Forum Discussion
Azure AD SCIM Validator is in General Availability (GA) Status
On another note, I am not convinced that the Validator treats complex multiValued 'members' attribute for Groups correctly, if they are exposed in Schema.
Specifically, if I have Group.members[type ="User"] collection defined in Schema like shown below, then the Validator would attempt to generate a Patch request as shown on the screenshot with some bogus(?) value in the Replace operation for users. That bogus value such as "QQ7M8HRCRACN" looks like a display name for a group, rather than User ID that I would expect it to be.
Or am I missing SCIM spec completely here, and this Replace request has totally different semantics?
See image attached.
To compare, Add Member operation on Group looks fine, with proper User ID:
My schema for the group is as follows:
{
"name": "Group",
"description": "Group",
"meta": {
"resourceType": "Schema",
"created": "0001-01-01T00:00:00",
"lastModified": "0001-01-01T00:00:00"
},
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"attributes": [
{
"caseExact": false,
"type": "string",
"description": "A human-readable name for the Group. REQUIRED.",
"mutability": "readWrite",
"name": "displayName",
"multiValued": false,
"required": true,
"returned": "default",
"uniqueness": "server"
},
{
"caseExact": false,
"type": "complex",
"description": "A list of members of the Group.",
"mutability": "readWrite",
"name": "members",
"multiValued": true,
"required": false,
"returned": "request",
"uniqueness": "none",
"subAttributes": [
{
"caseExact": false,
"type": "string",
"description": "The significant value for the attribute",
"mutability": "readWrite",
"name": "value",
"multiValued": false,
"required": false,
"returned": "default",
"uniqueness": "none"
},
{
"caseExact": false,
"type": "string",
"description": "A label indicating the attribute's function",
"mutability": "immutable",
"name": "type",
"multiValued": false,
"required": false,
"returned": "default",
"uniqueness": "none",
"canonicalValues": [
"Group",
"User"
]
}
]
}
]
}
- The Patch Group: Replace Attributes has a risk of replacing all group members. Due to this risk, this test will be removed from the test suite. Please also note that our provisioning service does not support any Patch Group: Replace attributes operation. You can therefore ignore this test for now until we remove it from the suite.
