isharak
commented
2 weeks ago This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!
Description: Improvement [1] provided support to have the primary flag for email and phone number as per SCIM 2.0 spec. This is only to store the primary flag. NOTE: However, for flows such as password recovery, the email address defined as "primary":true will not be taken into consideration. Instead, the email address available at http://wso2.org/claims/emailaddress will be used. [2]
For this feature we have to create distinct claims in the SCIM dialect. For example, if the primary attribute is to be used with home email address claim, then we have to create a new claim as urn:ietf:params:scim:schemas:core:2.0:User:emails#home.primary and http://wso2.org/claims/emails.home should be mapped to urn:ietf:params:scim:schemas:core:2.0:User:emails#home.primary claim.
In the SCIM2 request, we can send a complex email attribute without type identifiers.
When trying out the primary attribute for complex email attribute without type, I had to create the new claim as urn:ietf:params:scim:schemas:core:2.0:User:emails#null.primary (the reason for having null is as there is no type). Then the request and response will be as mentioned below.
Request: curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"weeraman","givenName":"dewni"},"userName":"dewni","password":"admin","emails":[{ "value": "dewni123@gmail.com", "primary":true},{ "value": "dewni@gmail.com", "type": "home"}, { "value": "dewni.work@wso2.com", "type": "work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
Response: {"emails":[{"type":"work","value":"dewni.work@wso2.com"},{"type":"null","primary":true},{"type":"home","value":"dewni@gmail.com"},"dewni123@gmail.com"],"meta":{"created":"2020-08-18T10:03:45.529125Z","location":"https://localhost:9443/scim2/Users/02681bce-8908-4530-bdda-63fb5073c3c9","lastModified":"2020-08-18T10:03:45.529125Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"dewni","familyName":"weeraman"},"id":"02681bce-8908-4530-bdda-63fb5073c3c9","userName":"dewni"}
In the code level it is needed to handle complex attributes without a type properly so that the type will not be returned as null.
Possible improvement for the response:
{"emails":[{"type":"work","value":"dewni.work@wso2.com"},{"value":"dewni123@gmail.com","primary":true},{"type":"home","value":"dewni@gmail.com"}],"meta":{"created":"2020-08-18T10:03:45.529125Z","location":"https://localhost:9443/scim2/Users/02681bce-8908-4530-bdda-63fb5073c3c9","lastModified":"2020-08-18T10:03:45.529125Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"dewni","familyName":"weeraman"},"id":"02681bce-8908-4530-bdda-63fb5073c3c9","userName":"dewni"}
Need to handle
type = nullproperly at https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/blob/master/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/utils/AttributeMapper.java#L137[1] https://github.com/wso2/product-is/issues/3823 [2] https://github.com/wso2/product-is/issues/15560