I'm using WSO2 5.1. The SCIM GET requests to retrieve users return responses that contain only a small number of attributes. How do I make it return additional attributes?
The documentation for the GET user request on WSO2's SCIM API page says "The response consists of all attributes that were sent." This doesn't make sense - how do you send attributes with this GET request?
Turns out, all attributes (or all LDAP attributes that are mapped to SCIM claims) will be returned ONLY IF the GET request filters by the user's SCIM ID (the guid string). I was doing a GET request using a filter on externalId which is why it didn't return all attributes.
Related
The WSO2 APIM version is 3.2.0.
Created a JBDC secondary userstore opera in WSO2 APIM and added some users say user1.
There was an application created in devportal - GUI_APP
When I try to access the token API with the user in opera, I'm getting the below error.
"Users in the tenant domain : opera do not have access to application admin_GUI_APP_PRODUCTION"
API details below:
Request URL:
https://{APIM_IP}:8243/token
Request Method:
POST
Request Headers:
Content-Type:application/x-www-form-urlencoded
Authorization:Basic (base64 encoded key:secret of GUI_APP)
Request Body:
grant_type:password
username:user1#opera
password:{pwd}
Kindly let me know what change needs to be done, to get the token for users in secondary user store .
The user store domain should be prepended to the username in the following format. The # symbol is used to append the tenant domain to the username.
UserStoreDomain/Username
Also, it is not mandatory to prepend the user store domain. When the user store domain is not prepended, it will first search the username in the PRIMARY and then search for all the secondary user stores.
In my WSO2 Identy Server (v5.8.0), i have added one custom attribute named XXX.
Then, in my web client application, I invoke /scim2/Users service to create new user inside IDS.
I successfully create user with correct name, surname, email, phone number and so on, but my custom field is not updated in my user content store.
By other hand, if I update field by data entry and read my user from IDS, I can see my custom attribute XXX correctly.
Can someone help me ?
One of the following reasons could be caused not to update custom attributes via scim2/Users endpoint.
Once you add a new local claim and if you want to access/modify its value using SCIM endpoint it should be mapped to scim claim dialect. Follow the steps in extending scim user claims doc in https://docs.wso2.com/display/IS580/Extending+SCIM+2.0+User+Schemas
If the above step is correctly configured, check the request payload whether the attribute is correctly defined in the payload. If the attribute is not defined in the expected format, WSO2 IS ignores those attributes.
When you trying to update the value via login to the management console and view the user profile through the management console doesn't involve the SCIM APIs. You are directly updating the local claim in the WSO2 local claim dialect. If you have followed the doc mention is step 1 and that attribute has a value, GET /scim2/Users/{user-id} should return the attribute in the response.
In SOAP Teanant API I can define my own tenantId (https://docs.wso2.com/display/IS530/Managing+Tenants+with+APIs#ManagingTenantswithAPIs-addTenant()), but in REST API this ability is not available. The reason I wanted to use custom tenantId is so that I can map multi-tenancy from WSO2 domain to my application domain, thus using id as a bridge. There is additonalClaims element in request JSON for addTenant endpoint, but this element is not returned in getTenant endpoint. Is there additional tenant property I can use to store custom information?
The Tenant creation REST API doesn't allow to input the tenant id. But you can use the returned tenant id for the mapping purpose.
Once a tenant is created successfully using API, It should return 201 Cretaed status code and you would be able to find the Location header in the response headers. The location header contains the location to the tenant. https://<Host>:<port>/t/<tenant-domain>/api/server/v1/tenants/<tenant-id>. From this value you can extract the tenant id.
For the second part of the question:
additonalClaims attribute belongs to tenant owners not to the core tenant object. When you execute GET /tenants or GET /tenants/ request, owner's id and username are returned.
"owners": [
{
"id": "af01d6cf-bf5d-440f-b99c-ac482f6dc89f",
"username": "kim"
}
]
If you check the tenant owner's profile via carbon console/console you should see the additional claims added via the request. Moreover, if that added local claim is mapped to a SCIM claim (eg: http://wso2.org/claims/mobile) you would view that user properties via SCIM GET User API.
eg: https://<host>:<port>/t/<tenant-domain>/scim2/Users/<tenant-ownser's-id>
I am completely new to SCIM API.
Need your help in setting up and getting the entitlement metadata via SCIM API from sailpoint and fetch it in Postman.
Any dummy code would be very helpful which I will edit as per my exact need.
Select get method and add basic authentication for entering your username and password.
Put in the url: YOURDOMAIN/scim/v2/Entitlements (f.e. http://localhost:8080/identityiq/scim/v2/Entitlements) => you will get all entitlements back, if there are some entitlements.
Maybe that can help you: https://developer.sailpoint.com/SCIM/index.html#entitlements-entitlements
I am new to wso2is, and I'm trying to add the extended schema to SCIM user management as described in http://docs.wso2.org/display/IS460/Extensible+SCIM+User+Schemas+With+WSO2+Identity+Server
I was able to successfully enable the extended schema in the configuration file, do the claims mapping and even successfully create an user with extended claims, but the problem is that when I request the user information back through the /User/ or /Users endpoints, I can't find a way to have the extended attributes included in the result, which always contains only the standard SCIM schema attributes.
Any suggestions?
I think you have mapped your claims to http://wso2.org/claims dialect. But you need to map those claims under the urn:scim:schemas:core:1.0 dialect. Once you map these under the urn:scim:schemas:core:1.0 dialect, GET request populate the extended claims as well.
Regards,
Venura