cancel
Showing results for 
Search instead for 
Did you mean: 

attributes=nickName is not working for get operation on UnboundID Server

scim
New Member
0 Kudos

attributes=nickName is not working for get operation on UnboundID Server

Hi Team,

I am UnboundID SCIM Server and I would like to get all Users only with nickName, but is giving me error. Please assist.

http://localhost:8081/Users?attributes=nickName

Response :

{
  "Errors": [
    {
      "code": "400",
      "description": "Attribute urn:scim:schemas:core:1.0:nickName is not defined for resource User"
    }
  ]
}

According to SCIM Documentation:-

Service Providers MAY support additional query parameters not specified here, and Providers SHOULD ignore any query parameters they don't recognize.

 

Thansk in advance.

 

6 REPLIES
UnboundID _-rc-_
UnboundID
0 Kudos

Re: attributes=nickName is not working for get operation on UnboundID Server

The SCIM endpoint will ignore unrecognized query string parameters however "attributes" is a known parameter.  If you use an unknown parametere, e.g.  /scim/Users?foo=bar you will not receive an error per the specification.

 

In the DS you have to configure a mapping for SCIM 1.1 attributes. The nickName attribute is commented out in config/scim-resource.xml:

<!-- Mapping must be defined to use this attribute
<attribute name="nickName" schema="urn:scim:schemas:core:1.0"
readOnly="false" required="false">
<description>The casual way to address the user in real life, e.g. "Bob"
or "Bobby" instead of "Robert"</description>
<simple dataType="string" caseExact="false"/>
</attribute>
-->

I added a mapping to ubidNickName using:

<attribute name="nickName" schema="urn:scim:schemas:core:1.0"
readOnly="false" required="false">
<description>The casual way to address the user in real life, e.g. "Bob"
or "Bobby" instead of "Robert"</description>
<simple dataType="string" caseExact="false">
<mapping ldapAttribute="ubidNickName"/>
</simple>
</attribute>

 

After restaring the server, the following queries worked:

http://localhost:8080/scim/Users?attributes=nickName

http://localhost:8080/scim/Users?filter=nickName+pr

 

{
  "totalResults": 1,
  "itemsPerPage": 1,
  "startIndex": 1,
  "schemas": [
    "urn:scim:schemas:core:1.0",
    "urn:scim:schemas:extension:enterprise:1.0"
  ],
  "Resources": [
    {
      "name": {
        "formatted": "Petar Dendi",
        "familyName": "Dendi",
        "givenName": "Petar"
      },
      "addresses": [
        {
          "region": "MO",
          "streetAddress": "00329 West Street",
          "formatted": "Petar Dendi\n00329 West Street\nTampa Bay, MO  72052",
          "postalCode": "72052",
          "locality": "Tampa Bay",
          "type": "work"
        }
      ],
      "userName": "user.0",
      "phoneNumbers": [
        {
          "value": "tel:+1-935-466-4626",
          "type": "pager"
        },
        {
          "value": "tel:+1-903-046-3846",
          "type": "work"
        },
        {
          "value": "tel:+1-014-333-5699",
          "type": "home"
        },
        {
          "value": "tel:+1-074-880-0504",
          "type": "mobile"
        }
      ],
      "nickName": "Pete",
      "emails": [
        {
          "value": "richard.cardona@unboundid.com",
          "type": "work"
        }
      ],
      "id": "ad55a34a-763f-358f-93f9-da86f9ecd9e4",
      "meta": {
        "lastModified": "2016-08-19T13:56:03.479Z",
        "location": "http:\/\/localhost:8080\/scim\/v1\/Users\/ad55a34a-763f-358f-93f9-da86f9ecd9e4"
      },
      "urn:scim:schemas:extension:enterprise:1.0": {
        "employeeNumber": "0"
      }
    }
  ]
}

 

scim
New Member
0 Kudos

Re: attributes=nickName is not working for get operation on UnboundID Server

Thanks for the information. Yes that mapping was commented after uncommenting it get call worked, however We have other attributes in resources.xml like manager, organization, division, departement, manager which are already uncommented but still they are throwing exception with get operation.

 

e.g. Attribute urn:scim:schemas:core:1.0:employeeNumber is not defined for resource User"

 

<!-- SCIM enterprise extension attribute mappings. -->

    <attribute name="employeeNumber"
               schema="urn:scim:schemas:extension:enterprise:1.0"
               readOnly="false" required="false">
      <description>Numeric or alphanumeric identifier assigned to a person,
          typically based on order of hire or association with an
          organization</description>
      <simple dataType="string" caseExact="false">
        <mapping ldapAttribute="employeeNumber"/>
      </simple>
    </attribute>

<attribute name="organization"
               schema="urn:scim:schemas:extension:enterprise:1.0"
               readOnly="false" required="false">
      <description>Identifies the name of an organization</description>
      <simple dataType="string" caseExact="false">
        <mapping ldapAttribute="o"/>
      </simple>
    </attribute>

    <attribute name="division"
               schema="urn:scim:schemas:extension:enterprise:1.0"
               readOnly="false" required="false">
      <description>Identifies the name of a division</description>
      <simple dataType="string" caseExact="false">
        <mapping ldapAttribute="ou"/>
      </simple>
    </attribute>

    <attribute name="department"
               schema="urn:scim:schemas:extension:enterprise:1.0"
               readOnly="false" required="false">
      <description>Identifies the name of a department</description>
      <simple dataType="string" caseExact="false">
        <mapping ldapAttribute="departmentNumber"/>
      </simple>
    </attribute>

    <attribute name="manager"
               schema="urn:scim:schemas:extension:enterprise:1.0"
               readOnly="false" required="false">
      <description>The User's manager</description>
      <derivation javaClass="com.unboundid.scim.ldap.ManagerDerivedAttribute">
        <LDAPSearchRef idref="userSearchParams"/>
      </derivation>
      <complex>
        <subAttribute name="managerId" dataType="string" required="true" >
          <description>The id of the SCIM resource representing the User's
              manager</description>
        </subAttribute>
        <subAttribute name="displayName" dataType="string" readOnly="true" >
          <description>The displayName of the User's manager</description>
        </subAttribute>
      </complex>
    </attribute>

  </resource>

 

scim
New Member
0 Kudos

Re: attributes=nickName is not working for get operation on UnboundID Server

active is also not working, Can we have webex?

 

Thanks

Ajit

UnboundID _-rc-_
UnboundID
0 Kudos

Re: attributes=nickName is not working for get operation on UnboundID Server

The default scim-resources.xml maps active to the operational attribute ds-pwp-account-disabled. That attribute is normally not present unless an account is disabled so you would not normally see a value for active: true. On a disabled account, I do see an active: false indication. If you want to always retrieve a value for the active attribute, you might want to map it to another ldap attribute that is always present.

 

{
  "schemas": [
    "urn:scim:schemas:core:1.0",
    "urn:scim:schemas:extension:enterprise:1.0"
  ],
  "id": "ad55a34a-763f-358f-93f9-da86f9ecd9e4",
  "meta": {
    "lastModified": "2016-08-30T18:55:26.101Z",
    "location": "http:\/\/localhost:8080\/scim\/v1\/Users\/ad55a34a-763f-358f-93f9-da86f9ecd9e4"
  },
  "name": {
    "formatted": "Petar Dendi",
    "familyName": "Dendi",
    "givenName": "Petar"
  },
  "addresses": [
    {
      "region": "MO",
      "streetAddress": "00329 West Street",
      "formatted": "Petar Dendi\n00329 West Street\nTampa Bay, MO  72052",
      "postalCode": "72052",
      "locality": "Tampa Bay",
      "type": "work"
    }
  ],
  "userName": "user.0",
  "active": false,
  "phoneNumbers": [
    {
      "value": "tel:+1-935-466-4626",
      "type": "pager"
    },
    {
      "value": "tel:+1-903-046-3846",
      "type": "work"
    },
    {
      "value": "tel:+1-014-333-5699",
      "type": "home"
    },
    {
      "value": "tel:+1-074-880-0504",
      "type": "mobile"
    }
  ],
  "nickName": "Pete",
  "emails": [
    {
      "value": "petar.dendi@example.com",
      "type": "work"
    }
  ],
  "urn:scim:schemas:extension:enterprise:1.0": {
    "employeeNumber": "0"
  }
}
scim
New Member
0 Kudos

Re: attributes=nickName is not working for get operation on UnboundID Server

Thanks for reply.

For get operation on UnboundID Server by attributes followings are not working

They are from urn:scim:schemas:extension:enterprise:1.0

 

http://localhost:8081/Users?attributes=organization

http://localhost:8081/Users?attributes=manager

http://localhost:8081/Users?attributes=department

 

Are extension schema attributes are not allowed using Users?attributes=

If allowed, how to get those using  Users?attributes=

We are getting following error

e.g

{
  "Errors": [
    {
      "code": "400",
      "description": "Attribute urn:scim:schemas:core:1.0:department is not defined for resource User"
    }
  ]
}

UnboundID JacobC
UnboundID
0 Kudos

Re: attributes=nickName is not working for get operation on UnboundID Server

The error "Attribute urn:scim:schemas:core:1.0:department is not defined for resource User" is a hint about what's happening here.

 

Core schema attributes do not need to be prefixed with a schema URN, but extension schema attributes do need this prefix. Otherwise, the server assume that the attribute belongs to the core schema, urn:scim:schemas:core:1.0.

 

In this case, you need to prefix the attributes with the enterprise extension schema URN, urn:scim:schemas:extension:enterprise:1.0:

 

http://localhost:8081/Users?attributes=urn:scim:schemas:extension:enterprise:1.0:organization
http://localhost:8081/Users?attributes=urn:scim:schemas:extension:enterprise:1.0:manager
http://localhost:8081/Users?attributes=urn:scim:schemas:extension:enterprise:1.0:department

Labels