mitodl/keycloak-scim

Joining groups not working as expected

Opened this issue · 1 comments

mnahkies commented

With the fix from #133 applied, I'm still not seeing group membership working correctly.

Expected Behavior

I'd expect either a PATCH or PUT to the group adding the new member.

Current Behavior

I observe a PUT but with a request body missing members

Request log from SCIM client server:

{
    "method": "PUT",
    "url": "/scim/v2/Groups/b086aaea-c79f-4b8a-bdd4-7036655c6e4e",
    "query": {},
    "body": {
        "schemas": [
            "urn:ietf:params:scim:schemas:core:2.0:Group"
        ],
        "id": "b086aaea-c79f-4b8a-bdd4-7036655c6e4e",
        "externalId": "bbaffbe6-bca0-4bdd-a11e-60d77c22e83d",
        "displayName": "foo2"
    }
}

Based on the logs it's failing to find a SCIM mapping, but I can't yet see why this is. The user is being correctly created in my external IdP, and I believe my response to the POST /scim/v2/Users request is compliant.

Keycloak logs:

# Logs from creating the user
2024-09-08 10:19:45,151 INFO  [sh.libre.scim.event.ScimEventListenerProvider] (executor-thread-22) 4affcc8f-d94b-4248-b9ab-5eb7d3cfc8d2 CREATE

# Logs from joining the user to a group
2024-09-08 10:20:01,591 INFO  [sh.libre.scim.event.ScimEventListenerProvider] (executor-thread-24) CREATE 4affcc8f-d94b-4248-b9ab-5eb7d3cfc8d2 from bbaffbe6-bca0-4bdd-a11e-60d77c22e83d
2024-09-08 10:20:01,592 INFO  [sh.libre.scim.core.ScimDispatcher] (executor-thread-24) 23deef6e-7411-4a76-ba87-b806f3f1667a firebase scim org.keycloak.storage.UserStorageProvider
2024-09-08 10:20:01,599 INFO  [sh.libre.scim.core.ScimClient] (executor-thread-24) Group
2024-09-08 10:20:01,600 ERROR [sh.libre.scim.core.GroupAdapter] (executor-thread-24) jakarta.persistence.NoResultException: No result found for query [from ScimResource where realmId = :realmId and componentId = :componentId and type = :type and id = :id]
2024-09-08 10:20:01,601 ERROR [sh.libre.scim.core.GroupAdapter] (executor-thread-24) jakarta.persistence.NoResultException: No result found for query [from ScimResource where realmId = :realmId and componentId = :componentId and type = :type and id = :id]
2024-09-08 10:20:01,655 INFO  [sh.libre.scim.core.ScimDispatcher] (executor-thread-24) 23deef6e-7411-4a76-ba87-b806f3f1667a firebase scim org.keycloak.storage.UserStorageProvider
2024-09-08 10:20:01,667 WARN  [sh.libre.scim.core.ScimClient] (executor-thread-24) failed to replace resource 4affcc8f-d94b-4248-b9ab-5eb7d3cfc8d2, scim mapping not found

Steps to Reproduce

  1. Create a user
  2. Create a group
  3. Assign user to group
moma8468 commented

Confirmed: I do not see membership updates either...