WSO2 Identity Server - SCIM Filtering

Question

When trying to test the WS02 SCIM Server implementation, we are finding that the filtering implementation is not adhering to the SCIM 1.1 specification.

For example, when trying to a filter like the following:

https://WSO2server.acme.com:9443/wso2/scim/Users?filter=userNameEqNewUser20

the string after the “?filter=” is “userNameEqNewUser20”. It is supposed to represent attribute “userName” “Eq” “NewUser20”.

According to the SCIM 1.1 specification, it should really be:

filter=userName Eq “NewUser20”

(i.e. with spaces)

and it is URL encoded as:

filter=userName+Eq+%22NewUser9%22

WSO2 only accepts:

filter=userNameEqNewUser20

which is wrong.

Also, the WSO2’s implementation does not return anything for “Service Provider Configuration” and “Schema” - these are the two well-known endpoints defined in SCIM 1.1 specification “/ServiceProviderConfigs” and “/Schemas”. These are mandatory but not implemented by the WS02 SCIM server implementation.

Does anyone have any insights into this or experience of implementing a SCIM client against the WS02 SCIM server implementation?

Many thanks for any pointers in advance.

Tommy

Answer 1

Filter with Eq is not adhering to the spec is an issue and reported under[1]

WSo2 Identity server does not support to "Service Provider Configuration" and "Schema" But supported only to "Users" and "Groups" Endpoints only. Users and Groups schema almost adhere to the default schema in the spec and supported extended user schema [2] And in the WSO2IS documents can find all configuration details and more on SCIM implementation in WSO2 Identity server [3]

[1] https://wso2.org/jira/browse/IDENTITY-2754 [2] https://docs.wso2.com/display/IS450/Extensible+SCIM+User+Schemas+With+WSO2+Identity+Server [3] https://docs.wso2.com/display/IS450/Managing+SCIM