search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

Role filtering based on displayName should do the value comparison in a case-insensitive manner #12556

Closed AnuradhaSK closed 2 years ago

AnuradhaSK commented 3 years ago

Describe the issue:

displayName attribute of Role Resouce has caseExact = false characteristic. Thus, when finding matching role resources based on displayname, the displayname comparison needs to be done in a case-insensitive manner.

https://datatracker.ietf.org/doc/html/rfc7644#page-22

 When comparing attributes of type String, the case sensitivity for
   String type attributes SHALL be determined by the attribute's
   "caseExact" characteristic

How to reproduce:

  1. create a role 
    curl --location --request POST 'https://localhost:9443/scim2/Roles' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Content-Type: application/json' \
--data-raw '{
"displayName": "Developers",
"schemas": [
    "urn:ietf:params:scim:schemas:extension:2.0:Role"
]
}'
  2. Filter roles by displayname which contains 'dev'

GET request to search 

curl --location --request GET 'https://localhost:9443/scim2/Roles?count=3&filter=displayName%20co%20dev' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='

POST request to search

curl --location --request POST 'https://localhost:9443/scim2/Roles/.search' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' \
--header 'Content-Type: application/json' \
--data-raw '{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:SearchRequest"
    ],
    "filter": "displayName co dev"

}'

This returns 0 results, but it should return the above role. If you change the filter as displayName co Dev, the above-created role will be returned.

Expected behavior: Currently supported filters for role endpoint are co, eq, sw, ew We can filter role by displayname with above filters and

Environment information (Please complete the following information; remove any unnecessary fields) :

mpmadhavig commented 2 years ago

caseExact attribute can be changed using the database collation properties as per the user's preference. Please try changing the property and monitor the behaviour.

Closing the issue since its a feature.