By: Thomas W. user 11 Dec 2018 at 7:16 a.m. CST

9 Responses
Thomas W. gravatar
Hello. I am (still) developing a client for SCIM and experiencing an issue when removing an attribute on a resource. # The problem If I try to remove a single-value attribute on a user via SCIM, it does not seem to be removed in LDAP. If I attempt to remove a non-extension attribute, a response is returned from Gluu _without_ the attribute, but it _still exists_ in LDAP. Furthermore, if I attempt to remove an extension attribute, the response _still contains_ the attribute and it is _not_ removed in LDAP. # Example For the examples below, assume a user that looks like the following ``` { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "<user_inum>", "meta": { "resourceType": "User", "created": "2018-12-11T10:51:34.391Z", "lastModified": "2018-12-11T10:51:34.391Z", "location": "https://example.com/identity/restv1/scim/v2/Users/<user_inum>" }, "userName": "TestUser", "displayName": "TestUser", "active": true, "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "postalCode": "1234" } } ``` ## Remove non-extension attribute I send the request ``` PATCH /identity/restv1/scim/v2/Users/<user_inum> Content-Type: application/json Authorization: Bearer <some_token> { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "displayName" } ] } ``` Which returns a `200 OK` response with the following data ``` { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "<user_inum>", "meta": { "resourceType": "User", "created": "2018-12-11T10:51:34.391Z", "lastModified": "2018-12-11T10:59:05.189Z", "location": "https://example.com/identity/restv1/scim/v2/Users/<user_inum>" }, "userName": "TestUser", "active": true, "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "postalCode": "1234" } } ``` This looks correct. However, when inspecting LDAP or getting the user afterwards, `displayName` is still set to `TestUser`. ## Remove extension attribute I send the request ``` PATCH /identity/restv1/scim/v2/Users/<user_inum> Content-Type: application/json Authorization: Bearer <some_token> { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "urn:ietf:params:scim:schemas:extension:gluu:2.0:User:postalCode" } ] } ``` This also returns a `200 OK` response with the following data ``` { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "<user_inum>", "meta": { "resourceType": "User", "created": "2018-12-11T10:51:34.391Z", "lastModified": "2018-12-11T11:06:54.270Z", "location": "https://example.com/identity/restv1/scim/v2/Users/<user_inum>" }, "userName": "TestUser", "displayName": "TestUser", "active": true, "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "postalCode": "1234" } } ``` In this case, the extension attribute is still present in the response. Inspecting LDAP or getting the user afterwards also still contains the attribute with the value `1234`. Sidenote: I realize `postalCode` is redundant when we have the `addresses` SCIM attribute, but it just serves to illustrate extension attributes in this case. I have followed [RFC7644 section 3.5.2.2](https://tools.ietf.org/html/rfc7644#section-3.5.2.2) for implementing the remove functionality. ## Additional: Multi-value attributes This is a bit of an add-on as it was something I thought of attempting just before submitting this post. Removing multi-valued attributes seems to work as long as it is not the last value for the attribute. E.g. assume the user ``` { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "<user_inum>", "meta": { "resourceType": "User", "created": "2018-12-11T10:51:34.391Z", "lastModified": "2018-12-11T12:46:17.248Z", "location": "https://example.com/identity/restv1/scim/v2/Users/<user_inum>" }, "userName": "TestUser", "displayName": "TestUser", "active": true, "addresses": [ { "streetAddress": "Streetroad 2", "type": "work" }, { "streetAddress": "Other Road 31", "type": "home" } ], "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "postalCode": "1234" } } ``` I remove the `work` address by sending the request ``` PATCH /identity/restv1/scim/v2/Users/<user_inum> Content-Type: application/json Authorization: Bearer <some_token> { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "addresses[type eq \"work\"]" } ] } ``` Which returns a `200 OK` response with the body ``` { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "<user_inum>", "meta": { "resourceType": "User", "created": "2018-12-11T10:51:34.391Z", "lastModified": "2018-12-11T13:04:41.617Z", "location": "https://example.com/identity/restv1/scim/v2/Users/<user_inum>" }, "userName": "TestUser", "displayName": "TestUser", "active": true, "addresses": [ { "streetAddress": "Other Road 31", "type": "home" } ], "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "postalCode": "1234" } } ``` The address is also properly removed in LDAP. I then attempt to remove the remaining `home` address ``` PATCH /identity/restv1/scim/v2/Users/<user_inum> Content-Type: application/json Authorization: Bearer <some_token> { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "addresses[type eq \"home\"]" } ] } ``` Which returns `200 OK` with the body ``` { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "<user_inum>", "meta": { "resourceType": "User", "created": "2018-12-11T10:51:34.391Z", "lastModified": "2018-12-11T13:07:28.445Z", "location": "https://example.com/identity/restv1/scim/v2/Users/<user_inum>" }, "userName": "TestUser", "displayName": "TestUser", "active": true, "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "postalCode": "1234" } } ``` However, the remaning attribute is **not** removed in LDAP. Generally, it seems the problem lies with completely unassigning an attribute. This ended up a bit long. If you need clarification on any of the above, please ask; I'll answer to the best of my ability. # Notes May be tangentially related to the other issue [here](https://support.gluu.org/6344/) and [here](https://github.com/GluuFederation/oxTrust/issues/1372). My Java is somewhat rusty, but I looked at the [deleteFromResource() method](https://github.com/GluuFederation/oxTrust/blob/master/scim/src/main/java/org/gluu/oxtrust/model/scim2/util/ScimResourceUtil.java#L311) and the javadoc description seems to indicate that it simply returns the data with the given attribute purged from the response, instead of actually removing it from LDAP. Could this be where the issue arises? Since removing attributes of multi-value attributes that are not the last one, I'm not sure.

By Jose Gonzalez staff 11 Dec 2018 at 9:52 a.m. CST

Jose Gonzalez gravatar
Hi, we recently discovered some issues when trying to nullify attributes in LDAP with SCIM API (whether single or multivalued, core or belonging to extension). Here is what you can do to patch your service: 1. Login to chroot (`service gluu-server-3.1.4 login`) 1. Backup oxtrust war file: `cp /opt/gluu/jetty/identity/webapps/identity.war ~` 1. Download latest oxtrust: `wget https://ox.gluu.org/maven/org/xdi/oxtrust-server/3.1.5-SNAPSHOT/oxtrust-server-3.1.5-SNAPSHOT.war` 1. Extract files with the fix: `/opt/jre/bin/jar -xf oxtrust-server-3.1.5-SNAPSHOT.war WEB-INF/classes/org/gluu/oxtrust/service/scim2/Scim2UserService.class WEB-INF/classes/org/gluu/oxtrust/service/scim2/Scim2GroupService.class WEB-INF/lib/oxtrust-scim-3.1.5-SNAPSHOT.jar` 1. Remove old dependency in deployed war: `zip -d /opt/gluu/jetty/identity/webapps/identity.war WEB-INF/lib/oxtrust-scim-3.1.4.Final.jar` (I assume you are using Gluu Server 3.1.4) 1. Update files: `/opt/jre/bin/jar -uf /opt/gluu/jetty/identity/webapps/identity.war WEB-INF/classes/org/gluu/oxtrust/service/scim2/Scim2UserService.class WEB-INF/classes/org/gluu/oxtrust/service/scim2/Scim2GroupService.class WEB-INF/lib/oxtrust-scim-3.1.5-SNAPSHOT.jar` 1. Restart oxtrust: `service identity restart` 1. Remove files not needed anylonger: `rm -R WEB-INF ; rm oxtrust-server-3.1.5-SNAPSHOT.war` That should work (also solves the group membership removals)

By Thomas W. user 13 Dec 2018 at 6:25 a.m. CST

Thomas W. gravatar
Hi Jose. Thanks for the response, I had not noticed the issue on your GitHub, I must've missed that. Your guide was very helpful and I was able to apply the hotfix which seems to have alleviated the problem with "unsetting" the attributes; I am now able to remove attributes, both multi- and single-valued. However, there seems to be one issue: If I remove an extension attribute, e.g. `postalCode` as I used in the examples above, the attribute is removed properly from LDAP but an internal server error is encountered. It seems there is an attempt to index into an empty array while removing the extension attribute. # Example If I send the request ``` PATCH /identity/restv1/scim/v2/Users/<user_inum> Content-Type: application/json Authorization: Bearer <some_token> { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "urn:ietf:params:scim:schemas:extension:gluu:2.0:User:postalCode" } ] } ``` The postal code is removed in LDAP but I receive `500 Internal Server Error` response with the body ``` { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "status": "500", "scimType": "", "detail": "Unexpected error: Index: 0, Size: 0" } ``` The error output in `/opt/gluu/jetty/identity/logs/oxtrust.log` is ``` 2018-12-13 11:03:33,910 ERROR [qtp804611486-11] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:314) - Failure at patchUser method java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.rangeCheck(ArrayList.java:657) ~[?:1.8.0_181] at java.util.ArrayList.get(ArrayList.java:433) ~[?:1.8.0_181] at org.gluu.oxtrust.service.scim2.Scim2UserService.transferExtendedAttributesToResource(Scim2UserService.java:396) ~[classes/:?] at org.gluu.oxtrust.service.scim2.Scim2UserService.transferAttributesToUserResource(Scim2UserService.java:365) ~[classes/:?] at org.gluu.oxtrust.service.scim2.Scim2UserService.replacePersonInfo(Scim2UserService.java:502) ~[classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService.patchUser(UserWebService.java:301) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.patchUser(UserWebServiceDecorator.java:200) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.patchUser(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:67) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldClientProxy.patchUser(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] ```

By Jose Gonzalez staff 13 Dec 2018 at 1:29 p.m. CST

Jose Gonzalez gravatar
Very interesting... I tested this my self before closing the issue... The only apparent reason of failure could be a wrong data type association. Since you are using `postalCode` the type should be a string. Can you attach here for me the contents of the following URL: `https://yourhost/identity/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:gluu:2.0:User` It would be nice also if you can share more of the log, can you set the level of oxtrust to trace?: In oxtrust go to `Configuration` > `Json configuration` > `oxTrust configuration` and at the bottom choose `TRACE` in `loggingLvel`, the press the Update button. Wait 1 minute and then retry the operation. Attach as well please...

By Jose Gonzalez staff 13 Dec 2018 at 1:56 p.m. CST

Jose Gonzalez gravatar
Also, from what I can see in your log excerpt, it seems you are using the scim_event_handler script (found in `Configuration` > `Manage custom scripts` > `SCIM`) to do some kind of intermediate processing? That can be the source of the problem as well, if you don't need it, just disable that.

By Thomas W. user 14 Dec 2018 at 2:57 a.m. CST

Thomas W. gravatar
Hello Jose. Thanks for your continued assistance. # Extension schema The response for `https://example.com/identity/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:gluu:2.0:User` is ``` { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Schema" ], "id": "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "meta": { "resourceType": "Schema", "location": "https://example.com/identity/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:gluu:2.0:User" }, "name": "GluuUserCustomExtension", "description": "Gluu User Custom Extension", "attributes": [ { "name": "oxEnrollmentCode", "type": "string", "multiValued": false, "description": "oxEnrollmentCode", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "entryUUID", "type": "string", "multiValued": false, "description": "entryUUID", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "st", "type": "string", "multiValued": false, "description": "State or Province", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "c", "type": "string", "multiValued": false, "description": "Country", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "roomNumber", "type": "string", "multiValued": false, "description": "Room Number", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "manager", "type": "string", "multiValued": false, "description": "Manager", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "postalCode", "type": "string", "multiValued": false, "description": "Postal or Zip Code", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "l", "type": "string", "multiValued": false, "description": "City", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "uuid", "type": "string", "multiValued": false, "description": "Universally unique ID", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "employeeNumber", "type": "string", "multiValued": false, "description": "Employee Number", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "o", "type": "string", "multiValued": false, "description": "Organization", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "postOfficeBox", "type": "string", "multiValued": false, "description": "Postal Box", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "street", "type": "string", "multiValued": false, "description": "Street", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" }, { "name": "departmentNumber", "type": "string", "multiValued": false, "description": "Organizational Department", "required": false, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "none" } ] } ``` Note that I plan on removing most of the listed extension attributes except `uuid`, as I will most likely rely on a dynamic scope for OIDC to pull the primary address from `oxTrustAddresses` instead and leave the standard address fields blank. # Log output Log output from `/opt/gluu/jetty/identity/logs/oxtrust.log` with logging level set to `TRACE` ``` 2018-12-14 08:34:50,610 TRACE [qtp804611486-15] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:64) - REST call to '/scim/v2/Users/@!C852.9127.04FD.BD19!0001!A27B.3B68!0000!C8F4.6D16.D3AD.5612' intercepted 2018-12-14 08:34:50,611 INFO [qtp804611486-15] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2018-12-14 08:34:50,611 INFO [qtp804611486-15] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:107) - ==== SCIM Service call intercepted ==== 2018-12-14 08:34:50,613 INFO [qtp804611486-15] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:108) - Authorization header found 2018-12-14 08:34:50,626 INFO [qtp804611486-15] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:118) - SCIM is protected by UMA 2018-12-14 08:34:50,645 INFO [qtp804611486-15] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:82) - Authorization passed 2018-12-14 08:34:50,647 TRACE [qtp804611486-15] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:52) - Removing '$' char (if any) from attributes param 2018-12-14 08:34:50,648 TRACE [qtp804611486-15] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:52) - Removing '$' char (if any) from excludedAttributes param 2018-12-14 08:34:50,648 DEBUG [qtp804611486-15] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:65) - ReferenceURIInterceptor. manage exit 2018-12-14 08:34:50,649 INFO [qtp804611486-15] [gluu.oxtrust.ws.rs.scim2.BaseScimWebService] (BaseScimWebService.java:256) - inspectPatchRequest. Preprocessing of patch request passed 2018-12-14 08:34:50,653 DEBUG [qtp804611486-15] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:270) - Executing web service method. patchUser 2018-12-14 08:34:50,658 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:269) - transferAttributesToUserResource 2018-12-14 08:34:50,658 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:371) - transferExtendedAttributesToResource of type User 2018-12-14 08:34:50,658 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:382) - transferExtendedAttributesToResource. Revising attributes of extension 'urn:ietf:params:scim:schemas:extension:gluu:2.0:User' 2018-12-14 08:34:50,659 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:390) - transferExtendedAttributesToResource. Copying to resource the value(s) for attribute 'postalCode' 2018-12-14 08:34:50,659 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.ExtensionService] (ExtensionService.java:131) - convertValues. Added value '1234' 2018-12-14 08:34:50,659 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:390) - transferExtendedAttributesToResource. Copying to resource the value(s) for attribute 'uuid' 2018-12-14 08:34:50,659 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.ExtensionService] (ExtensionService.java:131) - convertValues. Added value 'e4a06d82-2e8e-45bf-8903-1faaec70d8da' 2018-12-14 08:34:50,660 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2PatchService] (Scim2PatchService.java:60) - applyPatchOperation of type REMOVE 2018-12-14 08:34:50,660 DEBUG [qtp804611486-15] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:292) - patchUser. Revising final resource representation still passes validations 2018-12-14 08:34:50,661 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'x509Certificates.value' 2018-12-14 08:34:50,661 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'photos.value' 2018-12-14 08:34:50,661 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'schemas' 2018-12-14 08:34:50,661 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'emails.value' 2018-12-14 08:34:50,662 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'entitlements.value' 2018-12-14 08:34:50,662 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'phoneNumbers.value' 2018-12-14 08:34:50,662 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'ims.value' 2018-12-14 08:34:50,662 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'userName' 2018-12-14 08:34:50,663 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'groups.value' 2018-12-14 08:34:50,663 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:67) - Validating existence of required attribute 'roles.value' 2018-12-14 08:34:50,663 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:92) - Validating value(s) of attribute 'photos.value' 2018-12-14 08:34:50,663 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:92) - Validating value(s) of attribute 'timezone' 2018-12-14 08:34:50,664 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:92) - Validating value(s) of attribute 'emails.value' 2018-12-14 08:34:50,664 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:92) - Validating value(s) of attribute 'phoneNumbers.value' 2018-12-14 08:34:50,664 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:92) - Validating value(s) of attribute 'addresses.country' 2018-12-14 08:34:50,664 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:92) - Validating value(s) of attribute 'locale' 2018-12-14 08:34:50,665 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:208) - validateExtendedAttributes. Revising attributes under schema urn:ietf:params:scim:schemas:extension:gluu:2.0:User 2018-12-14 08:34:50,665 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:226) - validateExtendedAttributes. Got value(s) for attribute 'uuid' 2018-12-14 08:34:50,665 DEBUG [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ResourceValidator] (ResourceValidator.java:171) - validateDataTypeExtendedAttr. Checking attribute 'uuid' for type 'string' with value 'e4a06d82-2e8e-45bf-8903-1faaec70d8da' 2018-12-14 08:34:50,665 INFO [qtp804611486-15] [gluu.oxtrust.model.scim2.util.ScimResourceUtil] (ScimResourceUtil.java:459) - adjustPrimarySubAttributes. Revising "primary":true uniqueness constraints 2018-12-14 08:34:50,666 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:160) - transferAttributesToPerson 2018-12-14 08:34:50,666 INFO [qtp804611486-15] [org.gluu.oxtrust.util.ServiceUtil] (ServiceUtil.java:341) - IN Utils.syncEmailForward()... 2018-12-14 08:34:50,666 INFO [qtp804611486-15] [org.gluu.oxtrust.util.ServiceUtil] (ServiceUtil.java:362) - LEAVING Utils.syncEmailForward()... 2018-12-14 08:34:50,666 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:249) - transferExtendedAttributesToPerson. Flushing attribute postalCode 2018-12-14 08:34:50,667 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:254) - transferExtendedAttributesToPerson. Setting attribute 'uuid' with values [e4a06d82-2e8e-45bf-8903-1faaec70d8da] 2018-12-14 08:34:50,667 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:491) - replacePersonInfo. Updating person info in LDAP 2018-12-14 08:34:50,697 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:269) - transferAttributesToUserResource 2018-12-14 08:34:50,697 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:371) - transferExtendedAttributesToResource of type User 2018-12-14 08:34:50,697 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:382) - transferExtendedAttributesToResource. Revising attributes of extension 'urn:ietf:params:scim:schemas:extension:gluu:2.0:User' 2018-12-14 08:34:50,697 DEBUG [qtp804611486-15] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:390) - transferExtendedAttributesToResource. Copying to resource the value(s) for attribute 'postalCode' 2018-12-14 08:34:50,698 ERROR [qtp804611486-15] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:314) - Failure at patchUser method java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.rangeCheck(ArrayList.java:657) ~[?:1.8.0_181] at java.util.ArrayList.get(ArrayList.java:433) ~[?:1.8.0_181] at org.gluu.oxtrust.service.scim2.Scim2UserService.transferExtendedAttributesToResource(Scim2UserService.java:396) ~[classes/:?] at org.gluu.oxtrust.service.scim2.Scim2UserService.transferAttributesToUserResource(Scim2UserService.java:365) ~[classes/:?] at org.gluu.oxtrust.service.scim2.Scim2UserService.replacePersonInfo(Scim2UserService.java:502) ~[classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService.patchUser(UserWebService.java:301) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.patchUser(UserWebServiceDecorator.java:200) [classes/:?] at sun.reflect.GeneratedMethodAccessor1083.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.patchUser(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor1082.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:67) [classes/:?] at sun.reflect.GeneratedMethodAccessor1042.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldClientProxy.patchUser(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor1081.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] 2018-12-14 08:34:54,220 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access 2018-12-14 08:34:54,224 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access 2018-12-14 08:34:54,225 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access 2018-12-14 08:34:54,226 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access 2018-12-14 08:34:54,229 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access 2018-12-14 08:34:54,235 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access 2018-12-14 08:34:54,236 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.PermissionService] (PermissionService.java:57) - Checking permissions for target 'log' an 'action'. Identity: access ``` # Custom SCIM script You are correct in your assumption that I have an active SCIM event handler script. I did not consider that that could cause issues since it only has any implemented functionality for the `createUser` method. I would like to keep it active since it sets a UUID attribute on the user on creation. However, I disabled the script and the error stopped happening! For testing I tried the following: I cleared all array handling in the script, leaving no arrays in my custom script and tried re-enabling it: The error happened again when updating the user. I disabled my custom script, and tried enabling the template/example script provided with the installation of Gluu, and the error happens again when updating the attribute. The template/example script looks like the following ``` # oxTrust is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. # Copyright (c) 2014, Gluu # # Author: Jose Gonzalez # from org.xdi.model.custom.script.type.scim import ScimType from org.xdi.util import StringHelper, ArrayHelper from java.util import Arrays, ArrayList from org.gluu.oxtrust.ldap.service import PersonService from org.xdi.service.cdi.util import CdiUtil from org.gluu.oxtrust.model import GluuCustomPerson import java class ScimEventHandler(ScimType): def __init__(self, currentTimeMillis): self.currentTimeMillis = currentTimeMillis def init(self, configurationAttributes): print "ScimEventHandler (init): Initialized successfully" return True def destroy(self, configurationAttributes): print "ScimEventHandler (destroy): Destroyed successfully" return True def getApiVersion(self): #return 2 if you want the post* scripts being executed return 1 def createUser(self, user, configurationAttributes): print "ScimEventHandler (createUser): Current id = " + user.getUid() testProp1 = configurationAttributes.get("testProp1").getValue2() testProp2 = configurationAttributes.get("testProp2").getValue2() print "ScimEventHandler (createUser): testProp1 = " + testProp1 print "ScimEventHandler (createUser): testProp2 = " + testProp2 return True def updateUser(self, user, configurationAttributes): personService = CdiUtil.bean(PersonService) oldUser = personService.getPersonByUid(user.getUid()) print "ScimEventHandler (updateUser): Old displayName %s" % oldUser.getDisplayName() print "ScimEventHandler (updateUser): New displayName " + user.getDisplayName() return True def deleteUser(self, user, configurationAttributes): print "ScimEventHandler (deleteUser): Current id = " + user.getUid() return True def createGroup(self, group, configurationAttributes): print "ScimEventHandler (createGroup): Current displayName = " + group.getDisplayName() return True def updateGroup(self, group, configurationAttributes): print "ScimEventHandler (updateGroup): Current displayName = " + group.getDisplayName() return True def deleteGroup(self, group, configurationAttributes): print "ScimEventHandler (deleteGroup): Current displayName = " + group.getDisplayName() return True def postCreateUser(self, user, configurationAttributes): return True def postUpdateUser(self, user, configurationAttributes): return True def postDeleteUser(self, user, configurationAttributes): return True def postUpdateGroup(self, group, configurationAttributes): return True def postCreateGroup(self, group, configurationAttributes): return True def postDeleteGroup(self, group, configurationAttributes): return True ``` So, to sum up, no exceptions are thrown when the SCIM event handler script is **not** active. If the SCIM event handler script **is** active, even the default implementation, an `IndexOutOfBoundsException` exception is thrown.

By Jose Gonzalez staff 14 Dec 2018 at 10:20 a.m. CST

Jose Gonzalez gravatar
Thomas, I was able to replicate this so I reopened the issue. I pushed some commits for fixing it already. In preliminary tests, things seem fine. I'll close the issue when I'm totally sure we are bug free. If you want to try, repeat the instructions given in my first answer of this ticket (actually, only `Scim2UserService.class` has changes) Thanks for your feedback. Let me know if you still face strange behaviors. And yes, `addresses` of SCIM spec support most of the attributes shown in your extension.

By Thomas W. user 17 Dec 2018 at 3:27 a.m. CST

Thomas W. gravatar
Hi Jose. Thanks for the update. I have applied the updated `Scim2UserService.class` and I am able to remove an **existing** extension attribute without any issues! I emphasized "existing" above as it seems that if I send a `REMOVE` patch operation for an extension attribute that is not set on the user, a `NullPointerException` is thrown, see example below. # Example Assume a user where `urn:ietf:params:scim:schemas:extension:gluu:2.0:User:postalCode` is **not** set. If I send the request ``` PATCH /identity/restv1/scim/v2/Users/<user_inum> Content-Type: application/json Authorization: Bearer <some_token> { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op": "remove", "path": "urn:ietf:params:scim:schemas:extension:gluu:2.0:User:postalCode" } ] } ``` A `500 Internal Server Error` response is returned with the body ``` { "schemas": [ "urn:ietf:params:scim:api:messages:2.0:Error" ], "status": "500", "scimType": "", "detail": "Unexpected error: null" } ``` Based on our earlier conversation here, I disabled the `scim_event_handler` script to verify whether that was where the issue arose. However, this seems to happen with **or** without an `scim_event_handler` script active. For good measure, here is log output (loglevel set to `TRACE`) for oxtrust with and without the event handler script active, though I don't notice much of a difference between the two. `/opt/gluu/jetty/identity/logs/oxtrust.log` (`scim_event_handler` **enabled**) ``` 2018-12-17 09:19:38,082 DEBUG [oxTrustScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-12-17 09:19:38,083 DEBUG [oxTrustScheduler_Worker-5] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.ConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-12-17 09:19:38,084 DEBUG [oxTrustScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-12-17 09:19:38,086 DEBUG [oxTrustScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-12-17 09:19:38,087 DEBUG [oxTrustScheduler_Worker-3] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.LoggerUpdateEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-12-17 09:19:38,087 DEBUG [oxTrustScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-12-17 09:19:38,156 DEBUG [oxTrustScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-12-17 09:19:38,156 DEBUG [oxTrustScheduler_Worker-1] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.gluu.oxtrust.service.cdi.event.MetadataValidationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-12-17 09:19:38,157 DEBUG [oxTrustScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-12-17 09:19:38,157 DEBUG [Thread-717] [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] (MetadataValidationTimer.java:112) - Starting metadata validation 2018-12-17 09:19:38,157 TRACE [Thread-717] [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] (MetadataValidationTimer.java:159) - Starting metadata validation process. 2018-12-17 09:19:38,157 DEBUG [Thread-717] [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] (MetadataValidationTimer.java:116) - Metadata validation finished with result: 'false' 2018-12-17 09:19:38,597 TRACE [qtp804611486-13] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:64) - REST call to '/scim/v2/Users/@!C852.9127.04FD.BD19!0001!A27B.3B68!0000!1F25.4925.58A0.833A' intercepted 2018-12-17 09:19:38,597 INFO [qtp804611486-13] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2018-12-17 09:19:38,598 INFO [qtp804611486-13] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:107) - ==== SCIM Service call intercepted ==== 2018-12-17 09:19:38,598 INFO [qtp804611486-13] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:108) - Authorization header found 2018-12-17 09:19:38,700 INFO [qtp804611486-13] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:118) - SCIM is protected by UMA 2018-12-17 09:19:38,718 ERROR [qtp804611486-13] [org.gluu.oxtrust.service.uma.UmaPermissionService] (UmaPermissionService.java:116) - Status response for RPT token: 'None' is invalid 2018-12-17 09:19:38,728 DEBUG [qtp804611486-13] [org.gluu.oxtrust.service.uma.UmaPermissionService] (UmaPermissionService.java:189) - Construct response: HTTP 401 (Unauthorized), ticket: '05a6f6e1-a337-4e98-810b-7b7287501fe7' 2018-12-17 09:19:38,859 TRACE [qtp804611486-13] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:64) - REST call to '/scim/v2/Users/@!C852.9127.04FD.BD19!0001!A27B.3B68!0000!1F25.4925.58A0.833A' intercepted 2018-12-17 09:19:38,859 INFO [qtp804611486-13] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2018-12-17 09:19:38,859 INFO [qtp804611486-13] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:107) - ==== SCIM Service call intercepted ==== 2018-12-17 09:19:38,859 INFO [qtp804611486-13] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:108) - Authorization header found 2018-12-17 09:19:38,868 INFO [qtp804611486-13] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:118) - SCIM is protected by UMA 2018-12-17 09:19:38,878 INFO [qtp804611486-13] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:82) - Authorization passed 2018-12-17 09:19:38,881 TRACE [qtp804611486-13] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:52) - Removing '$' char (if any) from attributes param 2018-12-17 09:19:38,881 TRACE [qtp804611486-13] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:52) - Removing '$' char (if any) from excludedAttributes param 2018-12-17 09:19:38,881 DEBUG [qtp804611486-13] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:65) - ReferenceURIInterceptor. manage exit 2018-12-17 09:19:39,113 INFO [qtp804611486-13] [gluu.oxtrust.ws.rs.scim2.BaseScimWebService] (BaseScimWebService.java:256) - inspectPatchRequest. Preprocessing of patch request passed 2018-12-17 09:19:39,117 DEBUG [qtp804611486-13] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:270) - Executing web service method. patchUser 2018-12-17 09:19:39,121 DEBUG [qtp804611486-13] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:268) - transferAttributesToUserResource 2018-12-17 09:19:39,121 DEBUG [qtp804611486-13] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:370) - transferExtendedAttributesToResource of type User 2018-12-17 09:19:39,122 DEBUG [qtp804611486-13] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:381) - transferExtendedAttributesToResource. Revising attributes of extension 'urn:ietf:params:scim:schemas:extension:gluu:2.0:User' 2018-12-17 09:19:39,122 DEBUG [qtp804611486-13] [org.gluu.oxtrust.service.scim2.Scim2PatchService] (Scim2PatchService.java:60) - applyPatchOperation of type REMOVE 2018-12-17 09:19:39,123 ERROR [qtp804611486-13] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:314) - Failure at patchUser method java.lang.NullPointerException: null at org.gluu.oxtrust.model.scim2.util.ScimResourceUtil.deleteCustomAttribute(ScimResourceUtil.java:232) ~[oxtrust-scim-3.1.5-SNAPSHOT.jar:?] at org.gluu.oxtrust.model.scim2.util.ScimResourceUtil.deleteFromResource(ScimResourceUtil.java:336) ~[oxtrust-scim-3.1.5-SNAPSHOT.jar:?] at org.gluu.oxtrust.service.scim2.Scim2PatchService.applyPatchOperation(Scim2PatchService.java:138) ~[classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService.patchUser(UserWebService.java:288) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.patchUser(UserWebServiceDecorator.java:200) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.patchUser(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:67) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldClientProxy.patchUser(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] 2018-12-17 09:19:40,718 DEBUG [oxTrustScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-12-17 09:19:40,719 DEBUG [oxTrustScheduler_Worker-2] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.UpdateScriptEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-12-17 09:19:40,734 DEBUG [oxTrustScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended ``` `/opt/gluu/jetty/identity/logs/oxtrust.log` (`scim_event_handler` **disabled**) ``` 2018-12-17 09:12:34,105 TRACE [qtp804611486-12] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:64) - REST call to '/scim/v2/Users/@!C852.9127.04FD.BD19!0001!A27B.3B68!0000!1F25.4925.58A0.833A' intercepted 2018-12-17 09:12:34,105 INFO [qtp804611486-12] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2018-12-17 09:12:34,106 INFO [qtp804611486-12] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:107) - ==== SCIM Service call intercepted ==== 2018-12-17 09:12:34,106 INFO [qtp804611486-12] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:108) - Authorization header found 2018-12-17 09:12:34,221 INFO [qtp804611486-12] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:118) - SCIM is protected by UMA 2018-12-17 09:12:34,244 ERROR [qtp804611486-12] [org.gluu.oxtrust.service.uma.UmaPermissionService] (UmaPermissionService.java:116) - Status response for RPT token: 'None' is invalid 2018-12-17 09:12:34,257 DEBUG [qtp804611486-12] [org.gluu.oxtrust.service.uma.UmaPermissionService] (UmaPermissionService.java:189) - Construct response: HTTP 401 (Unauthorized), ticket: 'c38fe173-46bf-40bf-b5ff-42272dbaf362' 2018-12-17 09:12:34,395 TRACE [qtp804611486-9] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:64) - REST call to '/scim/v2/Users/@!C852.9127.04FD.BD19!0001!A27B.3B68!0000!1F25.4925.58A0.833A' intercepted 2018-12-17 09:12:34,396 INFO [qtp804611486-9] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:78) - Path is protected, proceeding with authorization processing... 2018-12-17 09:12:34,396 INFO [qtp804611486-9] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:107) - ==== SCIM Service call intercepted ==== 2018-12-17 09:12:34,396 INFO [qtp804611486-9] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:108) - Authorization header found 2018-12-17 09:12:34,406 INFO [qtp804611486-9] [org.gluu.oxtrust.service.uma.ScimUmaProtectionService] (ScimUmaProtectionService.java:118) - SCIM is protected by UMA 2018-12-17 09:12:34,416 INFO [qtp804611486-9] [org.gluu.oxtrust.service.filter.AuthorizationProcessingFilter] (AuthorizationProcessingFilter.java:82) - Authorization passed 2018-12-17 09:12:34,420 TRACE [qtp804611486-9] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:52) - Removing '$' char (if any) from attributes param 2018-12-17 09:12:34,420 TRACE [qtp804611486-9] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:52) - Removing '$' char (if any) from excludedAttributes param 2018-12-17 09:12:34,420 DEBUG [qtp804611486-9] [gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor] (ReferenceURIInterceptor.java:65) - ReferenceURIInterceptor. manage exit 2018-12-17 09:12:34,661 INFO [qtp804611486-9] [gluu.oxtrust.ws.rs.scim2.BaseScimWebService] (BaseScimWebService.java:256) - inspectPatchRequest. Preprocessing of patch request passed 2018-12-17 09:12:34,665 DEBUG [qtp804611486-9] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:270) - Executing web service method. patchUser 2018-12-17 09:12:34,669 DEBUG [qtp804611486-9] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:268) - transferAttributesToUserResource 2018-12-17 09:12:34,670 DEBUG [qtp804611486-9] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:370) - transferExtendedAttributesToResource of type User 2018-12-17 09:12:34,670 DEBUG [qtp804611486-9] [org.gluu.oxtrust.service.scim2.Scim2UserService] (Scim2UserService.java:381) - transferExtendedAttributesToResource. Revising attributes of extension 'urn:ietf:params:scim:schemas:extension:gluu:2.0:User' 2018-12-17 09:12:34,670 DEBUG [qtp804611486-9] [org.gluu.oxtrust.service.scim2.Scim2PatchService] (Scim2PatchService.java:60) - applyPatchOperation of type REMOVE 2018-12-17 09:12:34,673 ERROR [qtp804611486-9] [gluu.oxtrust.ws.rs.scim2.UserWebService] (UserWebService.java:314) - Failure at patchUser method java.lang.NullPointerException: null at org.gluu.oxtrust.model.scim2.util.ScimResourceUtil.deleteCustomAttribute(ScimResourceUtil.java:232) ~[oxtrust-scim-3.1.5-SNAPSHOT.jar:?] at org.gluu.oxtrust.model.scim2.util.ScimResourceUtil.deleteFromResource(ScimResourceUtil.java:336) ~[oxtrust-scim-3.1.5-SNAPSHOT.jar:?] at org.gluu.oxtrust.service.scim2.Scim2PatchService.applyPatchOperation(Scim2PatchService.java:138) ~[classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService.patchUser(UserWebService.java:288) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.service.scim2.interceptor.UserWebServiceDecorator.patchUser(UserWebServiceDecorator.java:200) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.annotated.runtime.InvokableAnnotatedMethod.invokeOnInstance(InvokableAnnotatedMethod.java:86) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.DecoratorProxyMethodHandler.doInvoke(DecoratorProxyMethodHandler.java:67) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.util.proxy.TargetInstanceProxyMethodHandler.invoke(TargetInstanceProxyMethodHandler.java:33) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.TargetBeanInstance.invoke(TargetBeanInstance.java:91) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:106) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_Weld$Proxy$.patchUser(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal(TerminalAroundInvokeInvocationContext.java:51) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed(AroundInvokeInvocationContext.java:78) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.service.scim2.interceptor.ReferenceURIInterceptor.manage(ReferenceURIInterceptor.java:67) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:73) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeAroundInvoke(InterceptorMethodHandler.java:84) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.executeInterception(InterceptorMethodHandler.java:72) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.InterceptorMethodHandler.invoke(InterceptorMethodHandler.java:56) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:81) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.bean.proxy.CombinedInterceptorAndDecoratorStackMethodHandler.invoke(CombinedInterceptorAndDecoratorStackMethodHandler.java:68) [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldSubclass.patchUser(Unknown Source) [classes/:?] at org.gluu.oxtrust.ws.rs.scim2.UserWebService$Proxy$_$$_WeldClientProxy.patchUser(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.24.Final.jar:3.0.24.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.2.Final.jar:3.4.2.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] ```

By Jose Gonzalez staff 17 Dec 2018 at 7:37 a.m. CST

Jose Gonzalez gravatar
Interesting corner case. Actually it fails only when the user has none of the extended attributes set. If it had just one (not necessarily the one you want to remove), the operation completes... Please update your oxtrust-scim.jar, here is how: ``` $ sudo service gluu-server-3.1.4 login # mkdir WEB-INF; cd WEB-INF; mkdir lib; cd lib # wget https://ox.gluu.org/maven/org/xdi/oxtrust-scim/3.1.5-SNAPSHOT/oxtrust-scim-3.1.5-SNAPSHOT.jar # cd .. # cd .. # /opt/jre/bin/jar -uf /opt/gluu/jetty/identity/webapps/identity.war WEB-INF/lib/oxtrust-scim-3.1.5-SNAPSHOT.jar # rm -R WEB-INF/ # service identity restart # exit ``` Feel free to feed this thread if you have more problems related to removing attributes with PATCH. For any other SCIM issue open a separate ticket. Thanks for spotting the errors. PS: Next time please attach logs - do not paste

By Thomas W. user 19 Dec 2018 at 4:32 a.m. CST

Thomas W. gravatar
Hi Jose. Thank you for the quick response and hotfix implementation. I have applied the latest changes and am happy to report that I do not currently see any issues! I will report back if I discover any new issues. (Will also keep in mind to attach logs next time.)