By: Balasubramanian contus user 25 Mar 2019 at 7:50 a.m. CDT

5 Responses
Balasubramanian contus gravatar
Hi Team, **Before Update:** "role": "{\"operation\":null,\"value\":\"operator\",\"display\":null,\"primary\":false,\"type\":null}", **After Update :** "role": "{\"operation\":null,\"value\":\"operator\",\"display\":null,\"primary\":false,\"type\":null}", I tried to update role parameter using PUT request https://oauthserver/identity/restv1/scim/v2/Users/{auth_id} But it is not updating. it contain same value. { "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "roles": [{ "value": "admin" }] } **Note:** While creating user i am passing role parameter, it will insert the role parameter into User info. But update only not happening. Kindly provide the solution for this. Thanks.

By Jose Gonzalez staff 25 Mar 2019 at 10:05 a.m. CDT

Jose Gonzalez gravatar
Hi, Please share the payload for the PUT operation you are sending. Include the full JSON response you are receiving from the server. I think it will be helpful to share the sample POST used for creating the user.

By Balasubramanian contus user 26 Mar 2019 at 4:21 a.m. CDT

Balasubramanian contus gravatar
Hi, Please find the PUT request JSON payload and response payload below. **User update Request:** URL : https://test-oauth.com/identity/restv1/scim/v2/Users/@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF Method: PUT { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "name": { "givenName": "tempcall", "familyName": "tempcall" }, "displayName": "tempcall testup", "roles": [ { "operation": null, "value": "enterpriseadmin", "display": null, "primary": true, "type": null } ] } **Response:** { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF", "externalId": "1553", "meta": { "resourceType": "User", "created": "2019-03-20T07:43:11.365Z", "lastModified": "2019-03-26T09:07:51.480Z", "location": "https://test-oauth.com/identity/restv1/scim/v2/Users/@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF" }, "userName": "test02@virtual-email.com", "name": { "familyName": "tempcall", "givenName": "tempcall", "formatted": "tempcall tempcall" }, "displayName": "tempcall testup", "active": true, "emails": [ { "value": "test02@virtual-email.com" } ], "phoneNumbers": [ { "value": "9966332255" } ], "roles": [ { "value": "enterpriseadmin", "primary": true } ], "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "roomNumber": "websiteid", "mail": "test02@virtual-email.com", "oxTrustRole": ""{\"value\":\"enterpriseuser\",\"display\":null,\"type\":null,\"primary\":null}"", "countryCode": "91", "street": "websitename", "mobile": "9966332255", "customerId": "tempcall9966222211555", "company": "tempcall", "oxTrustExternalId": "1553", "uniqueUserId": "1553" } } **User info response:** Url : https://test-oauth.com/oxauth/restv1/userinfo { "role": "{\"operation\":null,\"value\":\"enterpriseuser\",\"display\":null,\"primary\":false,\"type\":null}", "sub": "blZegGcK0_AyTW9kTsPyuounesNJwgEW_NkEMHK9bpU", "externalId": "1553", "phone_mobile_number": "9966332255", "given_name": "tempcall", "inum": "@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF", "uniqueUserId": "1553", "updated_at": 1552986608561, "countryCode": "91", "name": "tempcall tempcall", "customerId": "tempcall9966222211555", "company": "tempcall", "family_name": "tempcall", "status": "unlocked", "email_verified": false, "email": "test02@virtual-email.com" } I tried to update enterpiseuser as enterpriseadmin, but it is not updating, after PUT request to update user info, still the user info response showing role as enterpriseuser. we need to update user role. please check. Thanks,

By Jose Gonzalez staff 26 Mar 2019 at 5:53 a.m. CDT

Jose Gonzalez gravatar
Hi, The response of your PUT reports ` "roles": [ { "value": "enterpriseadmin", "primary": true } ]` (meaning the update took place...). Can you paste the result of the SCIM GET for the user after the update (e.g `https://your-host/identity/restv1/scim/v2/Users/@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF`) to see if roles info is consistent? If it is, then we have a problem in openid userinfo...

By Balasubramanian contus user 28 Mar 2019 at 4:22 a.m. CDT

Balasubramanian contus gravatar
Hi The result of SCIM GET for the user after update. Role is not updating. { "schemas": [ "urn:ietf:params:scim:schemas:extension:gluu:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF", "externalId": "1553", "meta": { "resourceType": "User", "created": "2019-03-20T07:43:11.365Z", "lastModified": "2019-03-26T09:15:05.897Z", "location": "https://test-oauth.com/identity/restv1/scim/v2/Users/@!3A4B.9D8B.14EC.FEC7!0001!9C14.1138!0000!1331.8BED.C70B.B7BF" }, "userName": "test02@virtual-email.com", "name": { "familyName": "tempcall", "givenName": "tempcall", "formatted": "tempcall tempcall" }, "displayName": "tempcall testup", "active": true, "emails": [ { "value": "test02@virtual-email.com" } ], "phoneNumbers": [ { "value": "9966332255" } ], "roles": [], "urn:ietf:params:scim:schemas:extension:gluu:2.0:User": { "roomNumber": "websiteid", "mail": "test02@virtual-email.com", "oxTrustRole": "enterpriseuser", "countryCode": "91", "street": "websitename", "mobile": "9966332255", "customerId": "tempcall9966222211555", "company": "tempcall", "oxTrustExternalId": "1553", "uniqueUserId": "1553" } }

By Jose Gonzalez staff 28 Mar 2019 at 6:47 a.m. CDT

Jose Gonzalez gravatar
Hi contus, In my tests role updates are working fine. I notice that you are having the following attributes as part of your extension: - roomNumber - mail - oxTrustRole - countryCode - street - mobile - customerId - company - oxTrustExternalId - uniqueUserId Some of these attributes are already part of core SCIM schema attributes and thus, they should not be there. For instance, mail, street, and mobile data should be handled via `emails`, `addresses`, and `phoneNumbers` respectively. Particularly oxTrustExternalId LDAP attribute is used to store `externalId` of SCIM, and oxTrustRole is used to store `roles`. That means that if you supply both `roles` and `oxTrustRole` in your payload, the destination LDAP attribute is updated twice, probably retaining the value passed in the extension section of the JSON. My advise is take a look at the supported attributes in the core SCIM schema (ie. https://your-gluu-host/identity/restv1/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User) and use them as much as possible. If there is no fit for some need, make the attribute part of the extension. I'm closing this ticket. If you still face problems you will have to figure out on your own how to solve them unless you want to purchase a support plan. FYI the relevant logs are found at: `/opt/gluu/jetty/identity/logs/oxtrust.log` and `/opt/gluu/jetty/oxauth/logs/oxauth.log` in chroot. It's very helpful to set logs to DEBUG or TRACE level when having difficulties. Kind regards, Jose