Comments (18)
@AmitavaHazra - if I have understood what you are doing correctly, your earlier message suggested that you are running the sample application locally:
https://localhost:44326/scim/Users?filter=externalId eq testing1
Your Azure AD tenant will not synchronise its Identity Domain with an SCIM endpoint unless it is configured to, see Integrate your SCIM endpoint with the Azure AD.
It does this via server-to-server http requests, so cannot be configured to synchronise with a local instance unless you can somehow make your local instance available at a public DNS location.
from scimreferencecode.
The behavior is expected, SCIM is an API and as we didn't create a landing page that's the browser behavior. While the browser is still open, use the procedure described here to test it with Postman:
https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint
from scimreferencecode.
@marcusca10 , thanks for clarifying this.
Currently when I am triggering a Get request for a valid user form my Azure AD tenant I am getting below response form Postman.
Request:
https://localhost:44326/scim/Users?filter=externalId eq testing1
(testing1 = mailnickname)
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 0,
"itemsPerPage": 0,
"startIndex": null,
"Resources": []
}
Can you please comment why exactly it is not able to return user while authorization is working well.
PASS
Status code is 200
PASS
Id is requsted
from scimreferencecode.
Authorization is definitely fine, the reason is the filter "externalId eq testing1" does not find any user:
"totalResults": 0
Try ?filter=DisplayName+eq+%22BobIsAmazing%22
from scimreferencecode.
Hi,
But I am searching with correct mailnickname which is available in my azure tenanat. the user is present in azure ad but still its not returning.
from scimreferencecode.
For the original issue, I included Open API support to the web project in the following branch
open-api
Give it a try
from scimreferencecode.
@opatey ,
Thanks for your clarification. If I understood correctly I have to integrate this application in Azure AD.
Now I was integrating it using https://localhost:44356/scim/ as tenant URL and I kept security token blank . I got below error. Is it possible to test this with localhost ?
Also I used bearer token https://localhost:44356/scim/token in Security token but still no luck.
Can you please guide me here.
Error:
You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account.
Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
Details: We received this unexpected response from your application:
from scimreferencecode.
Thanks for this update. Now please help me to integrate it to Azure AD. Issue has been described on the above comments.
from scimreferencecode.
@opatey ,
I tested below two scenario.
-
I have hosted this sample reference app in app service and added https://microsoftscimwebhostsample20200519173539.azurewebsites.net/scim as tenant URL in enterprise application and kept security token blank. Post that provisioning is working as expected. But how can see those users in app ? currently provisioning log is showing that it provisioned users and group but not sure where to check in the application ?
-
While testing this in postman https://microsoftscimwebhostsample20200519173539.azurewebsites.net/scim/Users?filter=externalId eq amartya1
it has authentication issue since I am not able to generate bearer token using https://microsoftscimwebhostsample20200519173539.azurewebsites.net/scim/Token endpoint what I was able to do using localhost. It is showing 404 page not found error.
Can you anyone guide me on this ?
Any help is much appreciated.
from scimreferencecode.
I'm glad you managed to get the sample application provisioned with your users/groups successfully 🎉 that is all the functionality this project provides OOTB, the next step is up to you.
But how can see those users in app ? currently provisioning log is showing that it provisioned users and group but not sure where to check in the application ?
The idea is that you see the users in your existing application's user management area or database.
To do this, take a look at the sample application's In Memory Providers; you need to modify these classes (or register different implementations in the DI container) so that SCIM updates are merged into your own user model or database tables.
For example, my existing application is a .Net Core web application with existing code to create users. Once I had seen the integration working as you have, I put the WebHostSample application to one side and referenced the Microsoft.SystemForCrossDomainIdentityManagement assembly directly in my existing application.
IProvider
and IMonitor
get some implementations that are relevant to my specific architecture and away I go.
If you are trying to write a new app, this is not the best starting point. You want something more like Create a web app with authentication. This project can then help make it SCIM aware.
Phew! Hope this helps 🤞
from scimreferencecode.
@opatey ,
Thanks for your explanation. I will try to map those provide class with application DB.
But can you please tell me why I could not make request using app service hosted URL in postman
I mean my second question.
While testing this in postman https://microsoftscimwebhostsample20200519173539.azurewebsites.net/scim/Users?filter=externalId eq amartya1
it has authentication issue since I am not able to generate bearer token using https://microsoftscimwebhostsample20200519173539.azurewebsites.net/scim/Token endpoint what I was able to do using localhost. It is showing 404 page not found error.
Can you anyone guide me on this ?
from scimreferencecode.
@opatey , Hi,
I have created asp.net core MVC app for DB CRUD operation.
Reference:
https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/working-with-sql?view=aspnetcore-3.1&tabs=visual-studio
Now I have added reference for SCIM sample app.
..\..\..\Documents\SCIM_CONNECTOR\SCIMReference\SCIMReferenceCode-open-api\Microsoft.SystemForCrossDomainIdentityManagement\bin\Debug\netcoreapp3.1\Microsoft.SCIM.dllCode structure:
Data folder: MvcMovieContext.cs which is DB context class.
Model:
Movie model class which is nothing but representation of DB table.
Seed.cs ( this is just to update DB table)
Controller:
MovieController.cs which is handling all CRUD operation related code.
Unfortunately I am not getting how to use provider related class from Microsoft.SystemForCrossDomainIdentityManagement in my MVC app so that I can make this as SCIM aware.
Since you have done similar thing can you please help me bit more.
from scimreferencecode.
@AmitavaHazra - I am not sure why you are getting 404s from here: https://microsoftscimwebhostsample20200519173539.azurewebsites.net/scim/Token when it works for you locally.
I thought it might be an ASPNETCORE_ENVIRONMENT=Development/Production
difference, because the token endpoint absolutely should not be used in production. However /scim/token
is issuing bearer tokens in both modes, locally.
One thing I had to do (which you could try) is to remove the RootController class - I found that this controller handled some requests that it shouldn't. I'm not convinced this is your problem though, because I could reproduce it locally.
All this being said, even if you do manage to get the /scim/token
endpoint working, the resulting token cannot be accepted at the same time as Bearer tokens from Azure AD with the current code. The default authentication scheme can be configured to trust one, or the other, but not both.
The only other thing I can offer, is if you push this code:
I have created asp.net core MVC app for DB CRUD operation.
Reference:
https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/working-with-sql?view=aspnetcore-3.1&tabs=visual-studioNow I have added reference for SCIM sample app.
To a public repository and share a link, I will try and look over it for you to see if I can help with this specific aspect:
Unfortunately I am not getting how to use provider related class from Microsoft.SystemForCrossDomainIdentityManagement in my MVC app so that I can make this as SCIM aware.
from scimreferencecode.
I also cannot stress how important it is that you DO NOT deploy something publicly that is:
- Being sent information about your users from Azure AD via SCIM;
- Also accepts bearer tokens returned by
/scim/token
with no authentication.
This could make your entire organisation's mobile phone numbers publicly available.
from scimreferencecode.
@opatey ,
Actually I used default sample app offered from Microsoft.
https://docs.microsoft.com/en-us/aspnet/core/tutorials/first-mvc-app/working-with-sql?view=aspnetcore-3.1&tabs=visual-studio
If you can check sample code from MS it can also work.
from scimreferencecode.
@opatey ,
Here you go :)
https://github.com/AmitavaHazra/MvcMovieSCIM
It is just sample app from microsft which has DB injection and scaffolding in place. Please help me to make it SCIM aware.
Please change authentication method to None so that you can access it. it is configured as my Azure AD authentication (free trial subscription).
from scimreferencecode.
Please close this case.
from scimreferencecode.
Please close this case since original issue has been resolved. I will open further debug related issue on a new thread .
from scimreferencecode.
Related Issues (20)
- JWT Token with Issuer and Audience for One Azure Tenant Used by Another Tenant in SCIM Application
- Microsoft Azure Scim Provisioning Issue HOT 2
- Nugget package HOT 2
- [Closed]
- Core2EnterpriseUserExtensions Apply Patch does not patches Name Formatted
- Missing metadata update for 'Groups' provider
- Missing support for filter expressions
- Json Serialization/Deserialization Issues HOT 2
- Postman Test data field names does not match the Resource data field names [See the 1st comment for enhancement suggestion] HOT 2
- [Enhancement] Use AttributeFilter to use newtonsoft only on the scim controllers HOT 4
- Postman collection link outdated
- Pagination not working on GET /Users or /Groups HOT 1
- RequestExtensions.TryGetRequestIdentifier and overall usage of "correlationIdentifier"
- User patch (remove) request in sample does not verify schema for required attributes
- Status Code being set to 201 on PUT request HOT 1
- Autorization on Azure Ad failled
- Is TryGetRequestIdentifier() extension method incomplete?
- Question on 'value' in PatchOperation2Combined and the static Create() method vs assigning a value
- Handling of path and pathless patch operations
- Upgraded Target to Latest Net Core
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scimreferencecode.