Forum Discussion
Azure AD SCIM Validator is in General Availability (GA) Status
On another note, I am not convinced that the Validator treats complex multiValued 'members' attribute for Groups correctly, if they are exposed in Schema.
Specifically, if I have Group.members[type ="User"] collection defined in Schema like shown below, then the Validator would attempt to generate a Patch request as shown on the screenshot with some bogus(?) value in the Replace operation for users. That bogus value such as "QQ7M8HRCRACN" looks like a display name for a group, rather than User ID that I would expect it to be.
Or am I missing SCIM spec completely here, and this Replace request has totally different semantics?
See image attached.
To compare, Add Member operation on Group looks fine, with proper User ID:
My schema for the group is as follows:
{
"name": "Group",
"description": "Group",
"meta": {
"resourceType": "Schema",
"created": "0001-01-01T00:00:00",
"lastModified": "0001-01-01T00:00:00"
},
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"attributes": [
{
"caseExact": false,
"type": "string",
"description": "A human-readable name for the Group. REQUIRED.",
"mutability": "readWrite",
"name": "displayName",
"multiValued": false,
"required": true,
"returned": "default",
"uniqueness": "server"
},
{
"caseExact": false,
"type": "complex",
"description": "A list of members of the Group.",
"mutability": "readWrite",
"name": "members",
"multiValued": true,
"required": false,
"returned": "request",
"uniqueness": "none",
"subAttributes": [
{
"caseExact": false,
"type": "string",
"description": "The significant value for the attribute",
"mutability": "readWrite",
"name": "value",
"multiValued": false,
"required": false,
"returned": "default",
"uniqueness": "none"
},
{
"caseExact": false,
"type": "string",
"description": "A label indicating the attribute's function",
"mutability": "immutable",
"name": "type",
"multiValued": false,
"required": false,
"returned": "default",
"uniqueness": "none",
"canonicalValues": [
"Group",
"User"
]
}
]
}
]
}