Menu
▾
▴
Re: [Unity-idm-discuss] SCIM repeats only first value in multi value attributes
|
From: Sander A. <sa....@fz...> - 2023-12-21 12:44:59
|
Hi Krzysztof, I created a new authenticator (OAuth 2 verifying local tokens) and added the scopes oidc profile email entitlements sys:scim:read_profile sys:scim:read_membership. I added this authenticator to the SCIM API as well. I generated an ODIC token using the oidc-agent and the same scopes. But using curl https://login-dev.helmholtz.de/scim/Me -H "Authorization: Basic $TOKEN", I got Bad Request and unity logs has a null pointer exception (stacktrace is attached). Did I forgot to add some configuration in addition? Using username/password on the SCIM API works. Best regards, Sander On Wed, 2023-12-20 at 12:56 +0100, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 20.12.2023 o 08:41, Sander Apweiler pisze: > > Good morning, > > while reading the manual once again, I found the error in our > > schema > > file. It works fine. > > good to hear that > > > > Since only the administrators have username/password, we want to > > enable > > Oauth tokens for the SCIM API. Do we need to create an > > authenticator > > which is using unity itself for validating the tokens? > > Yes. It is not strictly required, but most likely this is what you > want. > > Do not forget about granting proper authZ with OAuth scopes (as > described in manual). > > Best, > Krzysztof > -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
