Hi,
I'm following the guide here: https://simpleidserver.readthedocs.io/en/latest/intro/getting-started-with-scim.html#
After configuring a new project according to the guide, got 404 when requesting https://localhost:sslPort/Schemas.
Startup.cs:

 public class Startup {

        private IWebHostEnvironment Env { get; }

        public Startup(IWebHostEnvironment env) {
            Env = env;
        }


        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services) {
            services.AddSIDScim();

            services
            .AddAuthentication(SCIMConstants.AuthenticationScheme)
            .AddCookie(SCIMConstants.AuthenticationScheme);

            services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy());
            
            services.AddControllers(); 
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
            if (env.IsDevelopment()) {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();

            app.UseEndpoints(endpoints => {
                endpoints.MapControllers();
            });
        }
    }

Project file:

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>netcoreapp3.1</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="3.1.3" />
    <PackageReference Include="SimpleIdServer.Scim" Version="1.1.5" />
  </ItemGroup>

</Project>

What I'm missing here?
Thanks

externalId is declared as DateTime in Common schema, but looks like it should be a string. And according to https://tools.ietf.org/html/rfc7643 externalId is not in meta.

Hello, nice project!

I have a question, maybe is my wrong configuration.

The User schema has groups attribute set readonly:
{
"name": "groups",
"type": "complex",
"multiValued": true,
"descriptions": null,
"required": false,
"caseExact": false,
"mutability": "readonly",
"returned": "default",
"uniqueness": "none",
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"descriptions": null,
"required": false,
"caseExact": false,
"mutability": "readonly",
"returned": "default",
"uniqueness": "none"
}
]
}

Than on the Group schema I have a members attribute.
To add a new user to a spcific group I can use patch to Group, but what about getting groups from Users endpoint?

If I understood correctly, the values of members in Group representation is the id of user, so when I get specific user I should get also groups, am I right?

If so, is this behaviour implemented?

Thanks a lot :-)

According to https://tools.ietf.org/html/rfc7643#section-3.1 common attributes (id, externalId and meta) should not have own schema. They should be implicitly defined for any resource type except "ServiceProviderConfig" and "ResourceType" schemas. But SimpleIdServer throws an exception if I try to post a user with externalId attribute and without urn:ietf:params:scim:schemas:core:2.0:Common in schema.
This leads to exception:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "userName": "someusername",
    "name": {
        "familyName": "somefamilyname",
        "givenName": "somegivenname"
    },
    "emails": [
        {
            "primary": true,
            "value": "[email protected]"
        }
    ],
    "externalId": "someexternalid"
}

and this is ok

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:core:2.0:Common"
    ],
    "userName": "someusername",
    "name": {
        "familyName": "somefamilyname",
        "givenName": "somegivenname"
    },
    "emails": [
        {
            "primary": true,
            "value": "[email protected]"
        }
    ],
    "externalId": "someexternalid"
}

I think urn:ietf:params:scim:schemas:core:2.0:Common should not be required to be specified

Hello, the startindex should is one based, but in the method FindSCIMRepresentations in MongoDB persistence, the Skip method accepts zero based parameter

queryableRepresentations.Skip(startIndex)

Regards.
Gabriele

Line 20 in StandardSCIMRepresentationAttributes has a value of "descriptions" I believe this should be "description" without an "s" add the end. Please correct me if I am wrong.

Also The description on the schema (schemas endpoint) takes the name from the schemabuilder and not the provided description. The resourceType endpoint does do this properly.

{

"id": "urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser",
"name": "eduUser",
"descriptions": "eduUser",
"attributes": [
{
"name": "eckId",
"type": "string",
"multiValued": false,
"descriptions": "The unique identification of the user for digital content",
"required": true,
"caseExact": false,
"mutability": "immutable",
"returned": "request",
"uniqueness": "global"
},

Hello,

the resource type is in plural:

public static SCIMSchemaBuilder Create(string id, string name, string resourceType,

Bu I think that should be "Resource Type" and "User".

Regards.

Currently filtering by user emails without property doesn't work. It be appended with .value to work properly.

See: https://tools.ietf.org/html/rfc7644#section-3.4.4.2
RFC Example: userType eq "Employee" and (emails co "example.com" or emails.value co "example.org")

Or simply: emails co \"example.com\"

Tests found here:

Hello,

if a user is in more than one group the get user, returns only one group.

Regards.

Hi,
Do have any plans to add more content to the SCIM documentation (https://simpleidserver.readthedocs.io/en/latest/intro/getting-started-with-scim.html)?

I'm using the SCIM server for several weeks to make POC of migration our SCIM to .net core with SimpleIdServer and only one way that I found to discover stuff, is by debugging the original source code.
It takes time...

I'm looking for:

• documentation for adding custom resources (the samples are very basic)
• where is the correct point in the code to get business objects from our DB and convert it to SCIM objects. I made it by implementing ISCIMRepresentationQueryRepository interface.
• how do you suggest convert business objects to SCIM representations? I made it by AutoMapper where I map each property to SCIM property.
• What the purposes of : ISCIMSchemaQueryRepository, IPatchRepresentationCommandHandler, IReplaceRepresentationCommandHandler, IDeleteRepresentationCommandHandler, IAddRepresentationCommandHandler
• We have 8 different end-points in our SCIM server and some objects are persists in other objects. What the correct way to re-use the same schemas in the object?

Maybe you have any flow chart to demonstrate the pipeline of the request and response?
P.S. We're migrating from this project: https://github.com/PowerDMS/Owin.Scim

Please, advise,

It seems that in SCIMSchemaAttributeModel, the SchemaId column is not set for subattributes with the schema Id but just null. I can use a recursive query to get the complete list of attributes in a schema. But having schemaId always filled with schemaId would make getting a complete attribute list for a schema much more efficient.

Same goes for RepresentationId in SCIMRepresentationAttributeLst. If it was filled in everywhere, I could do the query for getting all attributes without recursion, making the example query below more simple.

;WITH RepresentationAttribute 
AS
(
    SELECT * 
	FROM [SCIMRepresentationAttributeLst]
	WHERE RepresentationId IS NOT NULL
    
	UNION ALL

    SELECT child.Id,
		child.ParentId,
		child.SchemaAttributeId,
		CASE WHEN Child.RepresentationId IS NULL THEN parent.RepresentationId ELSE Child.RepresentationId END AS RepresentationId  
	FROM [SCIMRepresentationAttributeLst] AS child
		INNER JOIN RepresentationAttribute AS parent ON child.parentId = parent.id
)
SELECT 
	[SCIMRepresentationLst].Id,
	[SCIMRepresentationLst].ExternalId,
	RepresentationAttribute.*
	,SCIMRepresentationAttributeValueLst.*
	,SCIMSchemaAttributeModel.*
FROM [SCIM].[dbo].[SCIMRepresentationLst]
	inner join RepresentationAttribute on [SCIMRepresentationLst].Id = RepresentationAttribute.RepresentationId
	inner join SCIMSchemaAttributeModel on RepresentationAttribute.SchemaAttributeId = SCIMSchemaAttributeModel.Id
	left outer join SCIMRepresentationAttributeValueLst ON RepresentationAttribute.Id = SCIMRepresentationAttributeValueLst.SCIMRepresentationAttributeId

This might not mean much for the .NET side of things, but might be useful for further processing on the SQL side. Also if this fouls something on the .NET side of things just close as wont implement as this is not that important

In SimpleIdServer.Scim.Swashbuckle\SCIMSchemaGenerator.cs, GenerateReferencedSchema() method, row 176
schema.Properties.Remove(schema.Properties.First(_ => .Key == "Attributes"));
I got exception: System.InvalidOperationException: 'Sequence contains no matching element'
for schema.Properties.First( => _.Key == "Attributes") row.
Any of my schemas contain Attributes in Properties.

I mentioned it already in #53 (comment)

Occurring in version 1.1.8

My solution is to call FirstOrDefault instead of First.

Hi,
I have trouble adding more than one user in a Group with the SQL Server implementation, when I do it I receive an exception that says:

{
  "status": "500",
  "response": {
    "schemas": [
      "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "status": "500",
    "scimType": "internalServerError",
    "detail": "System.InvalidOperationException: The instance of entity type 'SCIMRepresentationAttributeModel' 
cannot be tracked because another instance with the key value '{Id: c6040bb8-5212-476c-b99a-9b1957cf1462}' is 
already being tracked. When attaching existing entities, ensure that only one entity instance with a given key value 
is attached.\r\n   at Microsoft.EntityFrameworkCore
.ChangeTracking.Internal.IdentityMap`1.ThrowIdentityConflict(InternalEntityEntry entry)\r\n   at 
Microsoft.EntityFrameworkCore.ChangeTracking.Internal.IdentityMap`1.Add(TKey key, InternalEntityEntry entry, 
Boolean updateDuplicate)\r\n   at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.IdentityMap`1.Add(TKey key, InternalEntityEntry entry)\r\n   at 
Microsoft.EntityFrameworkCore.ChangeTracking.Internal.NullableKeyIdentityMap`1.Add(InternalEntityEntry entry)\r\n   
at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.StartTracking(InternalEntityEntry entry)\r\n   
at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.InternalEntityEntry.SetEntityState(EntityState oldState, EntityState newState, Boolean acceptChanges)\r\n   at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityGraphAttacher.PaintAction(EntityEntryGraphNode node, 
Boolean force)\r\n   at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityEntryGraphIterator.TraverseGraph[TState](EntityEntryGraphNode node, TState state, Func`3 handleNode)\r\n   
at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityEntryGraphIterator.TraverseGraph[TState](EntityEntryGraphNode node, TState state, Func`3 handleNode)\r\n   at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityEntryGraphIterator.TraverseGraph[TState](EntityEntryGraphNode node, TState state, Func`3 handleNode)\r\n   at Microsoft.EntityFrameworkCore.ChangeTracking.Internal.EntityGraphAttacher.AttachGraph(InternalEntityEntry rootEntry, 
EntityState entityState, Boolean forceStateWhenUnknownKey)\r\n   at Microsoft.EntityFrameworkCore.DbContext.SetEntityState(InternalEntityEntry entry, EntityState entityState)\r\n   at 
Microsoft.EntityFrameworkCore.DbContext.SetEntityState[TEntity](TEntity entity, EntityState entityState)\r\n   at Microsoft.EntityFrameworkCore.DbContext.Add[TEntity](TEntity entity)\r\n   at Microsoft.EntityFrameworkCore.Internal.InternalDbSet`1.Add(TEntity entity)\r\n   at 
SimpleIdServer.Scim.Persistence.EF.EFSCIMRepresentationCommandRepository.Add(SCIMRepresentation data, CancellationToken token) in C:\\Users\\stefano.gabriele\\Downloads\\scim-api\\SimpleIdServer.Scim.Persistence.EF\\EFSCIMRepresentationCommandRepository.cs:line 46\r\n   at SimpleIdServer.Scim.Persistence.EF.EFSCIMRepresentationCommandRepository.Update(SCIMRepresentation data, 
CancellationToken token) in C:\\Users\\stefano.gabriele\\Downloads\\scim-api\\SimpleIdServer.Scim.Persistence.EF\\EFSCIMRepresentationCommandRepository.cs:line 87\r\n   at SimpleIdServer.Scim.Commands.Handlers.PatchRepresentationCommandHandler.Handle(PatchRepresentationCommand patchRepresentationCommand) in C:\\Users\\stefano.gabriele\\Downloads\\scim-api\\SimpleIdServer.Scim\\Commands\\Handlers\\PatchRepresentationCommandHandler.cs:line 41\r\n   at SimpleIdServer.Scim.Api.BaseApiController.InternalPatch(String id, JObject jObj) in C:\\Users\\stefano.gabriele\\Downloads\\scim-api\\SimpleIdServer.Scim\\Api\\BaseApiController.cs:line 313"
  }
}

This is the request: https://localhost:5001/v2/Groups/47eff5ca-2cf7-4623-92a9-fb611a859a70

BODY:

    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "add",
            "path": "members",
            "value": [
                {
                    "value": "a60afbe4-1a8c-4449-8787-ccb8063faf95"
                }
            ]
        }
    ]
}

Is it possible to create a new project (like SimpleIdServer.Scim.Persistence.EF) to store data to MongoDB?

I created a project and I managed to store data to MongoDB, but now it doesn't work beacause of new feature in 1.1.1.

Do you have plan to support nosql database?

Thanks a lot.

I just upgraded to 1.1.3 and the post request stopped working with a schema violation error. I gave the application a clean database, so it should not be an "old" data problem.

Schema for eduUser as given by the schema endpoint

{
"id": "urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser",
"name": "eduUser",
"description": "SCIM extended resource for representing users for digital educational content in the Netherlands",
"attributes": [
{
"name": "name",
"type": "complex",
"multiValued": false,
"description": "A complex type containing the name of the EduUser",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "default",
"uniqueness": "none",
"subAttributes": [
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The surname of the EduUser, including prefixes like 'van' or 'van der'",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the EduUser",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "none"
}
]
},
{
"name": "eckId",
"type": "string",
"multiValued": false,
"description": "The unique identification of the user for digital content",
"required": true,
"caseExact": false,
"mutability": "immutable",
"returned": "request",
"uniqueness": "global"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The surname of the EduUser, including prefixes like 'van' or 'van der'",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the EduUser",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "none"
},
{
"name": "externalId",
"type": "string",
"multiValued": false,
"description": "The identifaction of the user as defined by Kennisnet: nlEduPersonRealId",
"required": false,
"caseExact": true,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "global"
}
]
}

The post body to eduUser endpoint
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser"
],
"eckId": "https://eckid.nl/8e0a9f57fc7e7cc810f03faX",
"externalId": "[email protected]",
"name": {
"givenName": "Voornaam",
"familyName": "Achternaam"
}
}

The result :
{
"status": "400",
"response": {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "400",
"scimType": "schemaViolated",
"detail": "required attributes familyName,givenName are missing"
}
}

It still worked in 1.1.2. Am I missing something obvious or is there a bug in the 1.1.3 version?
I'm using the ef persistence option package.

Hello,

I recently downloaded your project to try and see if I could use it to set-up a scrim server. Using the test code and startup code in the repository as a guide I was able to setup my own project with the nuget package. I can call into the schema endpoint and that is all fine. It seems to be a very nice package.

What I am missing is any instruction on how to switch from the default inMemory persistence model to a sql server database. In the repository there is "SimpleIdServer.Scim.Persistence.EF", but there seems to be no nuget package for that. It seems to me that I am required to provide my own equivalent of that project using "SimpleIdServer.Scim.Persistence.EF" as a base. Is this assumption correct or am I missing something?

Any instruction on the subject of persistence is appreciated.

Hi,
I'm wondering how can I set attributes values to decimal numbers or binary data?
According to SCIM RFC there is decimal and binary values should be supported.
In SCIMRepresentationAttribute class there are only:

• string
• bool
• int
• DateTime

Also, how can I set null to ValuesDateTime property?
Maybe it should be define as
public ICollection<DateTime?> ValuesDateTime { get; set; }

Please, advise

Hello guys,

im trying to install lib in my project with .net core 3.1 and encounter errors with version compatibilities dependencies, i attach the error.

System.MissingMethodException: 'Method not found: 'Microsoft.Extensions.DependencyInjection.IServiceCollection Microsoft.Extensions.DependencyInjection.AuthorizationServiceCollectionExtensions.AddAuthorization(Microsoft.Extensions.DependencyInjection.IServiceCollection, System.Action`1<Microsoft.AspNetCore.Authorization.AuthorizationOptions>)'.'

I've tried to add support for Swagger UI to expose API documentation with fancy UI.

I can see all end-point in the UI and event envoke part of the end-points.
But there are several issues:

• Since my custom controllers don't expose actual actions, I can't add XML comments to the methods (the UI documentation collects all data from the methods XML comments). My workaround is to implement my custom IDocumentFilter and manually patch all custom end-points metadata. It works but very ugly and hard to maintain.
  My suggestion is to make all actions in BaseController virtual and then I could just override the methods and add my XML comments. The code of the overridden method will be only calling the base class.

• The second problem is the metadata method parameters. I'm talking about JObject parameters. I'm still looking for an elegant way to describe the parameters by XML comments.

Please, advise

The canonical values is not managed.

Do you have a plan for this?

Gabriele

According to the rfc7643 spec, this should be allowed: userName eq "jsmith".

Hi,
Any reason for missing 'Authorize ' attribute on 'Get' method in BaseApiController.cd?

Looking at paragraph 3.4.2 of the spec, It says that on search (and maybe elsewhere) the "Id" of an object should always be returned. This seems not to be the case in simpleIdserver at the moment. Could this be fixed?

I have put the relevant line in bold letters below.

3.4.2. Query Resources

The SCIM protocol defines a standard set of query parameters that can
be used to filter, sort, and paginate to return zero or more
resources in a query response. Queries MAY be made against a single
resource or a resource type endpoint (e.g., "/Users"), or the service
provider Base URI. SCIM service providers MAY support additional
query parameters not specified here and SHOULD ignore any query
parameters they do not recognize instead of rejecting the query for
versioning compatibility reasons.

[......]

GET /Users?attributes=userName
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8

The following is an example response to the query above:

HTTP/1.1 200 OK
Content-Type: application/scim+json

{
"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults":2,
"Resources":[
{
"id":"2819c223-7f76-453a-919d-413861904646",
"userName":"bjensen"
},
{
"id":"c75ad752-64ae-4823-840d-ffa80929976c",
"userName":"jsmith"
}
]
}

Note that in the above example, "id" is returned because the "id"
attribute has the "returned" characteristic of "always".

for now it works when I put the atttribute Id in the attribute list, but we are working with a third party that has a system that does not do so and fails. I cannot ask them to adjust if this is a spec violation.

Wrap parenthesis calls for filters should be a type according to RFC spec: https://tools.ietf.org/html/rfc7644#section-3.4.2.2

Example: filter=(active eq true) is treated as SCIMAttributeExpression.

I assume it should be treated as a SCIMComplexAttributeExpression.

I saw that the https is managed with this line:

if (requestMessage.IsHttps)
....

But in our scenario we have a load balancing and 2 scim server that coomunicate in http, So in this case the request is in http and not https, but load balancer expose the api in https.

Thanks.

If I put the id in the payload, an error occured in update method.

I know that the id is in the path, but can happens that consumer pass also the id in the payload.

Thanks.
Gabriele

Hello guys,

When trying concatenate conditions in PATH operations, return a error.
Request example:

{
    "schemas":
     ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": 
    [
    	{
    		"op":"remove",
    		"path":"members[display eq \"es2112312313201p\" and value co \"es\"]"
    	},
    	{
        	"op":"add",
        	"path":"members",
        	"value": 
        		[
          		{
            		"display": "James Smith",
            		"refer": "473d93df9210",
            		"value": "473d93df9210"
          		}
        		]
     	}
    ]
}

This error is in:
"path":"members[display eq "es2112312313201p" and value co "es"]" (note: automatic remove slash... but they are neccesaries)

Error: Internal Server Error
SimpleIdServer.Scim.Exceptions.SCIMAttributeException: PATCH can be applied only on existing attributes

Regards.

I've tried using the suggested SCIMSchemaBuilder helper and .AddSchemas() in order to add a custom schema at startup, but I'm still getting a

schemas are unknown

scim error response when I try to use the schema I defined. Any idea what I might be doing wrong?

My code:

`List customSchemas = new List();
var dog = SimpleIdServer.Scim.Builder.SCIMSchemaBuilder.Create("urn:dog")
.AddStringAttribute("name")
.AddStringAttribute("breed")
.Build();
customSchemas.Add(dog);

        services.AddSIDScim(_ =>
        {
            _.IgnoreUnsupportedCanonicalValues = false;
        }).AddSchemas(customSchemas);

        var schemas = new List<SCIMSchema>
        {
            userSchema,
            groupSchema
        };
        services.AddScimStoreMongoDB(opt =>
        {
            opt.ConnectionString = "mongodb://localhost:27017";
            opt.Database = databaseName;

            opt.CollectionMappings = "mappings";
            opt.CollectionRepresentations = "representations";
            opt.CollectionSchemas = "schemas";
        }, schemas,
        new List<SCIMAttributeMapping>
        {
            new SCIMAttributeMapping
            {
                Id = Guid.NewGuid().ToString(),
                SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
                SourceAttributeSelector = "groups",
                TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
                TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
            }
        });`

Section 3.4.3. Querying Resources Using HTTP POST speaks about doing post request for search when .search is appended to the URL. When I do this I get a 404. So either I'm doing this wrong or its not implemented yet. Could you tell me if this should work?

If this is not implemented yet, no worries I can use URL parameters for search with get request

I noticed that when I add objects to the database it stores values like

ValueString
[]
["htt0f03fa"]
["Voornaam"]
["Achternaam"]

It also does that for valuesBoolean, ValuesInteger etc..... I hate to call this a bug, but I think it would certainly enhance backend data consumption of the data if there where no brackets and quotes in the data. So I would like to request they be removed. That would make is much easier to join to other datas.

If there are reasons for storing it this way, thats ok, I can always strip them in my queries.

Hi,

I think I may have found a bug. (I'm using version 1.1.5)

When I do a request like so:
post to eduuser endpoint
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser"
],
"eckId": "https://eckid.nl/abcdef",
"externalId": "[email protected]",
"name": {
"givenName": "bob",
"familyName": "Achternaam"
}
}
result:
{
"id": "ce3c99b9-5f17-472e-bb58-d779fe603117",
"schemas": [
"urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser"
],
"meta": {
"resourceType": "eduUsers",
"created": "2020-09-04T12:38:15.9166424Z",
"lastModified": "2020-09-04T12:38:15.9166424Z",
"version": "31a5696d-a553-4c3d-8bf2-0bee3aa1f854",
"location": "http://xxxxxxx.nl/eduUsers/ce3c99b9-5f17-472e-bb58-d779fe603117"
},
"externalId": "[email protected]",
"eckId": "https://eckid.nl/abcdef",
"name": {
"givenName": "bob",
"familyName": "Achternaam"
}
}
This is as expected. nothing wrong there. But then I try to request the object back
get xxx.nl/EduUsers/ce3c99b9-5f17-472e-bb58-d779fe603117
result:
{
"id": "ce3c99b9-5f17-472e-bb58-d779fe603117",
"schemas": [
"urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser"
],
"meta": {
"resourceType": "eduUsers",
"created": "2020-09-04T12:38:15.9166424",
"lastModified": "2020-09-04T12:38:15.9166424",
"version": "31a5696d-a553-4c3d-8bf2-0bee3aa1f854",
"location": "xxxxx.nl/eduUsers/ce3c99b9-5f17-472e-bb58-d779fe603117"
},
"externalId": "[email protected]",
"givenName": "bob",
"familyName": "Achternaam",
"name": {
"givenName": "bob",
"familyName": "Achternaam"
}
}
Note here that the givenname and familyname are duplicated. The child attributes are also added to the root object.
Here is the schema as output by the schema endpoint for eduUser
{
"id": "urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser",
"name": "eduUser",
"description": "SCIM extended resource for representing users for digital educational content in the Netherlands",
"attributes": [
{
"name": "name",
"type": "complex",
"multiValued": false,
"description": "A complex type containing the name of the EduUser",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "default",
"uniqueness": "none",
"subAttributes": [
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The surname of the EduUser, including prefixes like 'van' or 'van der'",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the EduUser",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "none"
}
]
},
{
"name": "eckId",
"type": "string",
"multiValued": false,
"description": "The unique identification of the user for digital content",
"required": true,
"caseExact": false,
"mutability": "readwrite",
"returned": "request",
"uniqueness": "global"
},
{
"name": "externalId",
"type": "string",
"multiValued": false,
"description": "The identifaction of the user as defined by Kennisnet: nlEduPersonRealId",
"required": false,
"caseExact": true,
"mutability": "readwrite",
"returned": "always",
"uniqueness": "global"
}
]
}

I only noticed this when we started sending update request on objects. We get foreignkey constraint errors on
FK_SCIMRepresentationAttributeLst_SCIMRepresentationAttributeLst_ParentId
I expect it's not the key that is the problem but the scimserver messing up with the "mysterious" extra attributes.

Could you look in to this for me?

Hello,

when I try to update the group with put call I noticed that if the group has 2 members, only one has been saved in database.

I think that the problem is caused by this part of code:

As you can see the code delete the attribute by schema id, but can happens that a group has more than one members, that has same schema id.

This is the payload of put call:
{
"displayName": "test",
"meta": {
"resourceType": "Group"
},
"members": [
{
"value": "dd9d1e55-82de-4454-ad2b-0a558ca12dfe"
},
{
"value": "da1e6331-5e94-4403-b380-5ad15c6c4e28"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}

Thanks.

Hello,
Please look at the next code:

					refLst.Add(new SCIMRepresentationAttribute
					{
						SchemaAttribute = new SCIMSchemaAttribute("id")
						{
							Name = "id",
							MultiValued = false,
							Type = SCIMSchemaAttributeTypes.STRING
						},
						ValuesString = new List<string>
						{
							filteredRepresentation.Id
						}
					});

I noticed that this code inserts "id", while in your SCIMConstants.cs class description of complex attributes both Group and User contains "value":
c.AddStringAttribute("value");

As a result, when getting users you will receive SCIMRepresentation with "value", but when the user returned after the update or create, it will "id" in its complex attributes. Same for groups. Is this intended or an issue?

Thanks!

I was testing .search endpoint and I seem to have some trouble with the filter command.

posting to /EduUsers/.search with
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"attributes": ["externalId"]
}

gives response:

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 100,
"startIndex": 1,
"Resources": [
{
"externalId": "[email protected]"
}
]
}

Using:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"attributes": ["externalId"],
"filter": [
"externalId eq [email protected]"
]
}
gives me:

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 0,
"itemsPerPage": 100,
"startIndex": 1,
"Resources": []
}

The expected result would be the exact same response both times as there is only this single item in the test db.

Sorry to bother you with this, but need a few pointers.

I need to add a new resource type. I took the following steps.

I created a schema to add to the collection.
`SCIMSchema eduUserSchema = SCIMSchemaBuilder.Create("urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser",
"eduUser",
"eduUsers",
"SCIM extended resource for representing users for digital educational content in the Netherlands",
true
)
.AddStringAttribute("eckId",
multiValued: false,
description: "The unique identification of the user for digital content",
mutability: SCIMSchemaAttributeMutabilities.IMMUTABLE,
required: true,
caseExact: false,
returned: SCIMSchemaAttributeReturned.REQUEST,
uniqueness: SCIMSchemaAttributeUniqueness.GLOBAL)
.AddStringAttribute("externalId",
multiValued: false,
description: "The identifaction of the user as defined by Kennisnet: nlEduPersonRealId",
mutability: SCIMSchemaAttributeMutabilities.READWRITE,
required: false,
caseExact: true,
returned: SCIMSchemaAttributeReturned.ALWAYS,
uniqueness: SCIMSchemaAttributeUniqueness.GLOBAL)
.AddComplexAttribute("name", c =>
{
c.AddStringAttribute("familyName",
multiValued: false,
description: "The surname of the EduUser, including prefixes like 'van' or 'van der'",
mutability: SCIMSchemaAttributeMutabilities.READWRITE,
required: true,
caseExact: false,
returned: SCIMSchemaAttributeReturned.ALWAYS,
uniqueness: SCIMSchemaAttributeUniqueness.NONE);
c.AddStringAttribute("givenName",
multiValued: false,
description: "The given name of the EduUser",
mutability: SCIMSchemaAttributeMutabilities.READWRITE,
required: true,
caseExact: false,
returned: SCIMSchemaAttributeReturned.ALWAYS,
uniqueness: SCIMSchemaAttributeUniqueness.NONE);

            },
            multiValued: false,
            description: "A complex type containing the name of the EduUser",
            mutability: SCIMSchemaAttributeMutabilities.READWRITE,
            required: true,
            caseExact: false,
            //returned: SCIMSchemaAttributeReturned.REQUEST,
            uniqueness: SCIMSchemaAttributeUniqueness.NONE
        ).Build();`

This shows nicely in both schemas and resourcetype endpoints.

I than made a copy of groupscontroller source into my project and renamed it EduUsersController

`using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using SimpleIdServer.Scim;
using SimpleIdServer.Scim.Api;
using SimpleIdServer.Scim.Commands.Handlers;
using SimpleIdServer.Scim.Persistence;

namespace SimpleIdServer
{
[Route("EduUsers")]
public class EduUsersController : BaseApiController
{
public EduUsersController(IAddRepresentationCommandHandler addRepresentationCommandHandler, IDeleteRepresentationCommandHandler deleteRepresentationCommandHandler, IReplaceRepresentationCommandHandler replaceRepresentationCommandHandler, IPatchRepresentationCommandHandler patchRepresentationCommandHandler, ISCIMRepresentationQueryRepository scimRepresentationQueryRepository, ISCIMSchemaQueryRepository scimSchemaQueryRepository, IOptionsMonitor options) : base(SCIMConstants.SCIMEndpoints.Groups, addRepresentationCommandHandler, deleteRepresentationCommandHandler, replaceRepresentationCommandHandler, patchRepresentationCommandHandler, scimRepresentationQueryRepository, scimSchemaQueryRepository, options)
{
}
}

}`

The controller is found, but I get an error while trying to create a new "eduUser"

Request:

User-Agent: Fiddler
Host: localhost:44328
Authorization: Bearer .............
Content-Type: application/json
Content-Length: 406
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:nleducation:1.0:eduuser"
],
"eckId": "https://eckid.nl/8e0a9f57fc76854d3dd2d3c4fa732feaf7b7a2d5f549a5458ce300223b83172f5074aa88a8cef0712aca19b62e9b90d0352e98fc76f498cd3947e7cc810f03fa",
"externalId": "[email protected]",
"name": {
"givenName": "Voornaam",
"familyName": "Achternaam"
}
}

response:

HTTP/1.1 400 Bad Request
Content-Length: 266
Content-Type: application/json
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 05 Mar 2020 14:33:56 GMT

{
"status": "400",
"response": {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "400",
"scimType": "invalidSyntax",
"detail": "Request is unparsable, syntactically incorrect, or violates schema."
}
}

So the error supplies me with three possible reasons for the failure, but I don't know where to start debugging this/where to look. I hate to admit I get somewhat confused with all the dependencyinjection stuff. And I could be not so much the request failing a me missing some needed step to add the new resource type.

Hope you have any pointers for me on how to fix this.

There is ResourceTypes endpoint in SimpleIdentityServer. Do you plan to add the endpoint to SimpleIdServer?

Hi,
cool project!
Do you have some samples for scim endpoints consuming using basic authentication?
Example

• Create: POST https://example.com/{v}/{resource}
• Read: GET https://example.com/{v}/{resource}/{id}
• Search: GET https://example.com/{v}/{resource}?filter={attribute}{op}{value}&sortBy={attributeName}&sortOrder={ascending|descending}