We Keep Coding

WSO2 5.10 SCIM API doesnt send email when creating user with askpassword set to true

I'm testing WSO2 5.10 user creation via SCIM Rest API using the following curl command
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"Smith","givenName":"John"},"userName":"john","password":"password","emails":[{"primary":true,"value":"jsmith#test.com","type":"home"},{"value":"jsmith#test.com","type":"work"},{"value":"jsmith#test.com"}],"EnterpriseUser":{askPassword:"true"}}" --header "Content-Type:application/json" https://localhost:9443/scim2/Users
It creates a user as expected but doesn't send an email to set up a password.
However, when an admin tries to create a user through the management console for the same scenario, the user receives an email to set up a password. But not through this API request.
What am I doing wrong?

You need to set the askPassword attribute under the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User schema as true in the SCIM2 user create request. So try the request as below,
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"Smith","givenName":"John"},"userName":"john","password":"password","emails":[{"primary":true,"value":"jsmith#test.com","type":"home"},{"value":"jsmith#test.com","type":"work"},{"value":"jsmith#test.com"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{askPassword:"true"}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
Please refer the official documentation for more details.

How to validate ask password confirmation code wso2 SCIM 2 API

I am using SCIM api for registering a user
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"Smith","givenName":"Paul"},"userName":"Paul","password":"password","emails":[{"primary":true,"value":"paul#somemail.com"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{askPassword:"true"}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
I got a
Create Password for New Account
email to my primary email address with a confirmation code.
How to validate this confirmation code with wso2is using SCIM 2?
In REST API there is an option to validate code.
I tried REST API
curl -k -v -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{ "code": "84325529-8aa7-4851-8751-5980a7f2d9f7","properties": []}' "https://localhost:9443/api/identity/user/v1.0/validate-code"
it returns in case of invalid code
{
"code": "18001",
"message": "Bad Request",
"description": "Invalid Code '84325529-8aa7-4851-8751-5980a7f2d9f7'"
}
in the case valid code it returns
{
"code": "18001",
"message": "Bad Request",
"description": "Invalid Code '%s.'"
}
no console error
Validate code worked with REST API work flow

There is no such SCIM APIs in WSO2 Identity Server to validate the confirmation codes. WSO2 Identity Server has a soap API (UserInformationRecoveryService-verifyConfirmationCode) and a REST API (/validate-code) that can fulfill your requirement.
You can find the SOAP API here.

I am editing my answer here since I talked with the developers and I realised there is a different API that you need to use for validating the confirmation code: documentation.
So you need to send the following request:
curl -k -v -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -d '{ "code": "84325529-8aa7-4851-8751-5980a7f2d9f7","step": "UPDATE_PASSWORD","properties": []}' "https://localhost:9443/api/identity/recovery/v0.9/validate-code"
and the response should be
"HTTP/1.1 202 Accepted"
I tried it and it works.

Note: if you are using SCIM identity through a system like a self-managed GitLab, GitLab 15.3 (August 2022) offers a better integration:
User SCIM identity visible in UI
Previously, the SCIM identity for a user could only be accessed using the SCIM API.
Now, a user’s SCIM identity is visible to GitLab administrators in the Identities tab of the User list. With
this, troubleshooting of SCIM-related issues is simplified. Administrators can validate what identity, if any, is
being used for a specific account without requiring GitLab Support or an API query.
See Documentation and Issue.

WSO2is SCIM auth user

I have a WSO2 Identity Server with PostgreSQL, i work in node and i already use a SCIM 2.0 api for create new users, my question is, how i use SCIM to create a authentication user for my app, in my app how i know when the user have a valid token.
to create a new user i use this:
curl -v -k --user user:pass --data '{"schemas":[],"name":{"familyName":"nae","givenName":"name",},"userName":"newuser","password":"newpassword","emails":[{"primary":true,"value":"data","type":"home"},{"value":"data","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

To get a valid token for the user you have to invoke oAuth flow.
Create SP in the IS with oAuth configurations.
Use the client id and secret to get the access token using the created user credentials.
curl -v -X POST -H "Authorization: Basic <base64 encoded client id:client secret value>" -k -d "grant_type=password&username=<username>&password=<password>" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
Refer : https://docs.wso2.com/display/IS530/Resource+Owner+Password+Credentials+Grant

WSO2 IS: SCIM API Update: Required attribute userName is missing in the SCIM Object

How to update user with PATCH, why it require userName (with PUT is the same)?
curl -v -k --admin:admin -X PATCH -d '{"name":{"familyName":"Doe"}' \
--header "Content-Type:application/json" \
https://localhost:9443/wso2/scim/Users/bd61878b-a37c-4c71-ab76-c553d559539f
Required attribute userName is missing in the SCIM Object
I have secondary user store with immutable userName. When I try to enter userName also in param the same not changed. It reports me:
User name is immutable in carbon user store.
I am using wso2 is 5.1. Is there any way to update user using SCIM API?

Please try as mentioned in here.

WSO2: Ask Password From User when creating user via SCIM Rest Endpoint

Is there a way, when creating a WSO2 user via the SCIM REST API, to specify that you want to ask the password from the user instead of setting the password explicitly?
For example, I'm able to succesfully create users via the REST API like so:
curl -v -k --user admin:admin --data "{"schemas":[],"name": {"familyName":"vader","givenName":"darth"},"userName":"dvader#empire.com","password":"myPassword","emails":[{"primary":true,"value":"darthvader#empire.com","type":"home"},{"value":"darthvader#tatooine.com","type":"work"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
But instead of explicitly setting the password, I'd like to create a user in this way, but allow the user to set their password.
When adding a user using the WSO2 Management Console, you can select the "Ask password from user" box, so it seems to be possible. I just need to know how to do it via the REST API.
Thanks.

"Ask password from user" option comes with the identity management features of the identity server. at the moment (Up to WSO2IS 5.0.0) it is not possible to do this for a user provisioned through SCIM. You will have to give a common password and later users can change it.

WSO2 Identity Server 5.0.0 supports ask password feature with SCIM as well. You can use the following request to create a user. Here we do not need to give the password for the user. We need to give the email address of the user because the account confirmation email will be sent to that email address.
curl -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"edirisinghe","givenName":"dushan"},"userName":"edirisinghe", "emails":"thariyarox#gmail.com"}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
You can get to know more about this feature by referring [1].
[1] http://tharindue.blogspot.com/2015/07/create-users-with-ask-password-feature.html
Thank you,
Tharindu Edirisinghe