SimpleIdServer icon indicating copy to clipboard operation
SimpleIdServer copied to clipboard
verified publisher icon simpleidserver

[SCIM] excluding "members" from a Group query does not exclude the attribute from the response

Open danflomin opened this issue 2 years ago • 5 comments

Hello :)

I found out that a query of the following form does not exclude the members from the response.

https://localhost:80/Groups/[ID]?excludedAttributes=members

However, when trying to exclude the displayName for instance, it does work.

I'd like your assistance with a fix to this issue 🙏

Kind regards Dan

danflomin avatar Apr 27 '23 08:04 danflomin

Hello :)

I will work on the four bug tickets linked to SCIM, when the generation of did:key (Ticket #488 : support did-key) will be supported :

  • Ticket #479 : Raise "RepresentationRefAttributeUpdatedEvent"
  • Ticket #478 : Developer should be able to override the BulkConfig.
  • Ticket #490 : Impossible to exclude members attribute.
  • Ticket #489 : userName should be case insensitive

About the ticket #489, it is working with SQLServer but I didn't test with postgresql.

simpleidserver avatar Apr 27 '23 09:04 simpleidserver

Hey

Thanks for the update.

SQLServer is case insensitive by default (always thought it is a weird decision by them :) ). image

So I guess that this is why it works.

danflomin avatar Apr 27 '23 12:04 danflomin

Hello,

I checked on my local machine and it is working.

The group has the following form:

HTTP GET : http://localhost:5002/Groups/{{groupId}}

{
    "id": "23edbfb4-7fc1-4c48-9452-45f7193838b9",
    "members": [
        {
            "value": "376ca5bb-bcc2-4aea-ab07-40dd3d69c8b9",
            "type": "User",
            "$ref": "http://localhost:5002/Users/376ca5bb-bcc2-4aea-ab07-40dd3d69c8b9"
        },
        {
            "value": "7cc8ee98-2637-4470-9eb5-b5f6a22e02d7",
            "type": "User",
            "$ref": "http://localhost:5002/Users/7cc8ee98-2637-4470-9eb5-b5f6a22e02d7"
        }
    ],
    "displayName": "0cf61b49-9e42-4a07-94ec-5b96e28069f5",
    "meta": {
        "resourceType": "Group",
        "created": "2023-04-28T09:13:20.876036Z",
        "lastModified": "2023-04-28T09:15:49.213634Z",
        "version": 1,
        "location": "http://localhost:5002/Groups/23edbfb4-7fc1-4c48-9452-45f7193838b9"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group"
    ]
}

When the members property is excluded then I obtain the following result :

HTTP METHOD : http://localhost:5002/Groups/{{groupId}}?excludedAttributes=members

{
    "id": "23edbfb4-7fc1-4c48-9452-45f7193838b9",
    "displayName": "0cf61b49-9e42-4a07-94ec-5b96e28069f5",
    "members": [],
    "meta": {
        "resourceType": "Group",
        "created": "2023-04-28T09:13:20.876036Z",
        "lastModified": "2023-04-28T09:15:49.213634Z",
        "version": 1,
        "location": "http://localhost:5002/Groups/23edbfb4-7fc1-4c48-9452-45f7193838b9"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group"
    ]
}

Which version of the Nuget package are you using ?

simpleidserver avatar Apr 28 '23 13:04 simpleidserver

Hello

In the response you can see that there is an empty array under the key "members".

Is it possible to remove it from the response?

Thanks

On Fri, Apr 28, 2023, 16:29 SimpleIdServer @.***> wrote:

Hello,

I checked on my local machine and it is working.

The group has the following form:

HTTP GET : http://localhost:5002/Groups/{{groupId}}

{ "id": "23edbfb4-7fc1-4c48-9452-45f7193838b9", "members": [ { "value": "376ca5bb-bcc2-4aea-ab07-40dd3d69c8b9", "type": "User", "$ref": "http://localhost:5002/Users/376ca5bb-bcc2-4aea-ab07-40dd3d69c8b9" }, { "value": "7cc8ee98-2637-4470-9eb5-b5f6a22e02d7", "type": "User", "$ref": "http://localhost:5002/Users/7cc8ee98-2637-4470-9eb5-b5f6a22e02d7" } ], "displayName": "0cf61b49-9e42-4a07-94ec-5b96e28069f5", "meta": { "resourceType": "Group", "created": "2023-04-28T09:13:20.876036Z", "lastModified": "2023-04-28T09:15:49.213634Z", "version": 1, "location": "http://localhost:5002/Groups/23edbfb4-7fc1-4c48-9452-45f7193838b9" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group" ] }

When the members property is excluded then I obtain the following result :

HTTP METHOD : http://localhost:5002/Groups/{{groupId}}?excludedAttributes=members

{ "id": "23edbfb4-7fc1-4c48-9452-45f7193838b9", "displayName": "0cf61b49-9e42-4a07-94ec-5b96e28069f5", "members": [], "meta": { "resourceType": "Group", "created": "2023-04-28T09:13:20.876036Z", "lastModified": "2023-04-28T09:15:49.213634Z", "version": 1, "location": "http://localhost:5002/Groups/23edbfb4-7fc1-4c48-9452-45f7193838b9" }, "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group" ] }

Which version of the Nuget package are you using ?

— Reply to this email directly, view it on GitHub https://github.com/simpleidserver/SimpleIdServer/issues/490#issuecomment-1527566505, or unsubscribe https://github.com/notifications/unsubscribe-auth/AIB5S7OFJT5RPATWFGYESGTXDPA3BANCNFSM6AAAAAAXNQPEYQ . You are receiving this because you authored the thread.Message ID: @.***>

danflomin avatar Apr 28 '23 13:04 danflomin

Hello,

The issue is fixed in the branch release\v3.0.4. Members attribute is now removed !

KR,

SID

simpleidserver avatar May 02 '23 22:05 simpleidserver