Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCIM - urn:ietf:params:scim:schemas:extension:enterprise:2.0:User "Manager" not RFC7643 Compliant #15369

Open
tdh-claude opened this issue Jan 15, 2025 · 1 comment
Open

SCIM - urn:ietf:params:scim:schemas:extension:enterprise:2.0:User "Manager" not RFC7643 Compliant #15369

tdh-claude opened this issue Jan 15, 2025 · 1 comment
Labels
bug Something isn't working customer Created by Linear-GitHub Sync premium-enterprise Feature for Enterprise plan scim

Comments

@tdh-claude
Copy link

Hello,

Environment

  • Budibase Version: 2.33
  • Self hosted server single Docker image
  • Enterprise license
  • User management with SCIM sync to Azure Entra

Bug description
When users and groups provisioning is launched by Azure Entra we received an error message for updating some users.
Error code: SystemForCrossDomainIdentityManagementServiceIncompatible
Error message: Failed to match an entry in the source and target systems User '[email protected]'; Error: We are not able to deserialize the resource received from your SCIM endpoint because your SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client.

After investigation I have found this case:
Users who don't have a configured manager are successfuly synced
Users with a manager syncing fail.

Received by Azure Entra from Budibase

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "externalId": "user",
    "userName": "[email protected]",
    "active": true,
    "displayName": "User NAME",
    "emails": [
        {
            "primary": true,
            "type": "work",
            "value": "[email protected]"
        }
    ],
    "meta": {
        "resourceType": "User",
        "created": "2024-08-28T12:39:26.120Z",
        "lastModified": "2024-08-28T12:40:48.496Z"
    },
    "name": {
        "formatted": "User",
        "givenName": "User"
    },
    "title": "Employee",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "department": "Sales",
        "employeeNumber": "99999",
        "manager": "us_e6xxxxxxxxxxxxxxxxxxxxx9f48"
    },
    "id": "us_86xxxxxxxxxxxxxxxxxxxxxe78"
}

Regarding RFC7643 Section 4.3 manager in urn:ietf:params:scim:schemas:extension:enterprise:2.0:User should be "A complex type that optionally allows service providers to represent organizational hierarchy by referencing the "id" attribute of another User"
Returned field is a string.

Expected urn:ietf:params:scim:schemas:extension:enterprise:2.0:User record

   ...
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
        "department": "Sales",
        "manager": {
                "$ref": "",
                "displayName": null,
                "value": "us_e6xxxxxxxxxxxxxxxxxxxxx9f48"
        },
        "organization": ""
    },
   ...
@tdh-claude tdh-claude added the bug Something isn't working label Jan 15, 2025
@linear Linear
Copy link

linear bot commented Jan 15, 2025

BUDI-8988 SCIM - urn:ietf:params:scim:schemas:extension:enterprise:2.0:User "Manager" not RFC7643 Compliant

@ConorWebb96 ConorWebb96 added premium-enterprise Feature for Enterprise plan customer Created by Linear-GitHub Sync scim labels Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working customer Created by Linear-GitHub Sync premium-enterprise Feature for Enterprise plan scim
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tdh-claude @ConorWebb96