Skip to content

Sub attribute filtering for SCIM extended attributes is failing #11026

New issue
New issue
Closed
wso2/charon
#302
Closed
Sub attribute filtering for SCIM extended attributes is failing#11026
wso2/charon
#302
Assignees
GANGANI
Labels
Type/BugWUM
Milestone
5.12.0-M8
@rksk

Description

@rksk
rksk
opened on Jan 20, 2021

Describe the issue:
We have defined a sub-attribute called city for addresses complex attribute which is added as a sub attribute of urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.

Request:

curl -ki -u admin:admin 'https://localhost:9443/scim2/Users?count=20&filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:addresses.city+eq+Colombo'

Response: (note the part User:addresses.0:User:addresses.city)

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Unsupported attribute: urn:ietf:params:scim:schemas:core:2.0:User:addresses.0:User:addresses.city","status":"500"}

$subject is occurring in two ways when we have sub-attributes of SCIM extended attributes.

Scenario 01: Unique attribute names
Ex: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:class.leader
At [1], we are checking subAttributeSchema.getURI().equals(attributeName). But it should be subSubAttributeSchema.getURI().equals(attributeName).

Scenario 02: Attribute name already exists in another schema.
Ex: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:addresses.city

As addresses attribute name already exists in another schema (urn:ietf:params:scim:schemas:core:2.0:User:addresses), the logic at [2] becomes true and it assumes this extend attribute is part of the core schema. Then it generates a messy attribute URI as urn:ietf:params:scim:schemas:core:2.0:User:addresses.0:User:addresses.city.

How to reproduce:
Add these extended schema to scim2-schema-extension.config and also add addresses under the subAttributes of "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.

{
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:addresses.city",
"attributeName":"city",
"dataType":"string",
"multiValued":"false",
"description":"",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"canonicalValues":[],
"referenceTypes":[]
},
{
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:addresses",
"attributeName":"addresses",
"dataType":"complex",
"multiValued":"true",
"description":".",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"city",
"canonicalValues":[],
"referenceTypes":[]
},

Add claim mapping for urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:addresses.city and try to filter users with it via SCIM2.

Environment information

  • Product Version: IS 5.10.0

[1] https://github.com/wso2/charon/blob/1f5eaa6da2a77c7d118eac2ec36411eec5d1a340/modules/charon-core/src/main/java/org/wso2/charon3/core/utils/AttributeUtil.java#L238
[2] https://github.com/wso2/charon/blob/1f5eaa6da2a77c7d118eac2ec36411eec5d1a340/modules/charon-core/src/main/java/org/wso2/charon3/core/utils/AttributeUtil.java#L193

Metadata

Metadata

Assignees

Labels

Type/BugWUM

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions