[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-java-dev
Subject: Re: [Dev] [IS] [SCIM] Why Can't We Enable Both SCIM1 and SCIM2 at the Same Time?
From: Sathya Bandara <sathya () wso2 ! com>
Date: 2017-08-31 13:36:58
Message-ID: CAAdTB9FDQP00-102z1OUXcc+Yin59+RptTTVZowo1wz4uM-uDA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Thu, Aug 31, 2017 at 2:18 PM, Johann Nallathamby <johann@wso2.com> wrote:
> Hi Sathya,
>
> On Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara <sathya@wso2.com> wrote:
>
>> Hi Johann,
>>
>> IMO having two separate LDAP attributes for the same claims in both SCIM1
>> and SCIM2 would be redundant and cause problems in maintaining user
>> attributes.
>>
>
> True. I didn't say this is the correct solution. I only mentioned it as a
> work around for someone who wants to use both without any conflicts until
> we find a alternative or deprecate SCIM 1.1 :)
>
>
>> If we need to have both listeners enabled at the time I would suggest to
>> use a common util method to generate IDs and do the mappings for the claims
>> that are common to both protocols.
>>
>
> Didn't get how this would help exactly. May be I am missing some context.
>
> However, after reading through your first reply again, now I have another
> question. Why do both the listeners get executed when adding a new user? I
> know they both will get triggered. But can't we look at the dialect URI at
> the top and skip the execution if it's not for that listener?
>
> When adding a user through normal approach(management console) when SCIM
> is enabled, it is not possible to figure out the dialect URI. In this case
> this will not work AFAIU.
>
> Thanks,
> Sathya
>
> Regards,
> Johann.
>
>
>>
>> Thanks,
>> Sathya
>>
>> On Thu, Aug 31, 2017 at 11:37 AM, Johann Nallathamby <johann@wso2.com>
>> wrote:
>>
>>> Will it work if we have two separate attributes for the problematic
>>> attributes like SCIM ID? If that works I guess that is one solution.
>>>
>>> Or we need to have one listener for both SCIM 1 and SCIM2. But don't
>>> think that's a good solution. Introduces direct coupling between two
>>> implementations.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Wed, Aug 30, 2017 at 6:33 PM, Sathya Bandara <sathya@wso2.com> wrote:
>>>
>>>> Hi Thilina,
>>>>
>>>> If we enable both SCIM1 and SCIM2 listeners at the same time two
>>>> different SCIM IDs will be generated for the same user when adding a new
>>>> user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to the same
>>>> LDAP user attributes. Even though both listeners get triggered only the
>>>> SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation
>>>> response will contain the SCIM ID generated by SCIM2 listener.
>>>>
>>>> Thanks,
>>>> Sathya
>>>>
>>>> On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal <thilinamad@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> While I was trying to fix IDENTITY-6315
>>>>> <https://wso2.org/jira/browse/IDENTITY-6315> I got to know that we
>>>>> can't enable both SCIM1 and SCIM2 at the same time in WSO2 Identity Server.
>>>>> Is it because of this specific issue or is there any other reasons?
>>>>>
>>>>> Thanks & Regards,
>>>>> Thilina.
>>>>>
>>>>> --
>>>>> *Thilina Madumal*
>>>>> *Software Engineer | **WSO2*
>>>>> Email: thilinamad@wso2.com
>>>>> Mobile: *+ <+94%2077%20767%201807>94 774553167*
>>>>> Web: <http://goog_716986954>http://wso2.com
>>>>>
>>>>> <http://wso2.com/signature>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sathya Bandara
>>>> Software Engineer
>>>> WSO2 Inc. http://wso2.com
>>>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>>>
>>>> <+94%2071%20411%205032>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Senior Lead Solutions Engineer
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+94777776950*
>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>>
>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+94777776950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>
--
Sathya Bandara
Software Engineer
WSO2 Inc. http://wso2.com
Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
<+94%2071%20411%205032>
[Attachment #5 (text/html)]
<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug \
31, 2017 at 2:18 PM, Johann Nallathamby <span dir="ltr"><<a \
href="mailto:johann@wso2.com" target="_blank">johann@wso2.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi \
Sathya,<br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On \
Thu, Aug 31, 2017 at 12:29 PM, Sathya Bandara <span dir="ltr"><<a \
href="mailto:sathya@wso2.com" target="_blank">sathya@wso2.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi \
Johann,<br><br></div>IMO having two separate LDAP attributes for the same claims in \
both SCIM1 and SCIM2 would be redundant and cause problems in maintaining user \
attributes. </div></div></div></blockquote><div><br></div></span><div>True. I \
didn't say this is the correct solution. I only mentioned it as a work around for \
someone who wants to use both without any conflicts until we find a alternative or \
deprecate SCIM 1.1 :)</div><span class=""><div> </div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div><div>If we need to have both listeners \
enabled at the time I would suggest to use a common util method to generate IDs and \
do the mappings for the claims that are common to both protocols. \
<br></div></div></div></blockquote><div><br></div></span><div>Didn't get how this \
would help exactly. May be I am missing some \
context.</div><div><br></div><div>However, after reading through your first reply \
again, now I have another question. Why do both the listeners get executed when \
adding a new user? I know they both will get triggered. But can't we look at the \
dialect URI at the top and skip the execution if it's not for that \
listener?<br><br></div><div>When adding a user through normal approach(management \
console) when SCIM is enabled, it is not possible to figure out the dialect URI. In \
this case this will not work AFAIU. \
<br><br></div><div>Thanks,<br></div><div>Sathya<br></div><div><br></div><div>Regards,</div><div>Johann.</div><div><div \
class="h5"><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr"><div><div><br></div>Thanks,<br></div>Sathya<br></div><div \
class="m_6788007674573169861m_2244408533017774980HOEnZb"><div \
class="m_6788007674573169861m_2244408533017774980h5"><div \
class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 31, 2017 at 11:37 AM, \
Johann Nallathamby <span dir="ltr"><<a href="mailto:johann@wso2.com" \
target="_blank">johann@wso2.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Will it work if we have two separate \
attributes for the problematic attributes like SCIM ID? If that works I guess that is \
one solution.<div><br></div><div>Or we need to have one listener for both SCIM 1 and \
SCIM2. But don't think that's a good solution. Introduces direct coupling \
between two implementations.</div><div><br></div><div>Regards,</div><div>Johann.</div></div><div \
class="gmail_extra"><br><div class="gmail_quote"><div><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748h5">On Wed, Aug \
30, 2017 at 6:33 PM, Sathya Bandara <span dir="ltr"><<a \
href="mailto:sathya@wso2.com" target="_blank">sathya@wso2.com</a>></span> \
wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748h5"><div \
dir="ltr"><div><div><div>Hi Thilina,<br><br></div>If we enable both SCIM1 and SCIM2 \
listeners at the same time two different SCIM IDs will be generated for the same user \
when adding a new user through SCIM. Also both SCIM1 and SCIM2 claims are mapped to \
the same LDAP user attributes. Even though both listeners get triggered only the \
SCIM1 ID is mapped to the user ID attribute. But the SCIM2 user creation response \
will contain the SCIM ID generated by SCIM2 \
listener.<br><br></div>Thanks,<br></div>Sathya<br><div><div><div \
class="gmail_extra"><div><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845h5"><br><div \
class="gmail_quote">On Wed, Aug 30, 2017 at 6:25 PM, Thilina Madumal <span \
dir="ltr"><<a href="mailto:thilinamad@wso2.com" \
target="_blank">thilinamad@wso2.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><br clear="all"><div>Hi all,<br><br>While I \
was trying to fix <a href="https://wso2.org/jira/browse/IDENTITY-6315" \
target="_blank">IDENTITY-6315</a> I got to know that we can't enable both SCIM1 \
and SCIM2 at the same time in WSO2 Identity Server.<br>Is it because of this specific \
issue or is there any other reasons?<br><br>Thanks & \
Regards,</div><div>Thilina.<span \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845m_3847548800008506038HOEnZb"><font \
color="#888888"><br><br></font></span></div><span \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845m_3847548800008506038HOEnZb"><font \
color="#888888">-- <br><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845m_3847548800008506038m_3236522421706823604gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div><font \
size="2"><b>Thilina Madumal</b></font></div><div><font size="2"><b>Software Engineer \
| </b></font><b style="font-size:small">WSO2</b></div></div><div><div \
style="font-size:12.8px;color:rgb(136,136,136)"><font face="arial, helvetica, \
sans-serif" color="#444444">Email: <a href="mailto:thilinamad@wso2.com" \
target="_blank">thilinamad@wso2.com</a></font></div><div \
style="font-size:12.8px;color:rgb(136,136,136)"><font face="arial, helvetica, \
sans-serif" color="#444444">Mobile: <span style="color:rgb(0,0,255)"><u><a \
href="tel:+94%2077%20767%201807" value="+94777671807" style="color:rgb(17,85,204)" \
target="_blank">+</a>94 774553167</u></span></font></div><div><font \
style="font-size:12.8px" face="arial, helvetica, sans-serif" color="#000000">Web:<a \
href="http://goog_716986954" target="_blank"> </a></font><font face="arial, \
helvetica, sans-serif" color="#000000"><a href="http://wso2.com" \
target="_blank">http://wso2.com</a></font></div><div><br></div><div><a \
href="http://wso2.com/signature" target="_blank"><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"></a><br></div><div \
style="font-size:12.8px"><font face="arial, helvetica, sans-serif" \
color="#000000"><b><br></b></font></div></div></div></div></div></div></div></div> \
</font></span></div> </blockquote></div><br><br clear="all"><br></div></div><span \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845HOEnZb"><font \
color="#888888">-- <br><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845m_3847548800008506038gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span><font \
color="#888888"><span><font>Sathya Bandara<br>Software Engineer<br>WSO2 Inc. <a \
href="http://wso2.com" target="_blank">http://wso2.com</a> \
<br></font></span></font></span></div><span><font color="#888888"><span><font>Mobile: \
<a href="tel:+94%2071%20411%205032" value="+94714115032" target="_blank">(+94) \
71<span style="color:rgb(0,0,255)">5 360 421</span></a><br><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"><br><a \
href="tel:+94%2071%20411%205032" value="+94714115032" \
target="_blank"></a></font></span></font></span></div></div></div></div> \
</font></span></div></div></div></div> \
<br></div></div><span>______________________________<wbr>_________________<br> Dev \
mailing list<br> <a href="mailto:Dev@wso2.org" target="_blank">Dev@wso2.org</a><br>
<a href="http://wso2.org/cgi-bin/mailman/listinfo/dev" rel="noreferrer" \
target="_blank">http://wso2.org/cgi-bin/mailma<wbr>n/listinfo/dev</a><br> \
<br></span></blockquote></div><span \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748HOEnZb"><font \
color="#888888"><br><br clear="all"><div><br></div>-- <br><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748m_1340171232467125845gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><span style="background-color:rgb(255,255,255)"><font \
color="#000000">Thanks & Regards,</font></span></div><div><span \
style="background-color:rgb(255,255,255)"><font \
color="#000000"><br></font></span></div><b>Johann<font color="#666666"> Dilantha \
Nallathamby</font></b><br><div><font color="#999999">Senior Lead Solutions \
Engineer</font></div><div><font color="#999999">WSO2, Inc.</font></div><div><font \
color="#999999">lean.enterprise.middleware</font></div><div \
style="color:rgb(136,136,136)"><br></div><div><font color="#999999">Mobile - <a \
value="+94773426635"><i>+94777776950</i></a></font></div><div><font \
color="#999999">Blog - <i><a href="http://nallaa.wordpress.com" \
target="_blank">http://nallaa.wordpress.com</a></i></font></div></div></div></div></div></div></div></div></div></div></div>
</font></span></div>
</blockquote></div><br><br clear="all"><br>-- <br><div \
class="m_6788007674573169861m_2244408533017774980m_8720861873491534748gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span><font \
color="#888888"><span><font>Sathya Bandara<br>Software Engineer<br>WSO2 Inc. <a \
href="http://wso2.com" target="_blank">http://wso2.com</a> \
<br></font></span></font></span></div><span><font color="#888888"><span><font>Mobile: \
<a href="tel:+94%2071%20411%205032" value="+94714115032" target="_blank">(+94) \
71<span style="color:rgb(0,0,255)">5 360 421</span></a><br><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"><br><a \
href="tel:+94%2071%20411%205032" value="+94714115032" \
target="_blank"></a></font></span></font></span></div></div></div></div> </div>
</div></div></blockquote></div></div></div><div><div class="h5"><br><br \
clear="all"><div><br></div>-- <br><div \
class="m_6788007674573169861m_2244408533017774980gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><span style="background-color:rgb(255,255,255)"><font \
color="#000000">Thanks & Regards,</font></span></div><div><span \
style="background-color:rgb(255,255,255)"><font \
color="#000000"><br></font></span></div><b>Johann<font color="#666666"> Dilantha \
Nallathamby</font></b><br><div><font color="#999999">Senior Lead Solutions \
Engineer</font></div><div><font color="#999999">WSO2, Inc.</font></div><div><font \
color="#999999">lean.enterprise.middleware</font></div><div \
style="color:rgb(136,136,136)"><br></div><div><font color="#999999">Mobile - <a \
value="+94773426635"><i>+94777776950</i></a></font></div><div><font \
color="#999999">Blog - <i><a href="http://nallaa.wordpress.com" \
target="_blank">http://nallaa.wordpress.com</a></i></font></div></div></div></div></div></div></div></div></div></div></div>
</div></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><span><font \
color="#888888"><span><font>Sathya Bandara<br>Software Engineer<br>WSO2 Inc. <a \
href="http://wso2.com" target="_blank">http://wso2.com</a> \
<br></font></span></font></span></div><span><font color="#888888"><span><font>Mobile: \
<a href="tel:+94%2071%20411%205032" value="+94714115032" target="_blank">(+94) \
71<span style="color:rgb(0,0,255)">5 360 421</span></a><br><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"><br><a \
href="tel:+94%2071%20411%205032" value="+94714115032" \
target="_blank"></a></font></span></font></span></div></div></div></div> </div></div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic