SCIM User Create - Unexpected processing error

By: Jacques Doubell user 01 Dec 2017 at 3:22 a.m. CST

5 Responses
Jacques Doubell gravatar
I'm trying to create a user via scim. It's working on a local dev server, but not on another live server (they both have the same Gluu version installed, but I'm not sure of the exact OS version). I have checked that the Organization attribute is scim enabled. I'm using test mode at the moment. Below is the data being sent through and the error message which is a bit vague. Any help would be appreciated. { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:gluu:2.0:User" ], "id": null, "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "uid": "CXpartner", "o": "a2f21848-866c-4953-80b1-b908a025bc1c" }, "userName": "CXpartner", "displayName": "CX", "name": { "givenName": "CX", "middleName": "", "familyName": "Partner" }, "title": "", "userType": null, "locale": null, "timezone": null, "active": true, "password": "h3l3n31980", "confirmPassword": null, "emails": [ { "type": "primary", "value": "test@test.co.za" } ] } {System.Exception: StatusCode: 400, ReasonPhrase: 'java.io.IOException: Unexpected processing error; please check the input parameters', Version: 1.1, Content: System.Net.Http.NoWriteNoSeekStreamContent, Headers: { Cache-Control: no-store, must-revalidate, no-cache Connection: close Date: Fri, 01 Dec 2017 09:00:52 GMT Server: Jetty(9.3.15.v20161220) Set-Cookie: JSESSIONID=19rm2ibewcpmjwv2f4yqfgphz;Path=/identity;Secure;HttpOnly X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Length: 508 Content-Type: text/html; charset=iso-8859-1 } at VSc.DSO.DataImporter.Program.AddUser(ScimUser user) in C:\projects\VSc.DSO.API\VSc.DSO.DataImporter\Program.cs:line 378} Data: {System.Collections.ListDictionaryInternal} HResult: -2146233088 HelpLink: null InnerException: null Message: "StatusCode: 400, ReasonPhrase: 'java.io.IOException: Unexpected processing error; please check the input parameters', Version: 1.1, Content: System.Net.Http.NoWriteNoSeekStreamContent, Headers:\r\n{\r\n Cache-Control: no-store, must-revalidate, no-cache\r\n Connection: close\r\n Date: Fri, 01 Dec 2017 09:00:52 GMT\r\n Server: Jetty(9.3.15.v20161220)\r\n Set-Cookie: JSESSIONID=19rm2ibewcpmjwv2f4yqfgphz;Path=/identity;Secure;HttpOnly\r\n X-Xss-Protection: 1; mode=block\r\n X-Content-Type-Options: nosniff\r\n Strict-Transport-Security: max-age=31536000; includeSubDomains\r\n Content-Length: 508\r\n Content-Type: text/html; charset=iso-8859-1\r\n}" Source: "VSc.DSO.DataImporter" StackTrace: " at VSc.DSO.DataImporter.Program.AddUser(ScimUser user) in C:\\projects\\VSc.DSO.API\\VSc.DSO.DataImporter\\Program.cs:line 378" TargetSite: {System.String AddUser(VSc.DSO.Repository.Models.ScimUser)}
CentOS 50.0
closed

Answers

By Michael Schwartz Account Admin 01 Dec 2017 at 11:36 a.m. CST

Copy
Michael Schwartz gravatar
Are you using Gluu's SCIM client software (Java)? That is the easiest way.

By Jacques Doubell user 04 Dec 2017 at 12:35 a.m. CST

Copy
Jacques Doubell gravatar
I'm using a C# client to post json to the api and also using postman to test. I've tracked the issue down to the schemas attribute. If I remove "urn:ietf:params:scim:schemas:extension:gluu:2.0:User" then it posts, but then it doesn't add the organization info. This works in our dev environment so is there maybe a configuration setting I'm missing on our live server?

By Michael Schwartz Account Admin 04 Dec 2017 at 11 a.m. CST

Copy
Michael Schwartz gravatar
Jose, maybe you can comment on this issue? Do we need to update the [Gluu SCIM Docs](https://gluu.org/docs/ce/3.1.1/user-management/scim2/)

By Jose Gonzalez staff 04 Dec 2017 at 1:41 p.m. CST

Copy
Jose Gonzalez gravatar
Hi Jacques, I would like to make sure you understand the way SCIM extensions are setup in Gluu Server. Take into account that the attributes supported by **default** for a user are found at `https://<host-name>/identity/seam/resource/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User` (or in RFC 7643, section 8.7.1) If you find that you still need to store something different, you have to add a custom attribute to the extension as the [docs explain](https://www.gluu.org/docs/ce/3.0.2/admin-guide/user-scim/#extensions) (this link is for version 3.0.2) Surprisingly you are passing **uid** as a custom attribute. You don't need to do that: just use `userName` (it maps to `uid` LDAP attribute) so whatever you pass as `userName` will get stored in `uid`). As you may notice, "organization" is not part of core schema, so you are supposed to add it to the extension. I did this in my local Gluu Server 3.0.2 for your reference: * Login to oxTrust * Navigate to `Configuration` > `Attributes` * Locate the Organization attribute (`o`) * In the form shown choose **True** under "SCIM Attribute" * Ensure that **active** appears under "status" * Click update If you visit `https://<host-name>/identity/seam/resource/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:gluu:2.0:User` organization now appears added to the list of custom attributes I made this POST to `https://<host-name>/identity/seam/resource/restv1/scim/v2/Users?access_token=...` and works ``` { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:gluu:2.0:User" ], "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "o": "a2f21848-866c-4953-80b1-b908a025bc1c" }, "userName": "CXpartner", "displayName": "CX", "name": { "givenName": "CX", "middleName": "", "familyName": "Partner" }, "active": true, "password": "...", "emails": [ { "type": "primary", "value": "test@test.co.za" } ] } ``` If the problem persists in your live server, please attach your oxTrust log in TRACE level. Kind regards, Jose.

By Jacques Doubell user 05 Dec 2017 at 12:32 a.m. CST

Copy
Jacques Doubell gravatar
Taking out the uid did the trick, thanks very much :)

Post an answer