gluufederation / scim Goto Github PK

View Code? Open in Web Editor NEW

13.0 13.0 8.0 864 KB

SCIM server/client

License: Apache License 2.0

Java 99.82% ANTLR 0.18%

scim's People

Contributors

Stargazers

Watchers

Forkers

axandar flvc etsangsplk esfceoesfceo janisq cyberflamego axinf marcelthannhaeuser gowdarn

scim's Issues

Make the URN of the user extension parameterizable

Currently hardcoded: https://github.com/GluuFederation/scim/blob/version_4.3.0/scim-model/src/main/java/org/gluu/oxtrust/model/scim2/Constants.java#L21

Add a json config property using the hardcoded as default value

Remove usage of oxTrustActive

Historically, SCIM does not use gluuStatus attribute but oxTrustActive. The former has values active/inactive/... while the latter is just true/false, following exactly the format expected by the spec with regards to active attribute. SCIM has always done the required syncing between gluuStatus andoxTrustActive but there are external sources (eg. scripts) that can make both attributes go out of sync.

We have to evaluate the feasibility of removing oxTrustActive from schema.

UMA flow fails when key has associated an encryption algorithm

At the client side when the keyId provided does not correspond to a sig algorithm but enc , the given scim operation crashes. The same happens when no key is provided and the first key found in the keystore has an enc use.

enc keys should be rejected by throwing a self-explanatory error.

SCIM OpenAPI (swagger) specification fails to build c# client library

Hello!

I'm kinda new to a lot of this...

I need to add bulk users to Gluu 4.2.3 server

I've looked at the book "Securing the Perimeter" by Michael Schwartz & Maciej Machulak and the Gluu OXD and SCIM docs

For my purposes, I think the 'best' way is to use the SCIM API rather than LDAP and then refresh the cache. I hope to then re-use some of the code (or concepts) for user admin programs to come later.

Language of choice here is c# on windows with VS2015 and .NET 4.7.2

I'm trying to build a client library to use with SCIM scim/scim-server/src/main/resources/gluu-scim-openapi.yaml using https://app.swaggerhub.com

I downloaded an existing OXD c# client library from Swagger just to get the hang of things, then uploaded the 4.2.2 branch of
gluu-scim-openapi.yaml from GitHub and uploaded to Swagger (14 day trial) and downloaded the c# client library and tried to compile it.

But I get compile errors:

Restoring NuGet packages...
To prevent NuGet from restoring packages during build, open the Visual Studio Options dialog, click on the Package Manager node and uncheck 'Allow NuGet to download missing packages during build.'
NuGet package restore finished.
1>------ Rebuild All started: Project: IO.Swagger, Configuration: Debug Any CPU ------
1>Build started 6/4/2021 4:36:25 PM.
1>GenerateTargetFrameworkMonikerAttribute:
1>Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the input files.
1>CoreCompile:
1>  C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe /noconfig /nowarn:1701,1702,2008 /nostdlib+ /errorreport:prompt /warn:4 /define:DEBUG;TRACE /errorendlocation /preferreduilang:en-US /highentropyva+ /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\JsonSubTypes.1.2.0\lib\net45\JsonSubTypes.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\Microsoft.CSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\mscorlib.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\RestSharp.105.1.0\lib\net45\RestSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.ComponentModel.DataAnnotations.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Core.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.DataSetExtensions.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Runtime.Serialization.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.Linq.dll" /debug+ /debug:full /filealign:512 /optimize- /out:obj\Debug\IO.Swagger.dll /ruleset:"C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Static Analysis Tools\\Rule Sets\MinimumRecommendedRules.ruleset" /subsystemversion:6.00 /target:library /utf8output Api\DefaultApi.cs Api\DiscoveryApi.cs Api\GroupApi.cs Api\UserApi.cs Client\ApiClient.cs Client\ApiException.cs Client\ApiResponse.cs Client\Configuration.cs Client\ExceptionFactory.cs Client\GlobalConfiguration.cs Client\IApiAccessor.cs Client\IReadableConfiguration.cs Client\SwaggerDateConverter.cs Model\Address.cs Model\AnyValue.cs Model\BaseResource.cs Model\BasicListResponse.cs Model\BulkData.cs Model\BulkOperation.cs Model\BulkRequest.cs Model\Email.cs Model\Entitlement.cs Model\ErrorResponse.cs Model\Fido2DeviceResource.cs Model\Fido2ListResponse.cs Model\FidoDeviceResource.cs Model\FidoListResponse.cs Model\GenericListResponse.cs Model\GenericResource.cs Model\Group.cs Model\GroupListResponse.cs Model\GroupResource.cs Model\InstantMessagingAddress.cs Model\Member.cs Model\Meta.cs Model\Name.cs Model\OneOfGenericResource.cs Model\PatchOperation.cs Model\PatchRequest.cs Model\PhoneNumber.cs Model\Photo.cs Model\ResourceType.cs Model\ResourceTypeListResponse.cs Model\ResourceTypeSchemaExtensions.cs Model\Role.cs Model\SchemaAttribute.cs Model\SchemaListResponse.cs Model\SchemaResource.cs Model\SearchRequest.cs Model\ServiceProviderConfigResponse.cs Model\ServiceProviderConfigResponseAuthenticationSchemes.cs Model\ServiceProviderConfigResponseBulk.cs Model\ServiceProviderConfigResponseFilter.cs Model\ServiceProviderConfigResponseMeta.cs Model\ServiceProviderConfigResponsePatch.cs Model\UserListResponse.cs Model\UserResource.cs Model\X509Certificate.cs Properties\AssemblyInfo.cs "C:\Users\scott\AppData\Local\Temp\.NETFramework,Version=v4.5.AssemblyAttributes.cs" obj\Debug\\TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs obj\Debug\\TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs obj\Debug\\TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs
1>  Using shared compilation with compiler from directory: C:\Program Files (x86)\MSBuild\14.0\bin
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(64,119,64,120): error CS1001: Identifier expected
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(64,129,64,130): error CS1031: Type expected
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(91,23,91,24): error CS1519: Invalid token '{' in class, struct, or interface member declaration
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(91,28,91,29): error CS1519: Invalid token ';' in class, struct, or interface member declaration
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(91,33,91,34): error CS1519: Invalid token ';' in class, struct, or interface member declaration
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(184,1,184,2): error CS1022: Type or namespace definition, or end-of-file expected
1>
1>Build FAILED.
1>
1>Time Elapsed 00:00:00.08
2>------ Rebuild All started: Project: IO.Swagger.Test, Configuration: Debug Any CPU ------
2>Build started 6/4/2021 4:36:25 PM.
2>ResolveAssemblyReferences:
2>  Primary reference "IO.Swagger".
2>      Could not find dependent files. Expected file "C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll" does not exist.
2>      Could not find dependent files. Expected file "C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll" does not exist.
2>      Resolved file path is "C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll".
2>      Reference found at search path location "".
2>      The ImageRuntimeVersion for this reference is "".
2>GenerateTargetFrameworkMonikerAttribute:
2>Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the input files.
2>CoreCompile:
2>  C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe /noconfig /nowarn:1701,1702,2008 /nostdlib+ /errorreport:prompt /warn:4 /define:DEBUG;TRACE /errorendlocation /preferreduilang:en-US /highentropyva+ /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\JsonSubTypes.1.2.0\lib\net45\JsonSubTypes.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\Microsoft.CSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\mscorlib.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\NUnit.2.6.4\lib\nunit.framework.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\RestSharp.105.1.0\lib\net45\RestSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.ComponentModel.DataAnnotations.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Core.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.DataSetExtensions.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Runtime.Serialization.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.Linq.dll" /debug+ /debug:full /filealign:512 /optimize- /out:obj\Debug\IO.Swagger.Test.dll /ruleset:"C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Static Analysis Tools\\Rule Sets\MinimumRecommendedRules.ruleset" /subsystemversion:6.00 /target:library /utf8output Api\DefaultApiTests.cs Api\DiscoveryApiTests.cs Api\GroupApiTests.cs Api\UserApiTests.cs Model\AddressTests.cs Model\AnyValueTests.cs Model\BaseResourceTests.cs Model\BasicListResponseTests.cs Model\BulkDataTests.cs Model\BulkOperationTests.cs Model\BulkRequestTests.cs Model\EmailTests.cs Model\EntitlementTests.cs Model\ErrorResponseTests.cs Model\Fido2DeviceResourceTests.cs Model\Fido2ListResponseTests.cs Model\FidoDeviceResourceTests.cs Model\FidoListResponseTests.cs Model\GenericListResponseTests.cs Model\GenericResourceTests.cs Model\GroupListResponseTests.cs Model\GroupResourceTests.cs Model\GroupTests.cs Model\InstantMessagingAddressTests.cs Model\MemberTests.cs Model\MetaTests.cs Model\NameTests.cs Model\OneOfGenericResourceTests.cs Model\PatchOperationTests.cs Model\PatchRequestTests.cs Model\PhoneNumberTests.cs Model\PhotoTests.cs Model\ResourceTypeListResponseTests.cs Model\ResourceTypeSchemaExtensionsTests.cs Model\ResourceTypeTests.cs Model\RoleTests.cs Model\SchemaAttributeTests.cs Model\SchemaListResponseTests.cs Model\SchemaResourceTests.cs Model\SearchRequestTests.cs Model\ServiceProviderConfigResponseAuthenticationSchemesTests.cs Model\ServiceProviderConfigResponseBulkTests.cs Model\ServiceProviderConfigResponseFilterTests.cs Model\ServiceProviderConfigResponseMetaTests.cs Model\ServiceProviderConfigResponsePatchTests.cs Model\ServiceProviderConfigResponseTests.cs Model\UserListResponseTests.cs Model\UserResourceTests.cs Model\X509CertificateTests.cs "C:\Users\scott\AppData\Local\Temp\.NETFramework,Version=v4.5.AssemblyAttributes.cs" obj\Debug\\TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs obj\Debug\\TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs obj\Debug\\TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs
2>  Using shared compilation with compiler from directory: C:\Program Files (x86)\MSBuild\14.0\bin
2>CSC : error CS0006: Metadata file 'C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll' could not be found
2>
2>Build FAILED.
2>
2>Time Elapsed 00:00:00.09
========== Rebuild All: 0 succeeded, 2 failed, 0 skipped ==========

And indeed it looks a bit wrong:

        public PatchOperation(OperationEnum operation = default(OperationEnum), string path = default(string),  value = default())
        {
            // to ensure "operation" is required (not null)
            if (operation == null)
            {
                throw new InvalidDataException("operation is a required property for PatchOperation and cannot be null");
            }
            else
            {
                this.Operation = operation;
            }
            this.Path = path;
            this.Value = value;
        }

I tried the HEAD version of the same file, and got the same result, so I don't think there is already a 'fix' for this (if indeed it's a problem with the YAML).

The relevant part of the YAML appears to be:

    PatchOperation:
      required:
      - operation
      type: object
      properties:
        operation:
          type: string
          enum:
          - add
          - remove
          - replace
        path:
          type: string
          description: Required when type is remove, optional otherwise
        value:
          $ref: '#/components/schemas/AnyValue'
          description: Only required when type is add or replace
      description: See section 3.5.2 of RFC 7644

I don't know anything about YAML - but value seems to be a reference to this part:

components:
  schemas:
    AnyValue:
      description: Can be any value - string, number, boolean, array or object

And that is almost an exact copy/paste from the swagger docs:
https://swagger.io/docs/specification/data-models/data-types/

So I tried replacing the definition with:

components:
  schemas:
    AnyValue:
      anyOf:
        - type: string
        - type: number
        - type: boolean
        - type: array
        - type: object
      description: Can be any value - string, number, boolean, array or object

uploaded to https://app.swaggerhub.com/ downloaded the c# client library, extract ZIP, open in VS2015 and builds OK.

I'll continue with that - but if 'more' data types should be included, please let me know.

I haven't found a sample of calling this API yet, but I'll cross that bridge next...

With couchbase db, scimClient.searchDevices ignores userinum, returns all device in the system

Description: With Couchbase, calling "this.scimClient.searchDevices(inum, query, startIndex, gluuConfig.getFetchRecordCount(), sortBy, order, null, null);" returns all of the fido devices instead of for the user specificed by the inum parameter.

Steps to reproduce:

Create two users, and register FIDO2 device for each.
Run scim client with following code snippet, replacing inum with actual id.

Sample code

        Response response=client.searchDevices(inum, null, null, null, null, null, null, null);
        assertEquals(response.getStatus(), OK.getStatusCode());

        ListResponse listResponse=response.readEntity(ListResponse.class);
        if (listResponse.getResources() != null) {

            for (BaseScimResource resource : listResponse.getResources()) {
            	FidoDeviceResource other = (FidoDeviceResource) resource;
                logger.debug("device {} picked", other.getId());
            	

            }
         }

Expected output - Device registered with inum user should be returned.

Actual Output:
All devices are returned

15:40:12 DEBUG FidoU2fDeviceTest.java:33 - Searching all fido u2f devices
15:40:15 DEBUG FidoU2fDeviceTest.java:42 - device 1591817945007 picked
15:40:15 DEBUG FidoU2fDeviceTest.java:42 - device 1591817995076 picked

SCIM search users is continoulsy timing out towards couchbase despite the admin UI users search work perfectly

Hey Guys ,

Rights i am facing continuous timeout errors when trying to do users search through SCIM to gluu :

20-07 05:14:23.108 ERROR ws.rs.scim2.UserWebService UserWebService.java:235- Failure at searchUsers method org.gluu.persist.exception.EntryPersistenceException: Failed to find entries with key: people, expression: ConvertedExpression [expression=( ( objectClass = "gluuPerson" ) AND uid = "[email protected]" ), consistency=false] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.findEntriesImpl(CouchbaseEntryManager.java:476) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.findPagedEntries(CouchbaseEntryManager.java:391) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor369.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.persist.EntityManager$PersistenceEntryManager$318185012$Proxy$_$$_WeldClientProxy.findPagedEntries(Unknown Source) ~[weld-core-impl-3.1.4.Final.jar:?] at org.gluu.oxtrust.service.scim2.Scim2UserService.searchUsers(Scim2UserService.java:570) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.service.scim2.Scim2UserService$Proxy$_$$_WeldClientProxy.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService.searchUsers(UserWebService.java:224) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.searchUsers(UserWebServiceDecorator.java:161) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor368.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor367.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:70) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor346.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor366.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:543) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:432) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:393) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:395) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:364) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228) ~[websocket-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at java.lang.Thread.run(Thread.java:834) [?:?] Caused by: java.lang.RuntimeException: java.util.concurrent.TimeoutException: {"b":"gluu_user","s":"n1ql","t":75000000,"i":"c1130943-7b49-4ba9-b362-92ad5631ffb9"} at rx.exceptions.Exceptions.propagate(Exceptions.java:57) ~[rxjava-1.3.8.jar:1.3.8] at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:463) ~[rxjava-1.3.8.jar:1.3.8] at rx.observables.BlockingObservable.single(BlockingObservable.java:340) ~[rxjava-1.3.8.jar:1.3.8] at com.couchbase.client.java.CouchbaseBucket.query(CouchbaseBucket.java:650) ~[java-client-2.7.19.jar:?] at com.couchbase.client.java.CouchbaseBucket.query(CouchbaseBucket.java:564) ~[java-client-2.7.19.jar:?] at org.gluu.persist.couchbase.operation.impl.CouchbaseOperationServiceImpl.searchImpl(CouchbaseOperationServiceImpl.java:556) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.operation.impl.CouchbaseOperationServiceImpl.search(CouchbaseOperationServiceImpl.java:447) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.searchImpl(CouchbaseEntryManager.java:521) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.findEntriesImpl(CouchbaseEntryManager.java:467) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] ... 97 more Caused by: java.util.concurrent.TimeoutException: {"b":"gluu_user","s":"n1ql","t":75000000,"i":"c1130943-7b49-4ba9-b362-92ad5631ffb9"} at com.couchbase.client.java.bucket.api.Utils$1.call(Utils.java:131) ~[java-client-2.7.19.jar:?] at com.couchbase.client.java.bucket.api.Utils$1.call(Utils.java:127) ~[java-client-2.7.19.jar:?] at rx.internal.operators.OperatorOnErrorResumeNextViaFunction$4.onError(OperatorOnErrorResumeNextViaFunction.java:140) ~[rxjava-1.3.8.jar:1.3.8] at rx.internal.operators.OnSubscribeTimeoutTimedWithFallback$TimeoutMainSubscriber.onTimeout(OnSubscribeTimeoutTimedWithFallback.java:166) ~[rxjava-1.3.8.jar:1.3.8] at rx.internal.operators.OnSubscribeTimeoutTimedWithFallback$TimeoutMainSubscriber$TimeoutTask.call(OnSubscribeTimeoutTimedWithFallback.java:191) ~[rxjava-1.3.8.jar:1.3.8] at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55) ~[rxjava-1.3.8.jar:1.3.8] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?] at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] ... 1 more

Despite when i login to gluu admin web console , search users through UI works , any pointers for what to be checked or what can be the possible issue here ?

Restore usage of PoolingHttpClientConnectionManager

Probably removed by mistake, version 4.3.1 of the scim-client is not using PoolingHttpClientConnectionManager. Previous versions are OK

This may lead to problems of client usage when concurrent operations are issued

https://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/html/connmgmt.html#d5e405
https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html

Fine tune validations performed by Group endpoints

Group endpoints may exhibit performance problems due to a number of validations that are not exactly necessary. These validations incur one DB query per user associated to a given group which can degenerate in very high response times (and excessive load) when groups contain thousands of members.

A careful analysis and optimization of existing validations is needed.

A community customer reporting 502 responses when interacting with Group endpoints helped unveiled this problem. See ticket 9929.

Should SCIM PUT account null values?

From community member (May 29th 2019):

Using PATCH is definitely on the table, but just requires more work [...] I'd like to suggest a setting to disable ignoring null in PUT requests for SCIM. That way, if an implementation only adds null values deliberately to a request, it would be possible to unassign attributes through PUT, making for less deviation from the standard. This would, of course, need to be a setting to avoid breaking any existing implementations that rely on the current functionality. I'm with you on the PUT implementation being less destructive than what is usual, but being able to remove attributes with it would be nice.

Updating a user via scim breaks scim search with couchbase.

Describe the issue:

Updating a user via scim breaks scim search with couchbase installation only .

Step to Reproduce the issue:

Create a new user via oxtrust (provide basic details including an email address).
search for user by email in scim using a query such as filter=emails[value eq "[email protected]"]'. it will give you correct response.

example query
curl -k -G -H 'Authorization: Bearer xxxxxx-4336-a1fb-53eda6ff9d59' -d count=10 --data-urlencode 'filter=emails[value eq "[email protected]"]' https://ub20.gluu.org/identity/restv1/scim/v2/Users

View document in couchbase here you can see email is stored as a singular string field such as "mail": "[email protected]".
Now update the user using scim update query for example

curl -k -X PUT -H 'Authorization: Bearer xxxxc6b7-4549-9d65-9f2f324be9f3' -H 'Content-Type: application/scim+json' -d @input.json -o output.json 'https://ub20.gluu.org/identity/restv1/scim/v2/Users/xxxxx-6fa7-4f07-a04d-4600e8c83ab9'

again search for user by email in scim using a query such as filter=emails[value eq "[email protected]"]'. it will give you no results.
View document in couchbase here you can see email is stored as a singular array field now which breaks the search query.

Expected behaviour:
when updating a user the mail field should remain a singular string not an array. Additionally subsequent searches by email should return the same user.

Actual behaviour:

Flitered Search show zero result.

Operating system
ubuntu 20

Gluu-server veriosn: 4.2.1 + couchbase

Endless loop in scim_persistence.log when in Couchbase

In CE 4.2.2 when tailing scim_persistence.log the following repeats endlessly even at idle (no request sent to SCIM service):

2021-01-07 21:04:09,598 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_token"
2021-01-07 21:04:09,600 DEBUG [cb-io-1-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:85) - [localhost/127.0.0.1:18093][QueryEndpoint]: Connected Endpoint.
2021-01-07 21:04:09,600 DEBUG [cb-io-1-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:85) - [localhost]: Connected (DEGRADED) to Node
2021-01-07 21:04:09,615 DEBUG [cb-io-1-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:85) - [localhost/127.0.0.1:18093][QueryEndpoint]: Channel Active.
2021-01-07 21:04:09,656 DEBUG [cb-io-1-2] [deps.io.netty.handler.ssl.SslHandler] (SslHandler.java:1759) - [id: 0xd59355e7, L:/127.0.0.1:37280 - R:localhost/127.0.0.1:18093] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2021-01-07 21:04:09,895 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_user config proposed.
2021-01-07 21:04:09,895 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_user"
2021-01-07 21:04:09,897 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_token config proposed.
2021-01-07 21:04:09,897 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_token"
2021-01-07 21:04:09,898 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu config proposed.
2021-01-07 21:04:09,898 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu"
2021-01-07 21:04:09,899 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_site config proposed.
2021-01-07 21:04:09,900 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_site"
2021-01-07 21:04:09,900 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_cache config proposed.
2021-01-07 21:04:09,900 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_cache"
2021-01-07 21:04:09,901 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_session config proposed.
2021-01-07 21:04:09,901 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_session"

It repeats over and over with no pauses. This seems abnormal. Log level is set to DEBUG

Support SCIM Password Management Spec

Reseting password is a core IDM funtion. We need to add support to our SCIM API's for this:
https://tools.ietf.org/id/draft-hunt-scim-password-mgmt-00.txt

Please create a design document before implementation because I'm not sure we want to implement all features specified.

Failed to Add user via Scim Api in 4.3.0 beta (http error 500)

Describe the issue.

Failed to Add user via Scim Api in 4.3.0 beta

input.json

 {
    "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
    "userName":"ajsmith",
    "name":{
        "familyName":"Smith",
        "givenName":"Joe"
    },
    "displayName":"Average Joe"
}

End Points

"curl -k -H 'Authorization: Bearer ...token...' -H 'Content-Type: application/scim+json' -d @input.json -o output.json https://local.gluu.org/identity/restv1/scim/v2/Users"

expected result

Expected behaviour

User must be added to gluu-server and response should be like in output.lson


{
  "id": "...",
  "meta": {
    "created": "...",
    "lastModified": "...",
    "location": "https://.../scim/v2/Users/@!..."
    "resourceType": "User"
  },
  "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ],
  "userName": "ajsmith",
  "name": {
    "formatted": "Joe Smith",
    "familyName": "Smith",
    "givenName": "Joe"
  },
  "displayName": "Average Joe",
  ...
}

Actual Result

No user added to gluu-server and response shows http error 500

Environment Details

Ubuntu 20
Gluu Server 4.3.0

Persistence extension script not invoked

SCIM only supports the SCIM script currently. Allow usage of persistence extension script too (useful to parameterize the hashing algorithm in users' passwords).

Reference support ticket: 9135

SCIM API tends to miss-manage date/time attributes when custom SCIM scripts are also involved

test_scim_script.zip

Description

As it was found out during recent troubleshooting session involving SCIM custom scripts that had to persist attributes on their own (in addition to the ones passed in the request) - at least in user creation flow - if attribute of type "Date" is persisted from inside the script, it leads to varying but unexpected results, which may depend on the type of persistence layer (specifically, differences were observed when using LDAP vs MySQL).

Preconditions

Ideally, two Gluu Servers (CE) are needed, one using LDAP, the other one using MySQL for persistence; if only one is option, it should be MySQL-based
Deployed test custom SCIM script attached above
Several test attributes of type "Date" set in oxTrust, with a compatible type used for corresponding DB attribute (1.3.6.1.4.1.1466.115.121.1.24 type for LDAP and "datetime()" type for MySQL); the attached script expects that "activatedAt" and "lastLoginAt" attributes are existing; there also should be at least one more date/time attribute which will be passed in SCIM request explicitly; all the attributes need to be added to SCIM extended schema (by checking corresponding checkbox in their properties)

Steps to reproduce

Send a user creation request which includes date/time attribute that is not the one of the two set inside the script
Check the API's response, contents of attributes' DB entries and scim logs

Results

In MySQL none of the attributes set from inside the script are present in immediate user creation response from API, only the one sent in the request makes it there; it will appear in subsequent GET request for that user entry, and is pushed to DB, so it's not a persistence issue.

In case of LDAP it behaves a bit different - if it's a string what is passed in "strTime" variable in a line like below:

user.setCustomAttribute('lastLoginAt', strTime)

...then it will appear in response. At the other hand, if strTime contains a "java.util.Date" object (which is, according to @jgomer2001 , is the most appropriate and DB-independent approach), such attribute won't appear in immediate response. The rest seems to stay the same.

Also, when textual representation of the generalized time is used when passing the value, it seems like OpenDJ and MySQL react to it differently. Using the approach suggested by Jose, as below:

        objTime = Date() # this is a full date with milliseconds and so on
        strTime = StaticUtils.encodeGeneralizedTime(objTime)
        user.setCustomAttribute('activatedAt', strTime)

..the date/time string produced will look like this: 20230411190818.574Z. OpenDJ consumes such value without complaints, while MySQL rejects it because of the trailing "Z" character. It can still be fixed with line like below:

        strTime = strTime.rstrip("Zz")

..but adds to confusion and makes scim scripts less portable

Expected results

Ideally, we need our custom scripts to be DB-agnostic to make it possible to quickly share and deploy them between different environments. If possible, we need to find a way to handle date/time attributes uniformly in these two, and other possible cases. Passing (and manipulating) a java time object seems like a solid idea, but the issue with it missing from API response needs to be fixed first.

Incorporate id_generation with scim

Call the id generation script when creating a user via scim.

Add mechanisms for Delegated administration

Let’s say a company has a bunch of partners, and they want to create a portal to enable an “admin” at the partner to manage the users for the partner organization.

Custom scripts will be used to implement the checks (ie. caller is allowed to make the operation)
Java code needs to pass more contextual information (eg. which client is associated with the presented access token, request params)
Respond with specific error when the caller is not allowed

Setting custom attribute to blank gives 500 error

The following code throws NPE (500 error):

//Assume oxEnrollmentCode was previously populated
Response response=client.getUserById(user_inum, null, null);
UserResource u = response.readEntity(UserResource.class);
CustomAttributes attrs = u.getCustomAttributes(USER_EXT_SCHEMA_ID);	
logger.debug(attrs.getValue("oxEnrollmentCode", String.class));
		
attrs.setAttribute("oxEnrollmentCode", "");
response=client.updateUser(u, u.getId(), null, null);
		
logger.debug(response.readEntity(String.class));

oxtrust.log:

2020-06-12 13:19:01,659 ERROR [qtp1590550415-12] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:180) - Failure at updateUser method
java.lang.NullPointerException: null
	at org.gluu.persist.impl.BaseEntryManager.collectAttributeModifications(BaseEntryManager.java:382) ~[oxcore-persistence-core-4.1.0.Final.jar:?]
	at org.gluu.persist.impl.BaseEntryManager.merge(BaseEntryManager.java:229) ~[oxcore-persistence-core-4.1.0.Final.jar:?]
	at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.merge(CouchbaseEntryManager.java:121) ~[oxcore-persistence-couchbase-4.1.0.Final.jar:?]
	at sun.reflect.GeneratedMethodAccessor181.invoke(Unknown Source) ~[?:?]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
	at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.gluu.persist.EntityManager$PersistenceEntryManager$479440844$Proxy$_$$_WeldClientProxy.merge(Unknown Source) ~[weld-core-impl-3.1.2.Final.jar:?]
	at org.gluu.oxtrust.service.scim2.UserPersistenceHelper.updatePerson(UserPersistenceHelper.java:74) ~[classes/:?]
	at org.gluu.oxtrust.service.scim2.Scim2UserService.replacePersonInfo(Scim2UserService.java:534) ~[classes/:?]
	at org.gluu.oxtrust.service.scim2.Scim2UserService.updateUser(Scim2UserService.java:509) ~[classes/:?]
	at org.gluu.oxtrust.ws.rs.scim2.UserWebService.updateUser(UserWebService.java:171) ~[classes/:?]
	at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.updateUser(Unknown Source) ~[classes/:?]
	at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.updateUser(UserWebServiceDecorator.java:127) ~[classes/:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
	at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.updateUser(Unknown Source) ~[classes/:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
	at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:70) ~[classes/:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
	at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
	at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.updateUser(Unknown Source) ~[classes/:?]
	at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldClientProxy.updateUser(Unknown Source) ~[classes/:?]

Change documentationURI claim in UMA authentication scheme to match specURI

It would be better not to reference the Gluu docs here. Can you just make it the same as the specURI?

feat: make max no. of operations and payload size of bulks operations parameterizable

As in JanssenProject/jans#1819

Introduce scim-configuration endpoint

This endpoint was not transfered from oxTrust to scim. One can think of using /ServiceProviderConfig and /ResourceTypes endpoints (which are normative) for SCIM service discovery, however, these are under the same base URL (ie. /identity/restv1/scim/v2 of the rest of SCIM endpoints). The spec isn't clear about where those discovery endpoints should go.

The scim-configuration endpoint definitely has better usability. I'm thinking for instance if a new version of SCIM comes out (eg. 2.5), that will make the base URL change.

We need to introduce well-known again.

Account rfc 6531 for email addresses

Current Implementaiton embraces syntax in rfc 5321, but it does not account the extensibility of character encoding as in rfc 6531

This is flagging addresses with UTF8 characters as invalid

Add config so that SCIM endpoints are unprotected

It was reported some customers want to handle protection externally

New releases are not available in maven repository

The latest stable version in https://ox.gluu.org/maven/ is 4.3.0.Final.
Where are version 4.3.1 and 4.4.1 hosted?

Year is missing in some log statements

Add year where missing, example 07-02 15:01:06.303 WARN oxtrust.auth.uma.UmaPermissionService UmaPermissionService.java:198- Status response for...

Ref TT 10308

NPE while creating test client

When registering test client, api returns 0 in client_secret_expires_at.
If client_secret_expires_at is 0, then RegisterResponse object is created with variable clientSecretExpiresAt as null.
At TestModeScimsClient#triggerRegistrationIfNeeded clientExpiration variable is set to response.getClientSecretExpiresAt().getTime() and gives NullPointerException.

Simple null check will create new registration request on every program run.
Maybe provide option to provide OpenID client details via constructor?

SCIM discovery endpoint shows urls prefixed with /identity when on CN edition

Response of /.well-known/scim-configuration has URLs like identity/restv1... (valid for CE only). Conform to /scim/restv1... when using CN to avoid customers adding ingress rules. Ref ticket 9127

ERROR ws.rs.scim2.ServiceProviderConfigWS ServiceProviderConfigWS.java:50- null

Hello!

We deployed 4.3.0-SNAPSHOT and got that nullpointer exception due to which scim did not start:

2021-09-07 09:56:29.123:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@624ea235{/scim,[file:///opt/gluu/jetty/scim/webapps/scim/, jar:file:///opt/gluu/jetty/scim/webapps/scim/WEB-INF/lib/scim-model-4.3.0-SNAPSHOT.jar!/META-INF/resources],AVAILABLE}{/opt/gluu/jetty/scim/webapps/scim}
2021-09-07 09:56:29.149:INFO:oejs.AbstractConnector:main: Started ServerConnector@6b9fc5c7{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2021-09-07 09:56:29.149:INFO:oejs.Server:main: Started @24298ms
07-09 09:56:43.315 INFO  gluu.service.logger.LoggerService LoggerService.java:205- Updated log level of '27' loggers to INFO
07-09 09:56:53.198 ERROR ws.rs.scim2.ServiceProviderConfigWS ServiceProviderConfigWS.java:50- null
java.lang.NullPointerException: null
	at org.gluu.oxtrust.ws.rs.scim2.ServiceProviderConfigWS.serve(ServiceProviderConfigWS.java:43) ~[scim-rest-4.3.0-SNAPSHOT.jar:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:546) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:435) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:396) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:398) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:365) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0]
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228) ~[websocket-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) [jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) [jetty-util-9.4.43.v20210629.jar:9.4.43.v20210629]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) [jetty-util-9.4.43.v20210629.jar:9.4.43.v20210629]
	at java.lang.Thread.run(Thread.java:834) [?:?]

Seems log object is null on line 50 in ServiceProviderConfigWS

With Regards

Email validation not working with special characters

SCIM fails to validate e-mails like [email protected].

Solution given for this issue was defective. More info in tickets 9649 and 9115.

Recommended practice seems not making validations at all due to complexity in regexp to match valid e-mail values. In this issue I'll follow a simplified approach Instead.

Add deprecation notes in docs for UMA and test mode
Make Gluu setup create the required scopes (and a sample client?)
Adjust comm-edition's oxtrust-config template
Adjust oxTrust UI to display a 3-item list, not the "scimTestMode: true/false"
Update swagger files
Adjust scim Java client?
Update oxTrust API?