0

I'm trying to create a new carbon user with wso2 v3.2.0 installed on docker, using scim2 endpoints. When I try to issue a POST request on /scim2/Users endpoint, I always get a 401 Unauthorized response even though properly authenticated with scopes.

  1. First, I create a token to authorize the admin user
curl --location --request POST 'https://<ip>:9443/oauth2/token' \
--header 'Authorization: Basic Q2J2RFg2bTJHTldaWGlyeklTMHFUVVd2VkVRYTpvNmZKMHRXeGFmekVqQ3hFVDBCMTA2d000ZUlh' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'scope=internal_user_mgt_create'

And I receive my token

{
    "access_token": "9f368c42-2f75-3c20-b55b-08d7c0431a9e",
    "refresh_token": "281a36d8-4ccd-3ef9-957c-d4db802fbbab",
    "scope": "default internal_user_mgt_create",
    "token_type": "Bearer",
    "expires_in": 2413
}
  1. Then I issue my request to create a new User
curl --location --request POST 'https://<ip>:9443/t/wso2/scim2/Users' \
--header 'Authorization: Bearer 9f368c42-2f75-3c20-b55b-08d7c0431a9e' \
--header 'Content-Type: application/scim+json' \
--header 'Accept: application/scim+json' \
--data-raw '{
  "schemas": [],
  "name": {
    "givenName": "Kim",
    "familyName": "Berry"
  },
  "userName": "kim",
  "password": "abc123",
  "emails": [
    {
      "type": "home",
      "value": "kim@gmail.com",
      "primary": true
    },
    {
      "type": "work",
      "value": "kim@wso2.com"
    }
  ]
}'

But I always get this response

Error 401 - Unauthorized

How can I resolve this?

hubfix
  • 49
  • 7
  • Are you trying this with wso2 APIM v320? – Pubci Jul 28 '21 at 11:39
  • Yes I am, installed on docker (I've already setup the new host ip and everything works fine) – hubfix Jul 28 '21 at 12:39
  • The `t/carbon.super/api/identity/user/v1.0/me` endpoint works fine, but then I cannot change user's roles. I was looking for an endpoint to create a new user and give them roles like `internal/creator` etc. That's why I'm using SCIM2, but I can't get past the Unauthorized error – hubfix Jul 28 '21 at 13:48
  • As per the second request URL `https://:9443/t/wso2/scim2/Users`, you are trying to create a user in tenant wso2. Do you have such tenant? Your token is generated for admin user who is in carbon.super. so try the URL `https://:9443/scim2/Users` / `https://:9443/t/carbon.super/scim2/Users` in your second request – Anuradha Karunarathna Jul 28 '21 at 18:54
  • I tried both the endpoints you suggested, but it gives me response `200` with a wso2 webpage. Do I need to install something or am I missing something? I thought that wso2 api manager 3.2.0 ad scim2 out of the box. – hubfix Jul 29 '21 at 07:28
  • So I investigated and noticed that there is no scim installation in my wso2 api manager 3.2.0 .Don't know if it is supposed to be like that or it is an issue with docker installations. I've found instead that identity server 5.10 has scim installed, how can I make api manager and identity server share the same db? So I can create users through identity server apis and manage them with api manager – hubfix Jul 30 '21 at 06:47
  • I've tried configuring Identity Server's user store as the Api Manager shared db, but when I call scim2 apis on identity server it says that `user store REMOTE doesn't have scim enabled` even though through api manager settings I've enabled scim2 – hubfix Jul 30 '21 at 06:48

0 Answers0