0

i'm getting strange behaviours with user deletion in wso2 IS 5.7. I have deployed a tenant A with a secondary LDAP user store while primary user store is on Postgres.

So I have 2 domain for new users:

  1. Domain A (primary user store)
  2. Domain B (LDAP secondary user store)

and 4 possible domains for new roles:

  1. Primary
  2. Internal
  3. Application
  4. domain D (from the ldap domain)

Case 1) Any user deletion through scim2 API invoked with the admin of the tenant works. HTTP 204 is returned. User is deleted

Case 2) User A created in LDAP with a Role R. Both have LDAP domain D. When I try to delete a user in the LDAP through scim2 API, 403 Forbidden is returned. User is not deleted.

Case 3) User B created on primary user-store with a Role R2 created with the domain Internal or Primary. HTTP/1.1 500 Internal Server Error is returned.. User is deleted.

I have no meaningful logs in wso2 console.

Catalina logs: 127.0.0.1 - - [06/Mar/2019:11:15:25 +0100] "DELETE /t/tenant.com/scim2/Users/6c133a5e-ba74-4021-8f5f-8e1bf62af506 HTTP/1.1" 500 146 "-" "curl/7.29.0"

Any idea? Thanks for your help.

Community
  • 1
  • 1
Ma io
  • 75
  • 8
  • Can you check the possibility of deleting from management console? – Gayan Mar 07 '19 at 14:57
  • Solved. the user did not have the permission to manage consent (delete in this case). Giving the user that make the API call the right permissions (consent management) it worked. thank you – Ma io Mar 07 '19 at 17:38

1 Answers1

0

the user did not have the permission to manage consent (delete in this case). After I gave the user that make the API call the right permissions (consent management), it worked.

Ma io
  • 75
  • 8