cancel
Showing results for 
Search instead for 
Did you mean: 

SCIM 1.1 : can custom attribute add as part of core schema?

prasad
New Member
0 Kudos

SCIM 1.1 : can custom attribute add as part of core schema?

Hello,

I tried to fetch schema from SCIM1.1 compliance target system using /schemas endpoint

For this request I get response having one attribute named "alias" as a part of core schema but in scim1.1 documentation they this alias is not found in core schema.

 

So can any target system add custom attribute in core schema ????

 

Thanks 

Prasad Parab

5 REPLIES
UnboundID _-rc-_
UnboundID
0 Kudos

Re: SCIM 1.1 : can custom attribute add as part of core schema?

Section 4 of SCIM 1.1 specification the describes schema extensions as not supporting an inheritance model but using custom xml namespaces and a URI. I don't know of a SCIM 1.1 compliant way of extending the core schema with an arbitrary attribute like alias. This may be a customization for your deployment, so you might want to check with your Salesforce admin. I do not see this attribute or extension in the Salesforce instance I have access to.

prasad
New Member
0 Kudos

Re: SCIM 1.1 : can custom attribute add as part of core schema?

Section 4 of SCIM 1.1 specification the describes schema extensions as not supporting an inheritance model but using custom xml namespaces and a URI

 

Salesforce does return an extended schema for custom attributes

eg:  "schema": "urn:salesforce:schemas:extension:00Di0000000bTeCEAU" with attributes AIG_EEID__c, EMP_DEPARTMENT__c.

 

Did you check schema using the /Schemas endpoint? Because it does not return the alias attribute when I hit the Schemas endpoint which is in conjunction with what you said.

 

However, when I try to hit /users/id endpoint and the complete user object is returned, I find that it does contain the alias attribute.

And also "alias" is shown in salesforce user standard fields

 

 

Can you check this scenario on your Salesforce instance?

 

UnboundID _-rc-_
UnboundID
0 Kudos

Re: SCIM 1.1 : can custom attribute add as part of core schema?

I also see an "alias" attribute when retrieving a user resource by ID but that attribute is not declared in the /Schemas endpoint response. This is completely non-standard in at least two ways: 1) the attribute is not advertised in the user schema, 2) the alias attribute is not part of the SCIM 1.1 core schema and there is an extension mechanism available which is not being used.

 

I tried two workarounds, first was to attempt to retrieve a Salesforce user as a BaseResource. The problem there is that the Salesforce Users schema returns a nested subattributes attribute so unmarshaling the schema fails. This means you can't instantiate a base SCIMEndpoint for Salesforce.

 

Second, I tried to subclass UserResource in a SalesforceUserResource class, unfortunately all of the CoreSchema attrbute description members are private. This requires copying most of CoreSchema class and key methods used to create AttributeDescriptors are private. Trying to get a SCIMEndpoint<SalesforceUserResource> endpoint is unnecessarily and prohibitively complex.

 

As as an open-source project, your best option is to create a local fork of the project either adding an alias attribute to the CoreSchema and UserResource class or subclass these in a proper package and changing the visibility of base class members. The SCIM standard has advanced to a v2 standard which clears up many ambigiuties in v1.1. Salesforce does not have a SCIM v2 endpoint yet so using our SCIM v2 SDK is not an option for you, it would handle this case much easier.

UnboundID _-rc-_
UnboundID
0 Kudos

Re: SCIM 1.1 : can custom attribute add as part of core schema?

I did find a why to retrieve Users from Salesforce, instead of using:

UserResource user = endpoint.get(id);

if you enumerate the explicit attributes from the Core Schema and don't include the non-standard alias attribute, then the get() call succeeds:

List<String> userAttributes = new ArrayList<>();
int i = 0;
for (AttributeDescriptor descriptor : CoreSchema.USER_DESCRIPTOR)
{
  String name = descriptor.getName();
if (attributeSupported(name))
{ userAttributes.add(name);
} }
// ... UserResource user = endpoint.get(id, null,
userAttributes.toArray(new String[userAttributes.size()]);
prasad
New Member
0 Kudos

Re: SCIM 1.1 : can custom attribute add as part of core schema?

Thanks for you valuable suggestions

 

I had tried your logic for salesforce but it failed with "Unsupported attribute :profileUrl" exception on get call. 

I guess you also face same the issue that why  introduced  check

 if (attributeSupported(name)) 

 

So my concern is "are there any way to find out unsupported attributes from target system?"

 

 

 

I tried the same thing from rest client it gives me same error. So my understanding is as salesforce return that "profileUrl" attribute in "/Schemas" endpoint but gives error when pass same as a requested attribute salesforce are doing something wrong.

 

But still if you know any way to find out unsupported attribute before get call  then it will be a very helpful to me. 

(I don't want to hard-code those unsupported attributes.)

 

Thanks

Prasad

 

 

Labels