SimpleIdServer: [SCIM] PUT operation on immutable group fails
Setup: all the member attributes of a group are defined as immutable as defined here.
Reproduces by the following actions:
- POST - create a user
- POST - create a group with the user in it
- PUT - on the group with the same members payload as in
2
The response is:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "400",
"scimType": "mutability",
"detail": "attribute d6c036b6-51f7-4c92-a45f-d8c747fe2304 is immutable"
}
In RFC-7644 section 3.5.1 -
immutable If one or more values are already set for the attribute,
the input value(s) MUST match, or HTTP status code 400 SHOULD be
returned with a "scimType" error code of "mutability". If the
service provider has no existing values, the new value(s) SHALL be
applied.
Then, it seems to me that if the members in the PUT payload is the same, we should not get a 400 status code.
This same exception occurs on the following, which also seems to not follow this RFC section.
- POST - create a user
- POST - create an empty group
- PUT - on the group with the user in it (to add the user)
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 16 (9 by maintainers)
Commits related to this issue
- Ticket #247: Fix "PUT" operation on immutable group — committed to simpleidserver/SimpleIdServer by thabart 2 years ago
- Ticket #247 : Update EF configuration — committed to simpleidserver/SimpleIdServer by thabart 2 years ago
- Ticket #247 : Fix the algorithm used to check the mutability — committed to simpleidserver/SimpleIdServer by thabart 2 years ago
- Ticket #247 : Ignore attribute mapping rule — committed to simpleidserver/SimpleIdServer by thabart 2 years ago
Hello,
The release is scheduled tomorrow (10-02).