How to add roles/group while adding a user in wso2 is 5.9.0 using scim2 apis?

Question

I am trying to create a user using this api-https://localhost:9443/scim2/Users

How do i add this user to a created group? Can you please Provide the payload

My Payload-

{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "name": {
        "familyName": "jackson",
        "givenName": "kim"
    },
    "userName": "test2",
    "password": "abc123",
    "postalcode":"56789",
    "profileUrl":"gmail.com",
    "emails": [
        {
            "type":"default",
            "value":"a@gmail.com"
        },
        {
            "value": "kim.jackson@gmail.com",
            "type": "home"
        },
        {
            "value": "kim_j@wso2.com",
            "type": "work"
        }
    ]
}

score 3 · Accepted Answer · answered Dec 09 '19 at 11:20

3

Following will add the user "Kris" with SCIM id "81cbba1b-c259-485d-8ba4-79afb03e5bd1" to the group using "Patch" operation.

{
   "schemas":[
      "urn:ietf:params:scim:api:messages:2.0:PatchOp"
   ],
   "Operations":[
      {
         "op":"add",
         "value":{
            "members":[
               {
                  "display":"Kris",
                  "$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1",
                  "value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"
               }
            ]
         }
      }
   ]
}

Bellow is the full CURL command. You can always refer [1] for API information.

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

[1] https://docs.wso2.com/display/IS570/apidocs/SCIM2-endpoints/#!/operations#GroupsEndpoint#patchGroup

answered Dec 09 '19 at 11:20

Jayanga Kaushalya

2,674
5
38
58

Sir is it possible to add roles while creating the users or will i have to add them everytime into the group after a user is created???????? – Aman Prakash Dec 09 '19 at 11:27
1

Yes you can. By defining them in the "groups" attribute. https://tools.ietf.org/html/rfc7643#section-4.1.1 – Jayanga Kaushalya Dec 09 '19 at 11:34
Sir i am trying to send this - – Aman Prakash Dec 09 '19 at 12:13
{ "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "name": { "familyName": "jackson", "givenName": "kim" }, "userName": "test12345", "password": "abc123", "postalcode":"56789", "profileUrl":"gmail.com", "roles": [ { "type": "default", "value": "s2ic" } ] } – Aman Prakash Dec 09 '19 at 12:14
It is still getting added in internal/everyone – Aman Prakash Dec 09 '19 at 12:14
1

Seems I read the spec wrong. https://tools.ietf.org/html/rfc7643#section-4.1.2 says groups are readonly attribute. So unfortunately you can't add groups while creating the user. The other way is possible (Add users while creating groups) but this isn't. – Jayanga Kaushalya Dec 09 '19 at 14:15

How to add roles/group while adding a user in wso2 is 5.9.0 using scim2 apis?

1 Answers1