Reputation: 1
How to enforce default value during SCIM schema validation?
I am using https://scimvalidator.microsoft.com/ to verify my custom SCIM schema.
I would like to ensure 'active' and 'primary email' fields default value is true like on default attributes, but I cannot cause these values to be true in my custom schema. Can you please assist with schema JSON for these two fields?
I tried many modifications of JSON nodes, but value is always empty when I do Discover Schema:
One of my attempts: { "id": "urn:ietf:params:scim:schemas:core:2.0:User:active", "name": "active", "type": "boolean", "_index": 110, "_path": "active", "mutability": "readWrite", "defaultValue": true, "returned": "default", "uniqueness": "none" },
Upvotes: 0
Views: 40
Answers (1)
Reputation: 912
SCIM's schema representation doesn't include half of the properties you are listing above - _index, _path, and defaultValue for instance are not part of the SCIM schema properties for an attribute.
"id" is the identifier for the schema, not for the attribute(s) in the schema. The value you mentioned is urn:ietf:params:scim:schemas:core:2.0:User:active, but that isn't correct. If you take a look at RFC 7643 section 8.7.1.. (https://datatracker.ietf.org/doc/html/rfc7643#section-8.7.1), it shows the beginning of the core user schema definition as:
[
{
"id" : "urn:ietf:params:scim:schemas:core:2.0:User",
"name" : "User",
"description" : "User Account",
"attributes" : [
{
"name" : "userName",
"type" : "string",
"multiValued" : false,
"description" : "Unique identifier for the User, typically
used by the user to directly authenticate to the service provider.
Each User MUST include a non-empty userName value. This identifier
MUST be unique across the service provider's entire set of Users.
REQUIRED.",
"required" : true,
"caseExact" : false,
"mutability" : "readWrite",
"returned" : "default",
"uniqueness" : "server"
},
Following that pattern, the active attribute would be a value in the "attributes" array. This is in that same section of the SCIM schema specification, further down in the "attributes" array that starts in the above example. On page 53 of RFC 7643, the active attribute is shown as:
{
"name" : "active",
"type" : "boolean",
"multiValued" : false,
"description" : "A Boolean value indicating the User's
administrative status.",
"required" : false,
"mutability" : "readWrite",
"returned" : "default"
},
which is exactly how your /Schemas endpoint should return it, save for some possible changes (e.g.: required true, or a different description value..)
Upvotes: 0
Related Questions
- Are there authoritative JSON schema definitions for SCIM 2.0 schemas?
- Azure Ad sends empty value in scim patch request for multivalued expression
- What naming convention should I use for a custom SCIM schema?
- Is Microsoft Azure misusing the SCIM RFC? `emails[type eq "work"].value eq "[email protected]"`
- SCIM : How to restrict Group type members in Group patch request while provisioning from Azure AD
- SCIM PUT default value
- Does the scim spec define how to specify a filter for nested objects?
- How to handle PUT of a group resource in SCIM? What happens with members?
- Extending custom fields in SCIM schema
- How to remove a value of multi-valued SCIM 2.0 sub-attribute?