search

limosa-io / laravel-scim-server

SCIM 2.0 Server implementation for Laravel
MIT License
47 stars 28 forks source link

Issues creating new user when "active" attribute is present in request #57

Closed fabtje closed 6 months ago

fabtje commented 6 months ago

Hello,

Summary I'm doing SCIM user provisioning tests using Postman and EntraID with SCIM Playground (https://scim.dev). It seems "api.scim.dev" API doesn't allow creation of user when we specify the "active" attribute. In "api.scim.dev" API Schema, it seems to indicate that the "active" attribute is "readWrite"

Encountered error message I'm encountering error stating that we cannot write to "active" attribute:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "Write to \"urn:ietf:params:scim:schemas:core:2.0:User:active\" is not supported",
  "status": 500
}

Schema

{
  "name": "active",
  "description": "A Boolean value indicating the User's administrative status.",
  "type": "boolean",
  "mutability": "readWrite",
  "returned": "default",
  "required": false,
  "multiValued": false,
  "caseExact": false
}

Tests Tested with Postman and EntraID. When removing "active" attribute from request (Postman), then the user creation occurs successfully. On EntraID side, it seems that the "active" attribute will always be part of requests (even if we remove attribute in Entra App schema and remove Attribute mapping).

Question When checking SCIM schema (api.scim.dev), it seems the "active" attributes should be "readWrite", could it be a bug in solution deployed on "api.scim.dev" that may wrongly consider that attribute to be "readOnly"?

Thanks to all people working on this solution, it allows to test and play with SCIM! Have an excellent end of Year, best regards, Fabrice

verasbr commented 6 months ago

I am also experiencing this issue around Entra ID, have not tried using postman or other methods. Also thanks for providing this platform it is invaluable for testing and understanding SCIM!

arietimmerman commented 6 months ago

Fixed it. Thanks for reporting. See https://scim.dev/playground/users.html#create-user If you are still facing issues, let me know.

fabtje commented 6 months ago

Thanks Arie for the correction. I've now tested and can confirm provisioning from EntraID is now working correctly. Thanks again for your help and for providing the scim.dev platform!

chosten commented 3 months ago

@arietimmerman How did you fix it ? I'm not using the playground but I have the same problem when Entra updates a user. Validation failed. Errors: [] Message: Write to "urn:ietf:params:scim:schemas:core:2.0:User:active" is not supported Body: {"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operation

Do I have to change something in SCIMConfig.php ?

chosten commented 3 months ago

I think I get it. Any attribute sent but not in the mapping of the SCIMConfig file results in an error.