gluufederation / scim Goto Github PK
View Code? Open in Web Editor NEWSCIM server/client
License: Apache License 2.0
SCIM server/client
License: Apache License 2.0
Currently hardcoded: https://github.com/GluuFederation/scim/blob/version_4.3.0/scim-model/src/main/java/org/gluu/oxtrust/model/scim2/Constants.java#L21
Add a json config property using the hardcoded as default value
Historically, SCIM does not use gluuStatus
attribute but oxTrustActive
. The former has values active/inactive/...
while the latter is just true/false
, following exactly the format expected by the spec with regards to active
attribute. SCIM has always done the required syncing between gluuStatus
andoxTrustActive
but there are external sources (eg. scripts) that can make both attributes go out of sync.
We have to evaluate the feasibility of removing oxTrustActive
from schema.
At the client side when the keyId provided does not correspond to a sig
algorithm but enc
, the given scim operation crashes. The same happens when no key is provided and the first key found in the keystore has an enc
use.
enc
keys should be rejected by throwing a self-explanatory error.
Hello!
I'm kinda new to a lot of this...
I need to add bulk users to Gluu 4.2.3 server
I've looked at the book "Securing the Perimeter" by Michael Schwartz & Maciej Machulak and the Gluu OXD and SCIM docs
For my purposes, I think the 'best' way is to use the SCIM API rather than LDAP and then refresh the cache. I hope to then re-use some of the code (or concepts) for user admin programs to come later.
Language of choice here is c# on windows with VS2015 and .NET 4.7.2
I'm trying to build a client library to use with SCIM scim/scim-server/src/main/resources/gluu-scim-openapi.yaml using https://app.swaggerhub.com
I downloaded an existing OXD c# client library from Swagger just to get the hang of things, then uploaded the 4.2.2 branch of
gluu-scim-openapi.yaml from GitHub and uploaded to Swagger (14 day trial) and downloaded the c# client library and tried to compile it.
But I get compile errors:
Restoring NuGet packages...
To prevent NuGet from restoring packages during build, open the Visual Studio Options dialog, click on the Package Manager node and uncheck 'Allow NuGet to download missing packages during build.'
NuGet package restore finished.
1>------ Rebuild All started: Project: IO.Swagger, Configuration: Debug Any CPU ------
1>Build started 6/4/2021 4:36:25 PM.
1>GenerateTargetFrameworkMonikerAttribute:
1>Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the input files.
1>CoreCompile:
1> C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe /noconfig /nowarn:1701,1702,2008 /nostdlib+ /errorreport:prompt /warn:4 /define:DEBUG;TRACE /errorendlocation /preferreduilang:en-US /highentropyva+ /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\JsonSubTypes.1.2.0\lib\net45\JsonSubTypes.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\Microsoft.CSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\mscorlib.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\RestSharp.105.1.0\lib\net45\RestSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.ComponentModel.DataAnnotations.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Core.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.DataSetExtensions.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Runtime.Serialization.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.Linq.dll" /debug+ /debug:full /filealign:512 /optimize- /out:obj\Debug\IO.Swagger.dll /ruleset:"C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Static Analysis Tools\\Rule Sets\MinimumRecommendedRules.ruleset" /subsystemversion:6.00 /target:library /utf8output Api\DefaultApi.cs Api\DiscoveryApi.cs Api\GroupApi.cs Api\UserApi.cs Client\ApiClient.cs Client\ApiException.cs Client\ApiResponse.cs Client\Configuration.cs Client\ExceptionFactory.cs Client\GlobalConfiguration.cs Client\IApiAccessor.cs Client\IReadableConfiguration.cs Client\SwaggerDateConverter.cs Model\Address.cs Model\AnyValue.cs Model\BaseResource.cs Model\BasicListResponse.cs Model\BulkData.cs Model\BulkOperation.cs Model\BulkRequest.cs Model\Email.cs Model\Entitlement.cs Model\ErrorResponse.cs Model\Fido2DeviceResource.cs Model\Fido2ListResponse.cs Model\FidoDeviceResource.cs Model\FidoListResponse.cs Model\GenericListResponse.cs Model\GenericResource.cs Model\Group.cs Model\GroupListResponse.cs Model\GroupResource.cs Model\InstantMessagingAddress.cs Model\Member.cs Model\Meta.cs Model\Name.cs Model\OneOfGenericResource.cs Model\PatchOperation.cs Model\PatchRequest.cs Model\PhoneNumber.cs Model\Photo.cs Model\ResourceType.cs Model\ResourceTypeListResponse.cs Model\ResourceTypeSchemaExtensions.cs Model\Role.cs Model\SchemaAttribute.cs Model\SchemaListResponse.cs Model\SchemaResource.cs Model\SearchRequest.cs Model\ServiceProviderConfigResponse.cs Model\ServiceProviderConfigResponseAuthenticationSchemes.cs Model\ServiceProviderConfigResponseBulk.cs Model\ServiceProviderConfigResponseFilter.cs Model\ServiceProviderConfigResponseMeta.cs Model\ServiceProviderConfigResponsePatch.cs Model\UserListResponse.cs Model\UserResource.cs Model\X509Certificate.cs Properties\AssemblyInfo.cs "C:\Users\scott\AppData\Local\Temp\.NETFramework,Version=v4.5.AssemblyAttributes.cs" obj\Debug\\TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs obj\Debug\\TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs obj\Debug\\TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs
1> Using shared compilation with compiler from directory: C:\Program Files (x86)\MSBuild\14.0\bin
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(64,119,64,120): error CS1001: Identifier expected
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(64,129,64,130): error CS1031: Type expected
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(91,23,91,24): error CS1519: Invalid token '{' in class, struct, or interface member declaration
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(91,28,91,29): error CS1519: Invalid token ';' in class, struct, or interface member declaration
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(91,33,91,34): error CS1519: Invalid token ';' in class, struct, or interface member declaration
1>C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\Model\PatchOperation.cs(184,1,184,2): error CS1022: Type or namespace definition, or end-of-file expected
1>
1>Build FAILED.
1>
1>Time Elapsed 00:00:00.08
2>------ Rebuild All started: Project: IO.Swagger.Test, Configuration: Debug Any CPU ------
2>Build started 6/4/2021 4:36:25 PM.
2>ResolveAssemblyReferences:
2> Primary reference "IO.Swagger".
2> Could not find dependent files. Expected file "C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll" does not exist.
2> Could not find dependent files. Expected file "C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll" does not exist.
2> Resolved file path is "C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll".
2> Reference found at search path location "".
2> The ImageRuntimeVersion for this reference is "".
2>GenerateTargetFrameworkMonikerAttribute:
2>Skipping target "GenerateTargetFrameworkMonikerAttribute" because all output files are up-to-date with respect to the input files.
2>CoreCompile:
2> C:\Program Files (x86)\MSBuild\14.0\bin\csc.exe /noconfig /nowarn:1701,1702,2008 /nostdlib+ /errorreport:prompt /warn:4 /define:DEBUG;TRACE /errorendlocation /preferreduilang:en-US /highentropyva+ /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\JsonSubTypes.1.2.0\lib\net45\JsonSubTypes.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\Microsoft.CSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\mscorlib.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\Newtonsoft.Json.10.0.3\lib\net45\Newtonsoft.Json.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\NUnit.2.6.4\lib\nunit.framework.dll" /reference:"C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\packages\RestSharp.105.1.0\lib\net45\RestSharp.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.ComponentModel.DataAnnotations.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Core.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.DataSetExtensions.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Data.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Runtime.Serialization.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.dll" /reference:"C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Xml.Linq.dll" /debug+ /debug:full /filealign:512 /optimize- /out:obj\Debug\IO.Swagger.Test.dll /ruleset:"C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\Static Analysis Tools\\Rule Sets\MinimumRecommendedRules.ruleset" /subsystemversion:6.00 /target:library /utf8output Api\DefaultApiTests.cs Api\DiscoveryApiTests.cs Api\GroupApiTests.cs Api\UserApiTests.cs Model\AddressTests.cs Model\AnyValueTests.cs Model\BaseResourceTests.cs Model\BasicListResponseTests.cs Model\BulkDataTests.cs Model\BulkOperationTests.cs Model\BulkRequestTests.cs Model\EmailTests.cs Model\EntitlementTests.cs Model\ErrorResponseTests.cs Model\Fido2DeviceResourceTests.cs Model\Fido2ListResponseTests.cs Model\FidoDeviceResourceTests.cs Model\FidoListResponseTests.cs Model\GenericListResponseTests.cs Model\GenericResourceTests.cs Model\GroupListResponseTests.cs Model\GroupResourceTests.cs Model\GroupTests.cs Model\InstantMessagingAddressTests.cs Model\MemberTests.cs Model\MetaTests.cs Model\NameTests.cs Model\OneOfGenericResourceTests.cs Model\PatchOperationTests.cs Model\PatchRequestTests.cs Model\PhoneNumberTests.cs Model\PhotoTests.cs Model\ResourceTypeListResponseTests.cs Model\ResourceTypeSchemaExtensionsTests.cs Model\ResourceTypeTests.cs Model\RoleTests.cs Model\SchemaAttributeTests.cs Model\SchemaListResponseTests.cs Model\SchemaResourceTests.cs Model\SearchRequestTests.cs Model\ServiceProviderConfigResponseAuthenticationSchemesTests.cs Model\ServiceProviderConfigResponseBulkTests.cs Model\ServiceProviderConfigResponseFilterTests.cs Model\ServiceProviderConfigResponseMetaTests.cs Model\ServiceProviderConfigResponsePatchTests.cs Model\ServiceProviderConfigResponseTests.cs Model\UserListResponseTests.cs Model\UserResourceTests.cs Model\X509CertificateTests.cs "C:\Users\scott\AppData\Local\Temp\.NETFramework,Version=v4.5.AssemblyAttributes.cs" obj\Debug\\TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs obj\Debug\\TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs obj\Debug\\TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs
2> Using shared compilation with compiler from directory: C:\Program Files (x86)\MSBuild\14.0\bin
2>CSC : error CS0006: Metadata file 'C:\Users\scott\Documents\Visual Studio 2010\gluu-scim-server-4.2.2-csharp-client\src\IO.Swagger\bin\Debug\IO.Swagger.dll' could not be found
2>
2>Build FAILED.
2>
2>Time Elapsed 00:00:00.09
========== Rebuild All: 0 succeeded, 2 failed, 0 skipped ==========
And indeed it looks a bit wrong:
public PatchOperation(OperationEnum operation = default(OperationEnum), string path = default(string), value = default())
{
// to ensure "operation" is required (not null)
if (operation == null)
{
throw new InvalidDataException("operation is a required property for PatchOperation and cannot be null");
}
else
{
this.Operation = operation;
}
this.Path = path;
this.Value = value;
}
I tried the HEAD version of the same file, and got the same result, so I don't think there is already a 'fix' for this (if indeed it's a problem with the YAML).
The relevant part of the YAML appears to be:
PatchOperation:
required:
- operation
type: object
properties:
operation:
type: string
enum:
- add
- remove
- replace
path:
type: string
description: Required when type is remove, optional otherwise
value:
$ref: '#/components/schemas/AnyValue'
description: Only required when type is add or replace
description: See section 3.5.2 of RFC 7644
I don't know anything about YAML - but value seems to be a reference to this part:
components:
schemas:
AnyValue:
description: Can be any value - string, number, boolean, array or object
And that is almost an exact copy/paste from the swagger docs:
https://swagger.io/docs/specification/data-models/data-types/
So I tried replacing the definition with:
components:
schemas:
AnyValue:
anyOf:
- type: string
- type: number
- type: boolean
- type: array
- type: object
description: Can be any value - string, number, boolean, array or object
uploaded to https://app.swaggerhub.com/ downloaded the c# client library, extract ZIP, open in VS2015 and builds OK.
I'll continue with that - but if 'more' data types should be included, please let me know.
I haven't found a sample of calling this API yet, but I'll cross that bridge next...
Description: With Couchbase, calling "this.scimClient.searchDevices(inum, query, startIndex, gluuConfig.getFetchRecordCount(), sortBy, order, null, null);" returns all of the fido devices instead of for the user specificed by the inum parameter.
Steps to reproduce:
Sample code
Response response=client.searchDevices(inum, null, null, null, null, null, null, null);
assertEquals(response.getStatus(), OK.getStatusCode());
ListResponse listResponse=response.readEntity(ListResponse.class);
if (listResponse.getResources() != null) {
for (BaseScimResource resource : listResponse.getResources()) {
FidoDeviceResource other = (FidoDeviceResource) resource;
logger.debug("device {} picked", other.getId());
}
}
Expected output - Device registered with inum user should be returned.
Actual Output:
All devices are returned
15:40:12 DEBUG FidoU2fDeviceTest.java:33 - Searching all fido u2f devices
15:40:15 DEBUG FidoU2fDeviceTest.java:42 - device 1591817945007 picked
15:40:15 DEBUG FidoU2fDeviceTest.java:42 - device 1591817995076 picked
Hey Guys ,
Rights i am facing continuous timeout errors when trying to do users search through SCIM to gluu :
20-07 05:14:23.108 ERROR ws.rs.scim2.UserWebService UserWebService.java:235- Failure at searchUsers method org.gluu.persist.exception.EntryPersistenceException: Failed to find entries with key: people, expression: ConvertedExpression [expression=( ( objectClass = "gluuPerson" ) AND uid = "[email protected]" ), consistency=false] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.findEntriesImpl(CouchbaseEntryManager.java:476) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.findPagedEntries(CouchbaseEntryManager.java:391) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor369.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.persist.EntityManager$PersistenceEntryManager$318185012$Proxy$_$$_WeldClientProxy.findPagedEntries(Unknown Source) ~[weld-core-impl-3.1.4.Final.jar:?] at org.gluu.oxtrust.service.scim2.Scim2UserService.searchUsers(Scim2UserService.java:570) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.service.scim2.Scim2UserService$Proxy$_$$_WeldClientProxy.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService.searchUsers(UserWebService.java:224) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.searchUsers(UserWebServiceDecorator.java:161) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor368.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor367.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:70) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor346.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) ~[weld-core-impl-3.1.4.Final.jar:3.1.4.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.searchUsers(Unknown Source) ~[scim-rest-4.2.3.Final.jar:?] at jdk.internal.reflect.GeneratedMethodAccessor366.invoke(Unknown Source) ~[?:?] at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?] at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:543) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:432) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:393) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:395) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:364) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.13.0.Final.jar:3.13.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228) ~[websocket-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) [jetty-server-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905) [jetty-util-9.4.35.v20201120.jar:9.4.35.v20201120] at java.lang.Thread.run(Thread.java:834) [?:?] Caused by: java.lang.RuntimeException: java.util.concurrent.TimeoutException: {"b":"gluu_user","s":"n1ql","t":75000000,"i":"c1130943-7b49-4ba9-b362-92ad5631ffb9"} at rx.exceptions.Exceptions.propagate(Exceptions.java:57) ~[rxjava-1.3.8.jar:1.3.8] at rx.observables.BlockingObservable.blockForSingle(BlockingObservable.java:463) ~[rxjava-1.3.8.jar:1.3.8] at rx.observables.BlockingObservable.single(BlockingObservable.java:340) ~[rxjava-1.3.8.jar:1.3.8] at com.couchbase.client.java.CouchbaseBucket.query(CouchbaseBucket.java:650) ~[java-client-2.7.19.jar:?] at com.couchbase.client.java.CouchbaseBucket.query(CouchbaseBucket.java:564) ~[java-client-2.7.19.jar:?] at org.gluu.persist.couchbase.operation.impl.CouchbaseOperationServiceImpl.searchImpl(CouchbaseOperationServiceImpl.java:556) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.operation.impl.CouchbaseOperationServiceImpl.search(CouchbaseOperationServiceImpl.java:447) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.searchImpl(CouchbaseEntryManager.java:521) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.findEntriesImpl(CouchbaseEntryManager.java:467) ~[oxcore-persistence-couchbase-4.2.3.Final.jar:?] ... 97 more Caused by: java.util.concurrent.TimeoutException: {"b":"gluu_user","s":"n1ql","t":75000000,"i":"c1130943-7b49-4ba9-b362-92ad5631ffb9"} at com.couchbase.client.java.bucket.api.Utils$1.call(Utils.java:131) ~[java-client-2.7.19.jar:?] at com.couchbase.client.java.bucket.api.Utils$1.call(Utils.java:127) ~[java-client-2.7.19.jar:?] at rx.internal.operators.OperatorOnErrorResumeNextViaFunction$4.onError(OperatorOnErrorResumeNextViaFunction.java:140) ~[rxjava-1.3.8.jar:1.3.8] at rx.internal.operators.OnSubscribeTimeoutTimedWithFallback$TimeoutMainSubscriber.onTimeout(OnSubscribeTimeoutTimedWithFallback.java:166) ~[rxjava-1.3.8.jar:1.3.8] at rx.internal.operators.OnSubscribeTimeoutTimedWithFallback$TimeoutMainSubscriber$TimeoutTask.call(OnSubscribeTimeoutTimedWithFallback.java:191) ~[rxjava-1.3.8.jar:1.3.8] at rx.internal.schedulers.ScheduledAction.run(ScheduledAction.java:55) ~[rxjava-1.3.8.jar:1.3.8] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?] at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304) ~[?:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?] ... 1 more
Despite when i login to gluu admin web console , search users through UI works , any pointers for what to be checked or what can be the possible issue here ?
Probably removed by mistake, version 4.3.1 of the scim-client is not using PoolingHttpClientConnectionManager. Previous versions are OK
This may lead to problems of client usage when concurrent operations are issued
https://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/html/connmgmt.html#d5e405
https://hc.apache.org/httpcomponents-client-4.5.x/current/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html
Group endpoints may exhibit performance problems due to a number of validations that are not exactly necessary. These validations incur one DB query per user associated to a given group which can degenerate in very high response times (and excessive load) when groups contain thousands of members.
A careful analysis and optimization of existing validations is needed.
A community customer reporting 502 responses when interacting with Group endpoints helped unveiled this problem. See ticket 9929.
From community member (May 29th 2019):
Using
PATCH
is definitely on the table, but just requires more work [...] I'd like to suggest a setting to disable ignoringnull
inPUT
requests for SCIM. That way, if an implementation only addsnull
values deliberately to a request, it would be possible to unassign attributes throughPUT
, making for less deviation from the standard. This would, of course, need to be a setting to avoid breaking any existing implementations that rely on the current functionality. I'm with you on thePUT
implementation being less destructive than what is usual, but being able to remove attributes with it would be nice.
Describe the issue:
Updating a user via scim breaks scim search with couchbase installation only .
Step to Reproduce the issue:
example query
curl -k -G -H 'Authorization: Bearer xxxxxx-4336-a1fb-53eda6ff9d59' -d count=10 --data-urlencode 'filter=emails[value eq "[email protected]"]' https://ub20.gluu.org/identity/restv1/scim/v2/Users
View document in couchbase here you can see email is stored as a singular string field such as "mail": "[email protected]".
Now update the user using scim update query for example
curl -k -X PUT -H 'Authorization: Bearer xxxxc6b7-4549-9d65-9f2f324be9f3' -H 'Content-Type: application/scim+json' -d @input.json -o output.json 'https://ub20.gluu.org/identity/restv1/scim/v2/Users/xxxxx-6fa7-4f07-a04d-4600e8c83ab9'
Expected behaviour:
when updating a user the mail field should remain a singular string not an array. Additionally subsequent searches by email should return the same user.
Actual behaviour:
Flitered Search show zero result.
Operating system
ubuntu 20
Gluu-server veriosn: 4.2.1 + couchbase
In CE 4.2.2 when tailing scim_persistence.log
the following repeats endlessly even at idle (no request sent to SCIM service):
2021-01-07 21:04:09,598 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_token"
2021-01-07 21:04:09,600 DEBUG [cb-io-1-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:85) - [localhost/127.0.0.1:18093][QueryEndpoint]: Connected Endpoint.
2021-01-07 21:04:09,600 DEBUG [cb-io-1-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:85) - [localhost]: Connected (DEGRADED) to Node
2021-01-07 21:04:09,615 DEBUG [cb-io-1-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:85) - [localhost/127.0.0.1:18093][QueryEndpoint]: Channel Active.
2021-01-07 21:04:09,656 DEBUG [cb-io-1-2] [deps.io.netty.handler.ssl.SslHandler] (SslHandler.java:1759) - [id: 0xd59355e7, L:/127.0.0.1:37280 - R:localhost/127.0.0.1:18093] HANDSHAKEN: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
2021-01-07 21:04:09,895 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_user config proposed.
2021-01-07 21:04:09,895 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_user"
2021-01-07 21:04:09,897 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_token config proposed.
2021-01-07 21:04:09,897 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_token"
2021-01-07 21:04:09,898 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu config proposed.
2021-01-07 21:04:09,898 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu"
2021-01-07 21:04:09,899 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_site config proposed.
2021-01-07 21:04:09,900 DEBUG [cb-computations-3] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_site"
2021-01-07 21:04:09,900 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_cache config proposed.
2021-01-07 21:04:09,900 DEBUG [cb-computations-1] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_cache"
2021-01-07 21:04:09,901 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - New Bucket gluu_session config proposed.
2021-01-07 21:04:09,901 DEBUG [cb-computations-2] [com.couchbase.client.core.logging.Slf4JLogger] (Slf4JLogger.java:90) - Completed refreshing config for bucket "gluu_session"
It repeats over and over with no pauses. This seems abnormal. Log level is set to DEBUG
Reseting password is a core IDM funtion. We need to add support to our SCIM API's for this:
https://tools.ietf.org/id/draft-hunt-scim-password-mgmt-00.txt
Please create a design document before implementation because I'm not sure we want to implement all features specified.
Failed to Add user via Scim Api in 4.3.0 beta
{
"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName":"ajsmith",
"name":{
"familyName":"Smith",
"givenName":"Joe"
},
"displayName":"Average Joe"
}
"curl -k -H 'Authorization: Bearer ...token...' -H 'Content-Type: application/scim+json' -d @input.json -o output.json https://local.gluu.org/identity/restv1/scim/v2/Users"
Expected behaviour
User must be added to gluu-server and response should be like in output.lson
{
"id": "...",
"meta": {
"created": "...",
"lastModified": "...",
"location": "https://.../scim/v2/Users/@!..."
"resourceType": "User"
},
"schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ],
"userName": "ajsmith",
"name": {
"formatted": "Joe Smith",
"familyName": "Smith",
"givenName": "Joe"
},
"displayName": "Average Joe",
...
}
No user added to gluu-server and response shows http error 500
Ubuntu 20
Gluu Server 4.3.0
SCIM only supports the SCIM script currently. Allow usage of persistence extension script too (useful to parameterize the hashing algorithm in users' passwords).
Reference support ticket: 9135
As it was found out during recent troubleshooting session involving SCIM custom scripts that had to persist attributes on their own (in addition to the ones passed in the request) - at least in user creation flow - if attribute of type "Date" is persisted from inside the script, it leads to varying but unexpected results, which may depend on the type of persistence layer (specifically, differences were observed when using LDAP vs MySQL).
1.3.6.1.4.1.1466.115.121.1.24
type for LDAP and "datetime()" type for MySQL); the attached script expects that "activatedAt" and "lastLoginAt" attributes are existing; there also should be at least one more date/time attribute which will be passed in SCIM request explicitly; all the attributes need to be added to SCIM extended schema (by checking corresponding checkbox in their properties)In MySQL none of the attributes set from inside the script are present in immediate user creation response from API, only the one sent in the request makes it there; it will appear in subsequent GET request for that user entry, and is pushed to DB, so it's not a persistence issue.
In case of LDAP it behaves a bit different - if it's a string what is passed in "strTime" variable in a line like below:
user.setCustomAttribute('lastLoginAt', strTime)
...then it will appear in response. At the other hand, if strTime contains a "java.util.Date" object (which is, according to @jgomer2001 , is the most appropriate and DB-independent approach), such attribute won't appear in immediate response. The rest seems to stay the same.
Also, when textual representation of the generalized time is used when passing the value, it seems like OpenDJ and MySQL react to it differently. Using the approach suggested by Jose, as below:
objTime = Date() # this is a full date with milliseconds and so on
strTime = StaticUtils.encodeGeneralizedTime(objTime)
user.setCustomAttribute('activatedAt', strTime)
..the date/time string produced will look like this: 20230411190818.574Z
. OpenDJ consumes such value without complaints, while MySQL rejects it because of the trailing "Z" character. It can still be fixed with line like below:
strTime = strTime.rstrip("Zz")
..but adds to confusion and makes scim scripts less portable
Ideally, we need our custom scripts to be DB-agnostic to make it possible to quickly share and deploy them between different environments. If possible, we need to find a way to handle date/time attributes uniformly in these two, and other possible cases. Passing (and manipulating) a java time object seems like a solid idea, but the issue with it missing from API response needs to be fixed first.
Call the id generation script when creating a user via scim.
Let’s say a company has a bunch of partners, and they want to create a portal to enable an “admin” at the partner to manage the users for the partner organization.
The following code throws NPE (500 error):
//Assume oxEnrollmentCode was previously populated
Response response=client.getUserById(user_inum, null, null);
UserResource u = response.readEntity(UserResource.class);
CustomAttributes attrs = u.getCustomAttributes(USER_EXT_SCHEMA_ID);
logger.debug(attrs.getValue("oxEnrollmentCode", String.class));
attrs.setAttribute("oxEnrollmentCode", "");
response=client.updateUser(u, u.getId(), null, null);
logger.debug(response.readEntity(String.class));
oxtrust.log:
2020-06-12 13:19:01,659 ERROR [qtp1590550415-12] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:180) - Failure at updateUser method
java.lang.NullPointerException: null
at org.gluu.persist.impl.BaseEntryManager.collectAttributeModifications(BaseEntryManager.java:382) ~[oxcore-persistence-core-4.1.0.Final.jar:?]
at org.gluu.persist.impl.BaseEntryManager.merge(BaseEntryManager.java:229) ~[oxcore-persistence-core-4.1.0.Final.jar:?]
at org.gluu.persist.couchbase.impl.CouchbaseEntryManager.merge(CouchbaseEntryManager.java:121) ~[oxcore-persistence-couchbase-4.1.0.Final.jar:?]
at sun.reflect.GeneratedMethodAccessor181.invoke(Unknown Source) ~[?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
at org.jboss.weld.bean.proxy.AbstractBeanInstance.invoke(AbstractBeanInstance.java:38) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.gluu.persist.EntityManager$PersistenceEntryManager$479440844$Proxy$_$$_WeldClientProxy.merge(Unknown Source) ~[weld-core-impl-3.1.2.Final.jar:?]
at org.gluu.oxtrust.service.scim2.UserPersistenceHelper.updatePerson(UserPersistenceHelper.java:74) ~[classes/:?]
at org.gluu.oxtrust.service.scim2.Scim2UserService.replacePersonInfo(Scim2UserService.java:534) ~[classes/:?]
at org.gluu.oxtrust.service.scim2.Scim2UserService.updateUser(Scim2UserService.java:509) ~[classes/:?]
at org.gluu.oxtrust.ws.rs.scim2.UserWebService.updateUser(UserWebService.java:171) ~[classes/:?]
at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.updateUser(Unknown Source) ~[classes/:?]
at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.updateUser(UserWebServiceDecorator.java:127) ~[classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.updateUser(Unknown Source) ~[classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:70) ~[classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_222]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_222]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_222]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_222]
at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) ~[weld-core-impl-3.1.2.Final.jar:3.1.2.Final]
at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.updateUser(Unknown Source) ~[classes/:?]
at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldClientProxy.updateUser(Unknown Source) ~[classes/:?]
As in JanssenProject/jans#1819
This endpoint was not transfered from oxTrust to scim. One can think of using /ServiceProviderConfig
and /ResourceTypes
endpoints (which are normative) for SCIM service discovery, however, these are under the same base URL (ie. /identity/restv1/scim/v2
of the rest of SCIM endpoints). The spec isn't clear about where those discovery endpoints should go.
The scim-configuration endpoint definitely has better usability. I'm thinking for instance if a new version of SCIM comes out (eg. 2.5), that will make the base URL change.
We need to introduce well-known again.
Current Implementaiton embraces syntax in rfc 5321, but it does not account the extensibility of character encoding as in rfc 6531
This is flagging addresses with UTF8 characters as invalid
It was reported some customers want to handle protection externally
The latest stable version in https://ox.gluu.org/maven/ is 4.3.0.Final.
Where are version 4.3.1 and 4.4.1 hosted?
Add year where missing, example 07-02 15:01:06.303 WARN oxtrust.auth.uma.UmaPermissionService UmaPermissionService.java:198- Status response for...
Ref TT 10308
When registering test client, api returns 0 in client_secret_expires_at
.
If client_secret_expires_at
is 0, then RegisterResponse
object is created with variable clientSecretExpiresAt as null.
At TestModeScimsClient#triggerRegistrationIfNeeded
clientExpiration
variable is set to response.getClientSecretExpiresAt().getTime()
and gives NullPointerException.
Simple null check will create new registration request on every program run.
Maybe provide option to provide OpenID client details via constructor?
Response of /.well-known/scim-configuration
has URLs like identity/restv1...
(valid for CE only). Conform to /scim/restv1...
when using CN to avoid customers adding ingress rules. Ref ticket 9127
Hello!
We deployed 4.3.0-SNAPSHOT and got that nullpointer exception due to which scim did not start:
2021-09-07 09:56:29.123:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext@624ea235{/scim,[file:///opt/gluu/jetty/scim/webapps/scim/, jar:file:///opt/gluu/jetty/scim/webapps/scim/WEB-INF/lib/scim-model-4.3.0-SNAPSHOT.jar!/META-INF/resources],AVAILABLE}{/opt/gluu/jetty/scim/webapps/scim}
2021-09-07 09:56:29.149:INFO:oejs.AbstractConnector:main: Started ServerConnector@6b9fc5c7{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
2021-09-07 09:56:29.149:INFO:oejs.Server:main: Started @24298ms
07-09 09:56:43.315 INFO gluu.service.logger.LoggerService LoggerService.java:205- Updated log level of '27' loggers to INFO
07-09 09:56:53.198 ERROR ws.rs.scim2.ServiceProviderConfigWS ServiceProviderConfigWS.java:50- null
java.lang.NullPointerException: null
at org.gluu.oxtrust.ws.rs.scim2.ServiceProviderConfigWS.serve(ServiceProviderConfigWS.java:43) ~[scim-rest-4.3.0-SNAPSHOT.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:546) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:435) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:396) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:398) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:365) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:338) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) ~[resteasy-jaxrs-3.15.1.Final.jar:3.15.1.Final]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) ~[servlet-api-3.1.jar:3.1.0]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228) ~[websocket-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) ~[jetty-security-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1434) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) ~[jetty-servlet-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1349) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.Server.handle(Server.java:516) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) ~[jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) [jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) [jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277) [jetty-server-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) [jetty-io-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) [jetty-io-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) [jetty-io-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883) [jetty-util-9.4.43.v20210629.jar:9.4.43.v20210629]
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034) [jetty-util-9.4.43.v20210629.jar:9.4.43.v20210629]
at java.lang.Thread.run(Thread.java:834) [?:?]
Seems log object is null on line 50 in ServiceProviderConfigWS
With Regards
SCIM fails to validate e-mails like [email protected]
.
Solution given for this issue was defective. More info in tickets 9649 and 9115.
Recommended practice seems not making validations at all due to complexity in regexp to match valid e-mail values. In this issue I'll follow a simplified approach Instead.
When validation takes place on values part of the user extension, the generic error message Error parsing extended attributes
is presented. It should include the name of the attribute that provoked the failure
Offer support for endpoints protection via OAuth tokens with suitable scopes
Additional things to consider:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.