search

simpleidserver / SimpleIdServer

OpenID, OAuth 2.0, SCIM2.0, UMA2.0, FAPI, CIBA & OPENBANKING Framework for ASP.NET Core
https://simpleidserver.com/
Apache License 2.0
682 stars 90 forks source link

Cannot sync SCIM with Azure AD out of the box #733

Closed RobTF closed 2 months ago

RobTF commented 2 months ago

Hi,

This might be an issue on my end, however I have started a clean SCIM server from the template and connected it to Azure AD. When I run provisioning however I get the following exception;

SimpleIdServer.Scim.Exceptions.SCIMSchemaViolatedException: attribute primary is not recognized by the SCIM schema
   at SimpleIdServer.Scim.Helpers.RepresentationHelper.Resolve(KeyValuePair`2 kvp, SCIMSchema schema, ICollection`1 schemaAttributes)
   at SimpleIdServer.Scim.Helpers.RepresentationHelper.Resolve(JObject json, SCIMSchema schema, ICollection`1 schemaAttributes)
   at SimpleIdServer.Scim.Helpers.RepresentationHelper.BuildAttributes(JArray jArr, SCIMSchemaAttribute schemaAttribute, SCIMSchema schema, Boolean ignoreUnsupportedCanonicalValues)
   at SimpleIdServer.Scim.Helpers.RepresentationHelper.BuildRepresentationAttributes(ResolutionResult resolutionResult, ICollection`1 allSchemaAttributes, Boolean ignoreUnsupportedCanonicalValues, Boolean ignoreDefaultAttrs)
   at SimpleIdServer.Scim.Helpers.RepresentationHelper.BuildRepresentation(JObject json, String externalId, SCIMSchema mainSchema, ICollection`1 extensionSchemas, Boolean ignoreUnsupportedCanonicalValues)
   at SimpleIdServer.Scim.Helpers.RepresentationHelper.ExtractSCIMRepresentationFromJSON(JObject json, String externalId, SCIMSchema mainSchema, ICollection`1 extensionSchemas)
   at SimpleIdServer.Scim.Commands.Handlers.AddRepresentationCommandHandler.Handle(AddRepresentationCommand addRepresentationCommand)
   at SimpleIdServer.Scim.Api.BaseApiController.InternalAdd(RepresentationParameter jobj)

The Azure AD end is a default new application and I cannot see any reference to a "primary" attribute.

Have I missed something?

thanks!

RobTF commented 2 months ago

Ah, got it,

The "primary" attribute needs adding to the "addresses" part of the schema.

Should this be added by default to the schema files?

simpleidserver commented 2 months ago

Hello,

As per the RFC SCIM CORE SCHEMA the schema for user presentation does not include a primary property in the addresses section.

If you require this property, you can modify the UserSchema.json file and add the following property under the addresses section.

        {
          "name": "primary",
          "type": "boolean",
          "multiValued": false,
          "required": false,
          "mutability": "readWrite",
          "returned": "default",
          "uniqueness": "none",
          "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address.  The primary attribute value 'true' MUST appear no more than once."
        }

KR,

SID

RobTF commented 2 months ago

Thanks for confirming,

I was thinking maybe it needs a mention on this page as users might follow the tutorial and wonder why things aren't working.

simpleidserver commented 2 months ago

Indeed, I have created ticket #738 to update the documentation in the next release.

RobTF commented 2 months ago

Great!