Im currently trying to implement the SCIM protocol for synchronizing Users & Groups from AzureAD into my application.
For development I use a MS tutorial and the RFC for SCIM:
- https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups
- https://datatracker.ietf.org/doc/html/rfc7644
For validation of my endpoints I use Microsofts AzureAD SCIM Validator: https://scimvalidator.microsoft.com/
Running the validation I only get one error message: https://i.stack.imgur.com/Ru5KU.png
The belonging Group was created by SCIM Validator using the following request:
POST /scim/Groups 1.1
Host: ngrok-free.app
Content-Type: application/scim+json; charset=utf-8
{
"displayName": "3TCVOGSGK5K3",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}
The PATCH request in question is
PATCH /scim/Groups/66f04454-be03-446b-885b-dad2f37568f9 1.1
Host: ngrok-free.app
Content-Type: application/scim+json; charset=utf-8
{
"Operations": [
{
"op": "replace",
"path": "members[type eq \"untyped\"].value",
"value": "P781Y6CGE6C6"
},
{
"op": "replace",
"value": {
"displayName": "BXCXL6SD5JFM"
}
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}
Which gets the following response by my endpoint
Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Date: Thu, 08 Jun 2023 17:51:30 GMT
Pragma: no-cache
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Transfer-Encoding: chunked
Content-Type: application/scim+json
Expires: 0
{
"displayName": "BXCXL6SD5JFM",
"id": "66f04454-be03-446b-885b-dad2f37568f9",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}
What I do when recieving the request is replacing all members of the group with the one mentioned in the value ("P781Y6CGE6C6").
I dont know what the wanted behavior is for this request - maybe anyone understands it better and can explain it to me?
Best Regards