I am using WSO2 identity server 5.7.0, i am calling the api https://[url]:[port]/t/tenantName/scim2/Users GET. The response received is the following with HTTP status 200:
{"totalResults":0,"startIndex":1,"itemsPerPage":0,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"]}
However, the user is not being returned, the tenant has its own admin user only. The expected response (working fine on another environment) is:
{
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"emails": [
"user1#gmail.com"
],
"meta": {
"created": "2023-01-05T13:01:12Z",
"lastModified": "2023-01-05T13:01:12Z"
},
"roles": [
{
"type": "default",
"value": "Internal/subscriber,Internal/creator,Internal/publisher,Internal/everyone,admin"
}
],
"name": {
"givenName": "user1",
"familyName": "user1"
},
"id": "2e86d8e6-7db8-4600-a8bc-f3h1d54d8h6a",
"userName": "user1"
}
]
}
How to fix this? Are there any configuration that should be changed to return all users?
Note: SCIM is enabled in user-mgt.xml file
Recreating a new tenant after enabling the SCIM solved the issue, but the issue remains for the tenant that was created prior to enabling the SCIM.
Related
This is an extension of Unable to validate account confirmation in WSO2 version 6.0 issue.
I have same regex pattern in my self-registration section. But when I'm creating users using rest API, the link which I got in the email is
https://localhost:9443/accountrecoveryendpoint/confirmregistration.do?confirmation=ce790759-1086-4870-a673-35b5927351d8&userstoredomain=PRIMARY&username=samyu&tenantdomain=carbon.super&callback={{callback}}
and when I created the user using manually the link which I got is
https://localhost:9443/accountrecoveryendpoint/confirmregistration.do?confirmation=dff024e7-d7e7-48ef-bb60-1c1c4d6f3b1c&userstoredomain=PRIMARY&username=sam&tenantdomain=carbon.super&callback=https%3A%2F%2Flocalhost%3A9443%2Fmyaccount.
So, the difference between these two links is that callback. So what configuration should I make in order to get the callback value
When you are trying this from the recovery portal, the callback value is set automatically. If you are trying with the REST API you need to include that in the request. The following is a sample JSON payload.
{
"user": {
"username": "kim",
"realm": "PRIMARY",
"password": "Password12!",
"claims": [
{
"uri": "http://wso2.org/claims/givenname",
"value": "kim"
},
{
"uri": "http://wso2.org/claims/emailaddress",
"value": "kimAndie#gmail.com"
},
{
"uri": "http://wso2.org/claims/lastname",
"value": "Anderson"
},
{
"uri": "http://wso2.org/claims/mobile",
"value": "+947729465558"
}
]
},
"properties": [
{
"key": "callback",
"value": "https://localhost:9443/myaccount"
}
]
}
Notice the way how you need to send the callback when using the REST API.
I am using flask-restx to build an app with a swagger UI and I trying to upload this swagger file as a documentation part in AWS API Gateway. Through this swagger UI, I am enabling the user to upload a CSV file for further data processing.
I have the following swagger json:
{
"swagger": "2.0",
"basePath": "/",
"paths": {
"/upload_profile/csv": {
"post": {
"responses": {
"200": {
"description": "Profile uploaded"
},
"400": {
"description": "Validation Error"
},
"401": {
"description": "Not authorized"
}
},
"operationId": "Get uploaded profiles from user",
"parameters": [
{
"name": "csv_file",
"in": "formData",
"type": "file",
"required": true,
"description": "CSV file"
}
],
"consumes": [
"multipart/form-data"
],
"tags": [
"upload_profile"
]
}
}
},
"info": {
"title": "Upload Profile",
"version": "0.0.1"
},
"produces": [
"application/json"
],
"consumes": [
"application/json"
],
"tags": [
{
"name": "upload_profile",
"description": "Uploading User Profiles"
}
],
"responses": {
"ParseError": {
"description": "When a mask can't be parsed"
},
"MaskError": {
"description": "When any error occurs on mask"
}
}
}
When I go to API Gateway --> Documentation --> Import Documentation and paste the json, I get the following error:
How can the following issue be solved? If formData isn't supported by API Gateway, is there an alternate for hosting the swagger UI?
The problem is that AWS API Gateway expects swagger/OpenAPI version 3, and your file is version 2. If you only want a way to host swagger UI for documentation/collaboration purposes, take a look at SwaggerHub https://swagger.io/tools/swaggerhub/.
But, if you really have to use AWS API Gateway, then you need to get spec in OpenAPI-3 format. Since the API is rather small, I'd suggest preparing OpenAPI-3 spec yourself (rather than generating it) and testing it locally via swagger UI.
I'm calling SCIM2 REST service to get user information based on ID but it doesn't return all user data.when I call https://localhost:9444/scim2/Users/8f9d1e34-c340-4ebe-af11-fa0c4575f676 passing username and password (BASIC) I get this payload:
{
"emails": [
{
"type": "home",
"value": "test#test.com"
}
],
"meta": {
"created": "2020-10-09T11:29:42.809803400Z",
"location": "https://localhost:9444/scim2/Users/8f9d1e34-c340-4ebe-af11-fa0c4575f676",
"lastModified": "2020-10-09T11:29:42.809803400Z",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"roles": [
{
"type": "default",
"value": "Internal/everyone"
}
],
"id": "8f9d1e34-c340-4ebe-af11-fa0c4575f676",
"userName": "test"
}
But this user has more attributes as seem below:
How do I return whole user data?
Thanks in advance
The SCIM GET request on /Users/{user-id} endpoint will return the SCIM user attributes which defined under urn:ietf:params:scim:schemas:core:2.0:User and urn:ietf:params:scim:schemas:extension:enterprise:2.0:User claim dialects (mgt console -> Main Menu-> Identity tab -> Claims -> List). If the particular attribute (i.e local claim) is not mapped to a SCIM user attribute that value won't be returned in the SCIM user GET response.
In order to map such local attributes to SCIM attributes, you can follow the instructions in https://is.docs.wso2.com/en/latest/develop/extending-scim2-user-schemas/#extending-the-scim-20-api.
Moreover,
You can find SCIM core user attribute definitions here. If an attribute's returned characteristic is
Returned.ALWAYS -> Always returned in the response
Returned.DEFAULT -> Return in the response only if that attribute has a value
Returned.NEVER -> Never return in the response
As per the documentation, I should be able to get a list of users with a custom schema as long as the field in the schema has a value of ALL_DOMAIN_USERS in the readAccessType property. That is the exact set up I have in the admin console; Moreover, when I perform a get request to the schema get endpoint for the schema in question, I get confirmation that the schema fields are set to ALL_DOMAIN_USERS in the readAccessType property.
The problem is when I perform a users list request, I don't get the custom schema in the response. The request is the following:
GET /admin/directory/v1/users?customer=my_customer&projection=full&query=franc&viewType=domain_public
HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer fakeTokena0AfH6SMD6jF2DwJbgiDZ
The response I get back is the following:
{
"nextPageToken": "tokenData",
"kind": "admin#directory#users",
"etag": "etagData",
"users": [
{
"externalIds": [
{
"type": "organization",
"value": "value"
}
],
"organizations": [
{
"department": "department",
"customType": "",
"name": "Name",
"title": "Title"
}
],
"kind": "admin#directory#user",
"name": {
"fullName": "Full Name",
"givenName": "Full",
"familyName": "Name"
},
"phones": [
{
"type": "work",
"value": "(999)999-9999"
}
],
"thumbnailPhotoUrl": "https://photolinkurl",
"primaryEmail": "user#domain.com",
"relations": [
{
"type": "manager",
"value": "user#domain.com"
}
],
"emails": [
{
"primary": true,
"address": "user#domain.com"
}
],
"etag": "etagData",
"thumbnailPhotoEtag": "photoEtagData",
"id": "xxxxxxxxxxxxxxxxxx",
"addresses": [
{
"locality": "Locality",
"region": "XX",
"formatted": "999 Some St Some State 99999",
"primary": true,
"streetAddress": "999 Some St",
"postalCode": "99999",
"type": "work"
}
]
}
]
}
However, if I perform the same request with a super admin user, I get an extra property in the response:
"customSchemas": {
"Dir": {
"fieldOne": false,
"fieldTwo": "value",
"fieldThree": value
}
}
My understanding is that I should get the custom schema with a non admin user as long as the custom schema fields are set to be visible by all domain users. This is not happening. I opened a support ticket with G Suite but the guy that provided "support", send me in this direction. I believe this is a bug or maybe I overlooked something.
I contacted G Suite support and in fact, this issue is a domain specific problem.
It took several weeks for the issue to be addressed by the support engineers at Google but it was finally resolved. The behaviour is the intended one now.
I am trying to create a user with scim2 API in wso2 with my own extended claim
my API request
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"name": {
"familyName": "jackson",
"givenName": "kim"
},
"userName": "test3",
"password": "abc123",
"demoRole":"student",
"emails": [
{
"primary": true,
"value": "kim.jackson#gmail.com",
"type": "home"
},
{
"value": "kim_j#wso2.com",
"type": "work"
}
],
"roles":[
{
"value": "PRIMARY/manager"
}
]
}
and the configuration in scim2-schema-extension.config.xml is
{
"attributeURI":"urn:ietf:params:scim:schemas:core:2.0:User:demoRole",
"attributeName":"demoRole",
"dataType":"string",
"multiValued":"false",
"description":"The displayName of the User's manager.",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"canonicalValues":[],
"referenceTypes":["external"]
},
my claim configuration is
Claim URI -> urn:ietf:params:scim:schemas:core:2.0:User:demoRole
Mapped Local Claim -> http://wso2.org/claims/demoRole
Attribute URI for your schema extension should be,
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:demoRole
So, External claim URI for urn:ietf:params:scim:schemas:extension:enterprise:2.0:User will be,
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:demoRole
SCIM2 create user request should contain the demoRole as,
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"demoRole":"student"}
For more details on the schema extension representation, refer the specification