User implementation of groups attribute incorrect

Hi, You are probably right regarding SCIM spec, but scimgateway gives the flexibility to let plugin decide most of the behavior, and plugin-code is fully managed and customized.

There are only a few attributes that scimgateway actually cares about and these are: id, userName, externalId, displayName (for groups). These must be used correct. All other attributes that may be included will be passed as-is to plugin (does not either check any SCIM Schema)

There are endpoints and use cases where "groups are member of user" fits better than "user member of group"

For PUT this behavior is not default. You actually have to configure scim.usePutGroupMemberOfUser=true to allow this behavior.

How PATCH and POST handle user object attributes is decided by customized plugin-code. All attributes that come are passed to plugin without any restrictions, including any user groups attribute.

For some of the example plugins that are included we have:

plugin-loki: don't care about attributes and naming, what comes will be used.

plugin-azure-ad (config file decides attributes and mapping): https://github.com/jelhub/scimgateway/blob/master/config/plugin-azure-ad.json#L112-L253

Allowed attributes must be defined in config mapping. There are no groups attribute mapping defined on user and it will be ignored.

plugin-ldap (default configured for AD and config file decides attributes and mapping): https://github.com/jelhub/scimgateway/blob/master/config/plugin-ldap.json#L153

Allowed attributes must be defined in config mapping. This plugin also allows groups as a user attribute. Removing this config will prevent this behavior.

plugin-sql (don't use config file for attributes and mapping, but instead hardcoded in plugin) https://github.com/jelhub/scimgateway/blob/master/lib/plugin-mssql.js#L301-L331

Only a few attributes are handled, and groups as a user attribute is not included.

jelhub / scimgateway

User implementation of groups attribute incorrect #96