Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
While testing the pagination and filter parameters for the SCIM /Users endpoint, it was noted that during the single-attribute filtering flow, omitting the count parameter while providing a startIndex value greater than 1 results in a 500 server error response.
Request:
curl --location --request GET 'https://localhost:9443/scim2/Users?startIndex=2&filter=urn%3Aietf%3Aparams%3Ascim%3Aschemas%3Aextension%3Aenterprise%3A2.0%3AUser%3AaccountLocked%20eq%20%22true%22' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='
Response:
<!doctype html>
<html lang="en">
<head>
<title>HTTP Status 500 – Internal Server Error</title>
<!-- . . . [omitted for brevity] . . . -->
<body>
<h1>HTTP Status 500 – Internal Server Error</h1>
</body>
</html>
The stack trace shows a ClassCastException:
[2024-06-04 21:43:04,479] [a14c04a4-8bcf-457f-b179-4c8b0743ac52] ERROR {org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/scim2].[SCIM2Servlet]} - Servlet.service() for servlet [SCIM2Servlet] in context with path [/scim2] threw exception java.lang.ClassCastException: org.wso2.carbon.user.core.common.User cannot be cast to java.lang.Comparable
at java.util.TreeMap.compare(TreeMap.java:1294)
at java.util.TreeMap.put(TreeMap.java:538)
at java.util.TreeSet.add(TreeSet.java:255)
at java.util.AbstractCollection.addAll(AbstractCollection.java:344)
at java.util.TreeSet.addAll(TreeSet.java:312)
at java.util.TreeSet.<init>(TreeSet.java:160)
at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.paginateUsers(SCIMUserManager.java:4143)
at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.filterUsersUsingLegacyAPIs(SCIMUserManager.java:1804)
at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.filterUsersBySingleAttribute(SCIMUserManager.java:1292)
at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.filterUsers(SCIMUserManager.java:1243)
at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.listUsersWithGET(SCIMUserManager.java:511)
at org.wso2.charon3.core.protocol.endpoints.UserResourceManager.listWithGET(UserResourceManager.java:354)
at org.wso2.carbon.identity.scim2.provider.resources.UserResource.getUser(UserResource.java:215)
. . . [omitted for brevity] . . .
This likely occurs because the TreeSet object being created [1] does not have a comparison function defined, unlike previously [2]. It appears this issue was addressed in a specific commit [3].
How to reproduce:
Set up an Identity Server instance.
Go to the Claim Configuration page (Claims > List > http://wso2.org/claims) and enable 'Supported by Default' for the 'Account Locked' claim.
In the PRIMARY user store, create 3 users with 'Account Locked' set to 'true'.
Run the following cURL command:
curl --location --request GET 'https://localhost:9443/scim2/Users?startIndex=2&filter=urn%3Aietf%3Aparams%3Ascim%3Aschemas%3Aextension%3Aenterprise%3A2.0%3AUser%3AaccountLocked%20eq%20%22true%22' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='
Notice the 500 server error message in HTML format, along with the ClassCastException in the carbon console.
Expected behavior:
There should not be an error when the pagination offset (startIndex) is greater than 1 in the single-attribute filtering flow.
Describe the issue:
While testing the pagination and filter parameters for the SCIM /Users endpoint, it was noted that during the single-attribute filtering flow, omitting the
countparameter while providing astartIndexvalue greater than 1 results in a 500 server error response.The stack trace shows a
ClassCastException:This likely occurs because the
TreeSetobject being created [1] does not have a comparison function defined, unlike previously [2]. It appears this issue was addressed in a specific commit [3].How to reproduce:
http://wso2.org/claims) and enable 'Supported by Default' for the 'Account Locked' claim.ClassCastExceptionin the carbon console.Expected behavior:
There should not be an error when the pagination offset (
startIndex) is greater than 1 in the single-attribute filtering flow.Environment information:
[1] https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/blob/v1.5.46/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java#L3872 [2] https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/blob/v1.5.46/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java#L3848-L3849 [3] https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/commit/5850fa51015d516a55c98fbc0ea87358a2740234#diff-73a583deac4360e8a5cff771ed84fa42f535a6deaace88053b8f039b2e6c26ec