search

simpleidserver / SimpleIdServer

OpenID, OAuth 2.0, SCIM2.0, UMA2.0, FAPI, CIBA & OPENBANKING Framework for ASP.NET Core
https://simpleidserver.com/
Apache License 2.0
708 stars 92 forks source link

Schema attributes should be case insensitive #515

Closed alexander-durovich-swi closed 1 year ago

alexander-durovich-swi commented 1 year ago

Hello,

We see that now schema attributes are not fully case insensitive.

Steps to reproduce:

  1. Prepare a valid request body, as an example for POST /Users:
POST https://api.ips.dev.sharedsvcs.system-monitor.com/Users
{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "userName": "Test10@test.com",
    "active": true,
    "meta": {
        "resourceType": "User"
    },
    "name": {
        "familyName": "fname",
        "givenName": "gname"
    },
    "roles": [{
        "value": "Member",
        "display": "Member"
    }]
}

  1. Change an attribute name written in camelCase, as example change familyName to any of [familyname, FAMILYNAME, familyNAME, fAmilyName]

  2. Send the request

Result:

there is an error:

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "status": "400",
    "scimType": "invalidValue",
    "detail": "required attributes urn:ietf:params:scim:schemas:core:2.0:User:name.familyName are missing. RequestId: 0HMPV3G43Q8J0:00000002"
}

Expected result:

It is said in RFC that Attribute names are case insensitive.

RFC 7644: System for Cross-domain Identity Management: Protocol

4.1.1.  Singular Attributes

   userName
      A service provider's unique identifier for the user, typically
      used by the user to directly authenticate to the service provider.
      Often displayed to the user as their unique identifier within the
      system (as opposed to "id" or "externalId", which are generally
      opaque and not user-friendly identifiers).  Each User MUST include
      a non-empty userName value.  This identifier MUST be unique across
      the service provider's entire set of Users.  This attribute is
      REQUIRED and is case insensitive.
7.  Schema Definition

   This section defines a way to specify the schema in use by resources
   available and accepted by a SCIM service provider.  For each
   "schemas" URI value, this schema specifies the defined attribute(s)
   and their characteristics (mutability, returnability, etc).  For
   every schema URI used in a resource object, there is a corresponding
   "Schema" resource.  "Schema" resources are not modifiable, and their
   associated attributes have a mutability of "readOnly".  Except for
   "id" (which is always returned), all attributes have a "returned"
   characteristic of "default".  Unless otherwise specified, all schema
   attributes are case insensitive.

Attribute names are case insensitive and are often "camel-cased"
   (e.g., "camelCase").  SCIM resources are represented in JSON
   [RFC7159] format and MUST specify schema via the "schemas" attribute
   per Section 3.

Earlier the similar problem was fixed partly: https://github.com/simpleidserver/SimpleIdServer/issues/319

Could you check it, please?

simpleidserver commented 1 year ago

Hello,

The issue is fixed in the master branch. A pre-release Nuget Package will be published this week.

KR,

SID

alexander-durovich-swi commented 1 year ago

Hello,

Ok, thank you very much.

Best Regards, Alex

alexander-durovich-swi commented 1 year ago

Hello,

Could you say when you plan to create the final 3.0.5 release version, please? (We are waiting for it)

Best Regards, Alex

simpleidserver commented 1 year ago

Hello,

The release 4.0.0 is published, it also contains the changes made on the branch release\3.0.5.

Kr,

Sid

alexander-durovich-swi commented 1 year ago

Hello,

Ok, thank you very much!

Best Regards, Alex