = scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) if (!attributes) ret.Resources.push(parsedAttr) else { // return according to attributes (userName or externalId should normally be included and id=userName/externalId) console.log('EEEEEEEEEEEEEEEEEE else 154') let found = false const obj = {} for (let i = 0; i < arrAttr.length; i++) { const key = arrAttr[i].split('.')[0] // title => title, name.familyName => name if (retObj[key]) { obj[key] = retObj[key] found = true } } if (found) ret.Resources.push(obj) } } // not needed if client or endpoint do not support paging ret.totalResults = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length ret.startIndex = startIndex return ret // all explored users } catch (err) { const newErr = err throw newErr } }

jelhub commented 3 years ago

Hi,

Your result: 

{
  "Resources": [
    [
      {
        ...
      },
      null
    ],
    [
      {
        ...
      },
      null
    ] ==> missing - copy/paste typo?
  ],
  ...
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  ...
}

schemas are included, but the Resources array contains array elements and not object elements.

You are using endpointMapper that returns an array having [result, error]

You should change: let parsedAttr = scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) to: const [parsedAttr, err] = scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) if (err) throw err

Regards, Jarle

mbluteau44 commented 3 years ago

I ended up using something like the ExploreGroups etc: for (let index = startIndex - 1; index < obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'].length && (index + 1 - startIndex) < count; ++index) { const retObj = obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index] console.log('endpointMapper test : '+scimgateway.endpointMapper('inbound', 'Uri', scimgateway.endpointMap.SecretsSafeUser) ) console.log('endpointMapper test : '+scimgateway.endpointMapper('inbound', retObj, scimgateway.endpointMap.SecretsSafeUser) )

  if (obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].Uri) {
    const scimUser = { // displayName and id is mandatory, note: we set id=displayName
      uniqueid: obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].ID,
      id: obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].Name,
      externalId: obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].RemoteId,
      UserName: obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].Name,
      uri: obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].Uri,
      type: obj['IdentityProviders'][0]['PrincipalTypes'][0]['Users'][index].Type,
      schemas: ["urn:ietf:params:scim:schemas:core:2.0:User"],
"meta": {"resourceType": "User"}
}
        ret.Resources.push(scimUser) // { id: <id-group>> , displayName: <displayName-group>, members [{value: <id-user>}] }
  }
mbluteau44 commented 3 years ago

I believe that with the restful example, it is getting the schemas attributes straight from loki db via the gateway. I could be wrong.

jelhub commented 3 years ago

exploreUsers should return all users.

Using SCIM v2, schemas should be urn:ietf:params:scim:api:messages:2.0:ListResponse and we don't need to include schemas/resourceType on each object like you mention.

Nor do loki/restful plugin, they both returns:

{
  "Resources": [
    {
      ...
    },
    {
      ...
    }
  ],
  "totalResults": 2,
  "itemsPerPage": 2,
  "startIndex": 1,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "meta": {
    "resourceType": "User"
  }
}
mbluteau44 commented 3 years ago

Thanks Jarle,

I will keep investigating.

I am trying to provide a response that will be accepted by SailPoint.

I am supporting also SCIM vs Saviynt, Oracle, Omada, etc. I am trying to leverage the scim gateway to SCIM enable some Apps without SCIM.

Best regards, Michel

From: Jarle Elshaug @.> Sent: August 11, 2021 1:02 PM To: jelhub/scimgateway @.> Cc: Michel Bluteau @.>; Author @.> Subject: Re: [jelhub/scimgateway] No schemas included for /Users objects (#44)

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

exploreUsers should return all users.

Using SCIM v2, schemas should be urn:ietf:params:scim:api:messages:2.0:ListResponse and we don't need to include schemas/resourceType on each object like you mention.

Nor do loki/restful plugin, they both returns:

{

"Resources": [

    {

      ...

    },

    {

      ...

    }

],

"totalResults": 2,

"itemsPerPage": 2,

"startIndex": 1,

"schemas": [

    "urn:ietf:params:scim:api:messages:2.0:ListResponse"

],

"meta": {

    "resourceType": "User"

}

}

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/jelhub/scimgateway/issues/44*issuecomment-896994759__;Iw!!GAuxx38R6fLb!YBJ-XpeARG5kDxW_Ose1z8pyDIfLaDsVTdoN_XzsP7jJ0iT6bIV_oiMOPI93mjf8FMg$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AOQ45QLDK3LO453DDMQSXA3T4KUIBANCNFSM5B4NYQNQ__;!!GAuxx38R6fLb!YBJ-XpeARG5kDxW_Ose1z8pyDIfLaDsVTdoN_XzsP7jJ0iT6bIV_oiMOPI93T22oSCA$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!GAuxx38R6fLb!YBJ-XpeARG5kDxW_Ose1z8pyDIfLaDsVTdoN_XzsP7jJ0iT6bIV_oiMOPI93214c_GE$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email__;!!GAuxx38R6fLb!YBJ-XpeARG5kDxW_Ose1z8pyDIfLaDsVTdoN_XzsP7jJ0iT6bIV_oiMOPI93EHP98WU$.

jelhub commented 3 years ago

SCIM specification seems not to be clear on this topic.

I have found examples for what I have mentioned, but also found examples for what you have mentioned (schemas defined on each object listed in Resources). If you have verified that SailPoint require on each object, I then need to fix this.

I probably need to fix it anyhow...

mbluteau44 commented 3 years ago

I am working with IdentityNow(SaaS) and it is not completely documented.

The only doc they have is: https://community.sailpoint.com/t5/IdentityNow-Connectors/SCIM-2-0-Source-Configuration-Reference-Guide/ta-p/72362

I have a case open with Sailpoint Support because they don’t seem to properly accept the response for /Users. I have a working one for another product with SCIM already, and the only difference is the order of elements(Resources before totalResults).

Also, Sailpoint is expecting additional responses like /Groups/Entitlements…I will try to capture these, and see if I can figure out how to add these calls myself.

Best regards, Michel

From: Jarle Elshaug @.> Sent: August 11, 2021 4:20 PM To: jelhub/scimgateway @.> Cc: Michel Bluteau @.>; Author @.> Subject: Re: [jelhub/scimgateway] No schemas included for /Users objects (#44)

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

SCIM specification seems not to be clear on this topic.

I have found examples for what I have mentioned, but also found examples for what you have mentioned (schemas defined on each object listed in Resources). If you have verified that SailPoint require on each object, I then need to fix this.

I probably need to fix it anyhow...

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/jelhub/scimgateway/issues/44*issuecomment-897124453__;Iw!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkfeojUqA$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AOQ45QPPRZL4QBJZRS3DDWDT4LLPJANCNFSM5B4NYQNQ__;!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkesBO7z8$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkAhsH-6E$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email__;!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkmVWOGqg$.

mbluteau44 commented 3 years ago

I got it working with Sailpoint(IdentityNow/SaaS). The extra meta(at the same level as Resources, totalResults, etc) was causing the issue.

I had to comment out a function in scimgateway: addSchemas Then I am just adding the ListResponse schema manually to the scimdata object

Now Aggregation works for Accounts.

If I look at the specification here: https://datatracker.ietf.org/doc/html/rfc7644

{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults":100, "itemsPerPage":10, "startIndex":1, "Resources":[ { "id":"2819c223-7f76-413861904646", "userName":"jsmith", "displayName":"Smith, James" }, { "id":"c8596b90-7539-4f20968d1908", "displayName":"Smith Family" }, ... ] }

There is no meta under the root level(where schemas, totalResults, Resources, are located).

Adding the schemas under the Resource objects does not seem to hurt. I modified the schemas based on a working SCIM example that included the schema for individual Resource objects. But this is probably not required.

Best regards, Michel

Ref(scimgateway.js under \my-scimgateway\node_modules\scimgateway\lib.: // scimdata = addSchemas(scimdata, handle.description, isScimv2) scimdata.itemsPerPage = 0 scimdata.schemas = ["urn:ietf:params:scim:api:messages:2.0:ListResponse"] console.log('scimdata from scimgateway.js before ctx.body 3 : '+JSON.stringify(scimdata))

From: Jarle Elshaug @.> Sent: August 11, 2021 4:20 PM To: jelhub/scimgateway @.> Cc: Michel Bluteau @.>; Author @.> Subject: Re: [jelhub/scimgateway] No schemas included for /Users objects (#44)

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

SCIM specification seems not to be clear on this topic.

I have found examples for what I have mentioned, but also found examples for what you have mentioned (schemas defined on each object listed in Resources). If you have verified that SailPoint require on each object, I then need to fix this.

I probably need to fix it anyhow...

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/jelhub/scimgateway/issues/44*issuecomment-897124453__;Iw!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkfeojUqA$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AOQ45QPPRZL4QBJZRS3DDWDT4LLPJANCNFSM5B4NYQNQ__;!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkesBO7z8$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkAhsH-6E$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email__;!!GAuxx38R6fLb!aq4OmD4zuTLuSxcg-9cvV50fbSzuy6CsPy_vDF1yfqwSL4Jtqoqn1Wen9qTkmVWOGqg$.

jelhub commented 3 years ago

v3.2.10 have now been published For SCIM version 2.0 schemas/Resourctype will be included on each object in Resources

Jarle

jelhub commented 3 years ago

Sorry, did not see your previous update. Will look into it...

jelhub commented 3 years ago

What you mentioned in your updated is also fixed in v.3.2.10

Jarle

mbluteau44 commented 3 years ago

FYI I just tried to remove both schemas and meta, but Sailpoint gives me an error: Error openconnector.ConnectorException: schemaId is null

With schemas alone added back to objects, same error.

With meta alone, this seems to be sufficient. Success. No error.

But to be on the safe side, it does not hurt to have both meta and schemas.

I will keep investigating the requirements for other types of objects etc.

Minimum: { "Resources": [ { "id": "adam.arnold", "userName": "adam.arnold", "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Developers", "$ref": "/principal/internal/group/Developers", "display": "Developers", "type": "direct" } ] }, { "id": "pjones", "userName": "pjones", "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Developers", "$ref": "/principal/internal/group/Developers", "display": "Developers", "type": "direct" } ] }, { "id": "amiller", "userName": "amiller", "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Admins", "$ref": "/principal/internal/group/Admins", "display": "Admins", "type": "direct" } ] }, { "id": "mdavis", "userName": "mdavis", "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Developers", "$ref": "/principal/internal/group/Developers", "display": "Developers", "type": "direct" } ] }, { "id": "mbluteau", "userName": "mbluteau", "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Admins", "$ref": "/principal/internal/group/Admins", "display": "Admins", "type": "direct" } ] }, { "id": "root", "userName": "root", "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/root", "$ref": "/principal/internal/group/root", "display": "root", "type": "direct" } ] } ], "totalResults": 6, "itemsPerPage": 0, "startIndex": 1, "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ] }

Probably safer: { "Resources": [ { "id": "adam.arnold", "userName": "adam.arnold", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Developers", "$ref": "/principal/internal/group/Developers", "display": "Developers", "type": "direct" } ] }, { "id": "pjones", "userName": "pjones", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Developers", "$ref": "/principal/internal/group/Developers", "display": "Developers", "type": "direct" } ] }, { "id": "amiller", "userName": "amiller", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Admins", "$ref": "/principal/internal/group/Admins", "display": "Admins", "type": "direct" } ] }, { "id": "mdavis", "userName": "mdavis", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Developers", "$ref": "/principal/internal/group/Developers", "display": "Developers", "type": "direct" } ] }, { "id": "mbluteau", "userName": "mbluteau", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/Admins", "$ref": "/principal/internal/group/Admins", "display": "Admins", "type": "direct" } ] }, { "id": "root", "userName": "root", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "meta": { "resourceType": "User" }, "groups": [ { "value": "/principal/internal/group/root", "$ref": "/principal/internal/group/root", "display": "root", "type": "direct" } ] } ], "totalResults": 6, "itemsPerPage": 0, "startIndex": 1, "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ] }

From: Jarle Elshaug @.> Sent: August 13, 2021 8:41 AM To: jelhub/scimgateway @.> Cc: Michel Bluteau @.>; Author @.> Subject: Re: [jelhub/scimgateway] No schemas included for /Users objects (#44)

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Sorry, did not see your previous update. Will look into it...

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/jelhub/scimgateway/issues/44*issuecomment-898430684__;Iw!!GAuxx38R6fLb!YAn5aUjU3wkx7hjqSEUXaaWDaSKIT7GbnTP6bjmg_ak0xbqhHXc1fpTQristCh4uXg8$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AOQ45QKBSDMZ6YF56CTJXFLT4UHEZANCNFSM5B4NYQNQ__;!!GAuxx38R6fLb!YAn5aUjU3wkx7hjqSEUXaaWDaSKIT7GbnTP6bjmg_ak0xbqhHXc1fpTQristVy90dek$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!GAuxx38R6fLb!YAn5aUjU3wkx7hjqSEUXaaWDaSKIT7GbnTP6bjmg_ak0xbqhHXc1fpTQristSYjOg-w$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email__;!!GAuxx38R6fLb!YAn5aUjU3wkx7hjqSEUXaaWDaSKIT7GbnTP6bjmg_ak0xbqhHXc1fpTQristACaLu94$.

jelhub commented 3 years ago

Just try v.3.2.10 without any custom schema/meta logic in your plugin and report back on status.

mbluteau44 commented 3 years ago

Hi Jarle,

I just completed the upgrade, I removed all the schema/meta logic, and Yes this is working.

I am getting the expected format with both meta and schemas at the object level. No meta at the root.

Thank you very much.

From: Jarle Elshaug @.> Sent: August 13, 2021 9:09 AM To: jelhub/scimgateway @.> Cc: Michel Bluteau @.>; Author @.> Subject: Re: [jelhub/scimgateway] No schemas included for /Users objects (#44)

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Just try v.3.2.10 without any custom schema/meta logic in your plugin and report back on status.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/jelhub/scimgateway/issues/44*issuecomment-898446267__;Iw!!GAuxx38R6fLb!Z5Cf-JXZcaECeCWn1YnX2PA5ZLSEBya6iN1URGJKYkcoTqiYzNueMbM9ohnSjoHtnbs$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AOQ45QJLSW2PAWVX6SJBWJLT4UKPPANCNFSM5B4NYQNQ__;!!GAuxx38R6fLb!Z5Cf-JXZcaECeCWn1YnX2PA5ZLSEBya6iN1URGJKYkcoTqiYzNueMbM9ohnSGHS-5rg$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!GAuxx38R6fLb!Z5Cf-JXZcaECeCWn1YnX2PA5ZLSEBya6iN1URGJKYkcoTqiYzNueMbM9ohnSF_9Bx84$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email__;!!GAuxx38R6fLb!Z5Cf-JXZcaECeCWn1YnX2PA5ZLSEBya6iN1URGJKYkcoTqiYzNueMbM9ohnSpyek7TQ$.

jelhub commented 3 years ago

That was good. Just for curiosity, what other IdP's have you successfully integrated using SCIM Gateway? I would like to update the validated IdP list.

Thanks, Jarle

mbluteau44 commented 3 years ago

Hi Jarle,

I am part of the Integrations Team at BeyondTrust. I am responsible to maintain and evolve our integrations with our top partners, amongst them Identity partners.

Sailpoint is the one that is the most advanced I am also working with Oracle, Omada, Saviynt, and others.

My goal is to expand the list of calls, for example I just added /PrivilegedData on top of /Users and /Groups. I will also add Container and ContainerPermissions. The goal is to get granular vs permissions, at least for visibility.

I am planning to test both BeyondTrust and 3rd party products with scimgateway. We have a mix of products that have SCIM or don’t have SCIM.

So I should be providing a lot of feedback shortly.

Best regards, Michel

From: Jarle Elshaug @.> Sent: August 13, 2021 11:50 AM To: jelhub/scimgateway @.> Cc: Michel Bluteau @.>; Author @.> Subject: Re: [jelhub/scimgateway] No schemas included for /Users objects (#44)

This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

That was good. Just for curiosity, what other IdP's have you successfully integrated using SCIM Gateway? I would like to update the validated IdP list.

Thanks, Jarle

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/jelhub/scimgateway/issues/44*issuecomment-898557149__;Iw!!GAuxx38R6fLb!ZSdtHpvRBqQ6cwLnio71KfOgBxBs3LUv18EW5cth9_Soi0tXKOU6gvKRW1MPh-nPnq4$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AOQ45QJHAV6GS6FELYO3G4DT4U5LTANCNFSM5B4NYQNQ__;!!GAuxx38R6fLb!ZSdtHpvRBqQ6cwLnio71KfOgBxBs3LUv18EW5cth9_Soi0tXKOU6gvKRW1MPlVWdBsw$. Triage notifications on the go with GitHub Mobile for iOShttps://urldefense.com/v3/__https:/apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675__;!!GAuxx38R6fLb!ZSdtHpvRBqQ6cwLnio71KfOgBxBs3LUv18EW5cth9_Soi0tXKOU6gvKRW1MPNsj8Tnw$ or Androidhttps://urldefense.com/v3/__https:/play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email__;!!GAuxx38R6fLb!ZSdtHpvRBqQ6cwLnio71KfOgBxBs3LUv18EW5cth9_Soi0tXKOU6gvKRW1MPu2ccrh4$.