• State Not Answered
  • Replies 2 replies
  • Subscribers 96 subscribers
  • Views 189 views
  • Users 0 members are here
Options
Related

Trying to add a SCIM schema override file always results in an error

Martin
13 days ago

Hello,

I am tasked with integrating user provisioning for an Appian applications platform in OIM 9.2. The responsible Appian dev team has installed an Appian community built SCIM module so I have a target SCIM Service provider that I can integrate with a SCIM connector. Setup and initial config of this SCIM connector in the synchronization editor has gone well but now I need to add an extension on the default SCIM core User schema. The Appian SCIM module however does not implement the Schemas and ResourceTypes endpoints. No worries I thought because the SCIM connector connection editor allows me to add Schema override files for exactly this scenario.

But when I add the override file with my extension schema definition and use the Check button an error pops up saying 'An item with the same key has already been added'. My extension schema is small and only contains three unique attributes. In the connection editor I had to clear the fields for the Schemas & ResourceTypes endpoints so that the SCIM connector would use the default SCIM schema it knows internally. I cannot understand why this error pops up when I am most certainly using unique attribute names and unique schema namespace.

I've checked with Copilot and Scim.dev to make sure my schema override file is correct and wouldn't cause any such conflict. And then there is another strange thing. If I remove all but one attribute in my schema override file the error does not occur but I do get a message stating 'Following identified schema types are not SCIM 2.0 compliant: ssin ()' even though I've verified my schema file to be compliant with SCIM2.0.

I must say it's getting quite confusing. The connection editor has the following description on the schema override files "Additional schema data can be provided here using schema override files." but the documentation on this subject says 'Contains the complete schema definition of the cloud application.' So I've also tried to use the default SCIM schema downloadable from scim.dev but this results in the same error. Even creating a new SCIM connector and immediately adding the override files results in the same error.

Is this possibly a bug in the connection editor?

Here is my extension schema:

{
"id": "urn:ietf:params:scim:schemas:extension:redacted:1.0:User",
"name": "redacted",
"description": "Custom extension schema for redacted attributes extending the User object",
"attributes": [
{
"name": "ssin",
"type": "string",
"multiValued": false,
"required": true,
"mutability": "readWrite",
"returned": "always",
"uniqueness": "server"
},
{
"name": "departmentNumber",
"type": "string",
"multiValued": false,
"required": true,
"mutability": "readWrite",
"returned": "default"
},
{
"name": "departmentName",
"type": "string",
"multiValued": false,
"required": true,
"mutability": "readWrite",
"returned": "default"
}
]
}

Parents
  • 0 8 days ago

    Hi Martin,

    I used the SCIM V2.0 core schema incl. enterprise extension of user schema type and eligible resource definition file. I removed the endpoints for schema and resources from SCIM connection config and added the files as schema overload. I checked both files as correct and it worked like a charm ..   As an example I add my Resources.json:

    [{
         "schemas": ["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
         "id": "User",
         "name": "User",
         "endpoint": "/Users",
         "description": "User Account",
         "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
         "schemaExtensions": [
           {
             "schema":
               "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
                     "required": true
           },
           {
             "schema":
               "urn:ietf:params:scim:schemas:extension:redacted:1.0:User",
                     "required": true
           }
         ],
         "meta": {
           "location": "">example.com/.../User",
           "resourceType": "ResourceType"
         }
        },
        
        {
            "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ResourceType" ],
            "id": "Group",
            "name": "Group",
            "endpoint": "/Groups",
            "description": "Group",
            "schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
            "meta": {
                "location": "">example.com/.../Group",
                "resourceType": "ResourceType"
            }
        }
     ]


    Regards,

      Tino

  • 0 1 day ago in reply to tlindner

    Thanx for the reply.

    I tried again using the complete SCIM 2.0 schema definition including my extension and the Resources configuration and now it worked. For completeness I'll provide more info that was crucial to know to make it work correctly.

    The schema override file must contain the entire SCIM 2.0 schema definition meaning both schemas for User and Group and any extensions that you want to apply. The Resources configuration file must also reference each of the ResourceTypes included in the schema file.

    There is not a simple way to get the complete SCIM 2.0 schema definition with a copy/paste or download from the web. The RFC 7643 specification doesn't provide a version that can just be copy/pasted.

    Instead using websites like scim.dev or Xurrent API you can manually merge the seperate schema's of User and Group together and add you're own extension(s) to it.

    The Resources configuration is small and can be copied in one go, add your extension references and done.

Reply
  • 0 1 day ago in reply to tlindner

    Thanx for the reply.

    I tried again using the complete SCIM 2.0 schema definition including my extension and the Resources configuration and now it worked. For completeness I'll provide more info that was crucial to know to make it work correctly.

    The schema override file must contain the entire SCIM 2.0 schema definition meaning both schemas for User and Group and any extensions that you want to apply. The Resources configuration file must also reference each of the ResourceTypes included in the schema file.

    There is not a simple way to get the complete SCIM 2.0 schema definition with a copy/paste or download from the web. The RFC 7643 specification doesn't provide a version that can just be copy/pasted.

    Instead using websites like scim.dev or Xurrent API you can manually merge the seperate schema's of User and Group together and add you're own extension(s) to it.

    The Resources configuration is small and can be copied in one go, add your extension references and done.

Children
No Data