-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No support for removing group members #174
Comments
I'm experiencing a similar issue and wanted to add more details to this bug report: Describe the bug The 'value' JsonNode is missing in RemoveOperation within PatchOperation.java To Reproduce
Request body:
The error:
Expected behavior Additional context
|
The SCIM specification indicates in RFC 7644 section 3.5.2.2 that the However, the specification does provide a standard way to remove a group member from a group, and this is performed with the use of a value filter in the path, such as Fortunately, the SCIM SDK already supports this form of a remove operation. Let's look at an example: // Construct the initial group and its members.
GroupResource group = new GroupResource();
group.setMembers(List.of(
new Member().setValue("c00c399a-9d68-4180-89bf-a56297cf4366").setType("Leader"),
new Member().setValue("1e70532e-e6d8-419f-8dee-e9e71ab099d9").setType("Occasional"),
new Member().setValue("ba7bd3d9-de59-40d6-8cbc-c5d786fa50be").setType("Part-time")
));
// Create a patch request that will remove the "Occasional" user.
PatchRequest request = new PatchRequest(
PatchOperation.remove("members[value eq \"1e70532e-e6d8-419f-8dee-e9e71ab099d9\"]")
);
// Apply the patch request.
GenericScimResource groupResource = group.asGenericScimResource();
request.apply(groupResource);
System.out.println(groupResource); The print statement in the code snippet above provides the following output, indicating that the "occasional" member was successfully removed: {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": "c00c399a-9d68-4180-89bf-a56297cf4366",
"type": "Leader"
},
{
"value": "ba7bd3d9-de59-40d6-8cbc-c5d786fa50be",
"type": "Part-time"
}
]
} I think this should provide the functionality that you seek, as long as the service provider supports this type of request. If the service provider requires sending a remove operation with a If you need to create a request of this form to a service provider that mandates it, then I would just construct it as a raw ObjectNode. If needed, you could place this JSON data in a private GenericScimResource createUnorthodoxRemoveRequest(String memberID)
throws JsonProcessingException {
final String request = "{"
+ " \"schemas\": ["
+ " \"urn:ietf:params:scim:api:messages:2.0:PatchOp\""
+ " ],"
+ " \"Operations\": ["
+ " {"
+ " \"op\": \"remove\","
+ " \"path\": \"members\","
+ " \"value\": {"
+ " \"members\": ["
+ " {"
+ " \"value\": \"" + memberID + "\""
+ " }"
+ " ]"
+ " }"
+ " }"
+ " ]"
+ "}";
ObjectNode node = JsonUtils.getObjectReader().forType(ObjectNode.class).readValue(request);
return new GenericScimResource(node);
} Of course, you could expand this to take multiple members and programmatically append them to the members array if needed. You could also consider starting with |
@kqarryzada , thanks for replying this issue. I checked the SCIM specification link and you are correct : The remove PATCH operation doesn't have a 'value' field. That explains the absence of the 'value' JsonNode in the RemoveOperation. I'm developing a SCIM server to process SCIM requests from various IDP servers (Azure and Okta). It appears they implement the standard differently. The example I provided in my post is from Azure, please find the link here: Thank you for your code examples. I tried similar solution: I manually parse the PATCH request data, then implement the special case if it's for removing group member. The other operations are directed to the PatchRequest. The code looks massy also I had problem to convert the request data from LinkedHashMap to PatchRequest. In the end, I duplicated the PatchRequest and PatchOperation then created the new ScimGroupPatchRequest and ScimGroupPatchOperation classes. I added the 'value' JsonNode into the RemoveOperation within ScimGroupPatchOperation. The code is now clean, and I'm able to process the remove PATCH request from Azure. |
Thanks @tony-zhang-nz. It's unfortunate that Azure also follows that model. Even though there are workarounds for this, it could be helpful for the SDK to provide some form of support for interpreting requests from SCIM service providers with improper |
Patchoperation with opType remove does not save the objectNode value .
This makes it hard to support removing group members according to this:
https://help.salesforce.com/s/articleView?id=sf.identity_scim_manage_groups.htm&type=5.
I want to use PatchRequest and PatchOperation as pojos and then handle the deleting in my server, when removing the objectNode, this is not possible.
The text was updated successfully, but these errors were encountered: