Different SCIM ID returns while create duplicate user while provision users only to external SCIM 1.1 supported system (Dumb Mode)

[Thumimku]

Environment configuration OS : Ubuntu 18.04 Primary Data store : Postgresql 10.5 Secondary Data store : Postgresql 10.5

Description While using following SCIM curl command to create user for external SCIM 1.1 supported system(external IS) via dumb node(Internal IS), user is created. While using same command again (create duplicate user with same username) different SCIM id returns. In dumb node IS following error was printed

[2020-02-14 10:07:13,692] [6c1740f7-ab57-483c-8d2e-e0458b7a8c84] ERROR {org.wso2.carbon.identity.provisioning.ProvisioningThread} -  Provisioning for Entity Postgres/lenardo For operation = POST org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Error occurred while adding Provisioning entity for tenant 3
    at org.wso2.carbon.identity.provisioning.dao.ProvisioningManagementDAO.addProvisioningEntity(ProvisioningManagementDAO.java:95)
    at org.wso2.carbon.identity.provisioning.dao.CacheBackedProvisioningMgtDAO.addProvisioningEntity(CacheBackedProvisioningMgtDAO.java:58)
    at org.wso2.carbon.identity.provisioning.ProvisioningThread.storeProvisionedEntityIdentifier(ProvisioningThread.java:129)
    at org.wso2.carbon.identity.provisioning.ProvisioningThread.call(ProvisioningThread.java:83)
    at org.wso2.carbon.identity.provisioning.ProvisioningThread.call(ProvisioningThread.java:32)
    at org.wso2.carbon.identity.provisioning.OutboundProvisioningManager.executeOutboundProvisioning(OutboundProvisioningManager.java:612)
    at org.wso2.carbon.identity.provisioning.OutboundProvisioningManager.provision(OutboundProvisioningManager.java:588)
    at org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.provision(SCIMUserManager.java:1706)
    at org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.createUser(SCIMUserManager.java:151)
    at org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint.create(UserResourceEndpoint.java:161)
    at org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint.create(UserResourceEndpoint.java:230)
    at org.wso2.carbon.identity.scim.provider.resources.UserResource.createUser(UserResource.java:128)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:220)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.wso2.carbon.webapp.mgt.filter.AuthorizationHeaderFilter.doFilter(AuthorizationHeaderFilter.java:128)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:86)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:110)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:74)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
    at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:119)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "idp_provisioning_entity_entity_type_tenant_id_entity_local__key"
  Detail: Key (entity_type, tenant_id, entity_local_userstore, entity_name, provisioning_config_id)=(USER, 3, POSTGRES, lenardo, 40) already exists.
    at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2510)
    at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2245)
    at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:311)
    at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:447)
    at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:368)
    at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:159)
    at org.postgresql.jdbc.PgPreparedStatement.execute(PgPreparedStatement.java:148)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.tomcat.jdbc.pool.StatementFacade$StatementProxy.invoke(StatementFacade.java:114)
    at com.sun.proxy.$Proxy53.execute(Unknown Source)
    at org.wso2.carbon.identity.provisioning.dao.ProvisioningManagementDAO.addProvisioningEntity(ProvisioningManagementDAO.java:90)
    ... 73 more

Please not that second scim id is duplicate id, not usable for update user. This error also occur when creating duplicate groups using SCIM 1.1

Method to reproduce the issue

• Configure Postgresql 10.5 as shared db and identity db
• Create a tenant
• Configure postgresql 10.5 as secondary store
• Configure external SCIM 1.1 supported system (another IS instance) as identity provider
• Configure outbound provisioning to external IS
• Configure inbound provisioning as dumb node
• Use following command to create user

  curl -v -k --user test@oneexample.com:testt --data '{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"Postgres/marcoopolop","password":"hasinitg","emails":[{"primary":true,"value":"hasini_home.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

  Response

  {"emails":[{"type":"home","value":"hasini_home.com"},{"type":"work","value":"hasini_work.com"}],"meta":{"created":"2020-02-14T14:02:00","location":"https://localhost:9443/wso2/scim/Users/05e69acb-8835-4549-8c3d-efa0720fa068","lastModified":"2020-02-14T14:02:00"},"schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"id":"05e69acb-8835-4549-8c3d-efa0720fa068","userName":"Postgres/marcoopolop"}

• Use above command to create user again

  curl -v -k --user test@oneexample.com:testt --data '{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"Postgres/marcoopolop","password":"hasinitg","emails":[{"primary":true,"value":"hasini_home.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

  Response

  {"emails":[{"type":"home","value":"hasini_home.com"},{"type":"work","value":"hasini_work.com"}],"meta":{"created":"2020-02-14T14:03:06","location":"https://localhost:9443/wso2/scim/Users/1d650b22-bf10-46a2-8480-3541afcdce66","lastModified":"2020-02-14T14:03:06"},"schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"id":"1d650b22-bf10-46a2-8480-3541afcdce66","userName":"Postgres/marcoopolop"}

[isharak]

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!