search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

[SCIM2] attempting to specify middleName causes "Error in adding the user: abc123 to the user store. Cannot access the directory context or user already exists in the system for user" #3473

Closed hauntingEcho closed 3 weeks ago

hauntingEcho commented 6 years ago

When attempting to create a user on IS 5.6.0, with the default claim mappings & SCIM endpoint security turned off, with the command:

curl -k -H "Content-Type: application/json" -d "{"password": "asdfasdfa","name": {"familyName": "what", "givenName":"hi", "middleName":"hello"},"userName":"abc123"}" https://localhost:9443/scim2/Users

the response received is:

{"schemas":"urn:ietf:params:scim:api:messages:2.0:Error","detail":"Error in adding the user: abc123 to the user store. Cannot access the directory context or user already exists in the system for user :abc123","status":"500"}

and no console output is visible from the WSO2 server.

However, when removing the middleName field & issuing:

curl -k -H "Content-Type: application/json" -d "{"password": "asdfasdfa","name": {"familyName": "wvenName":"hi"},"userName":"abc123"}" https://localhost:9443/scim2/Users

the response is:

{"meta":{"created":"2018-07-25T10:17:02Z","location":"https://localhost:9443/scim2/Users/a054664f-7f5b-40b6-ac6f-a63942c050ef","lastModified":"2018-07-25T10:17:02Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"name":{"familyName":"what","givenName":"hi"},"id":"a054664f-7f5b-40b6-ac6f-a63942c050ef","userName":"abc123"}

name.middleName is specified in RFC 7643 section 4.1.1, so it shouldn't cause errors like this. In addition, unexpected parameters should be silently ignored per RFC 7644 section 3.3: "Since the server is free to alter and/or ignore POSTed content, returning the full representation can be useful to the client, enabling it to correlate the client's and server's views of the new resource."

isharak commented 3 weeks ago

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!