How to use User Enterprise extension schema?

[bettysteger]

I feel bad opening a new issue here, but i tried a few hours and could not make it work, i did what is described here to extend the User schema.

I've got this in my config/initalizers/scimitar.rb:

# To use Enterprise extension schema
# @see https://www.rfc-editor.org/rfc/rfc7643#section-4.3
module Scim
  module Schema
    class Enterprise < Scimitar::Schema::Base
      def self.id
        'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'
      end

      def self.scim_attributes
        [
          Scimitar::Schema::Attribute.new(name: 'organization', type: 'string'),
          Scimitar::Schema::Attribute.new(name: 'manager', type: 'string')
        ]
      end
    end
  end
end

Scimitar::Resources::User.extend_schema Scim::Schema::Enterprise

Creating the extended schema works, but the user attribute mapping is giving me a nil value... When using it like this in my user model:

  def self.scim_attributes_map
    {
      id: :id,
      userName: :scim_id,
      name: {
        formatted: :name,
        givenName: :first_name,
        familyName: :last_name
      },
      emails: [{
        match: 'type',
        with: 'work',
        using: {
          value: :email,
          primary: true
        }
      }],
      active: :is_active,
      organization: :property_name
    }
  end

  def property_name
    property&.name
  end

  def property_name=(value)
    puts "property_name=#{value.inspect}" # this is nil
    self.property = Property.find_by(name: value)
  end

When i do not add organization: :property_name in the scim_attributes_map method, the property_name= method is not called, but when i add it, the value is nil (so i guess some parts do work)! When i output the SCIM hash, I have a string value for the organization:

{
  "userName"=>"work@test.com", 
  "name"=>{
    "formatted"=>"Given Family", 
    "givenName"=>"Given", 
    "familyName"=>"Family"
  },
  "meta"=>{"resourceType"=>"User"},
  "active"=>true, 
  "validation_context"=>nil, 
  "schemas"=>["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], 
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"=>{
    "organization"=>"Property name"
  }
}

So the value should in fact be "Property name". Am i doing something wrong here?

Unfortunately there is no documenation about extending the User Schema, and i would need the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User from the SCIM specification at https://www.rfc-editor.org/rfc/rfc7643#section-4.3.

[MorrisFreeman]

I had the same problem.
In the following from_scim_backend! method, the required values were not retrieved.

scimitar/app/models/scimitar/resources/mixin.rb

Line 619 in 1311056

sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(scim_attribute.to_s)

I added the following code to try it out and it worked as I expected.

attribute_tree = []
resource_class.extended_schemas.each do |schema|
  attribute_tree << schema.id and break if schema.scim_attributes.any? { |attribute| attribute.name == scim_attribute.to_s }
end
attribute_tree << scim_attribute.to_s

sub_scim_hash_or_leaf_value = scim_hash_or_leaf_value&.dig(*attribute_tree)

If there is a way to make it work correctly without doing this, please let me know.

[bettysteger]

@MorrisFreeman have you made a fork?

[MorrisFreeman]

@bettysteger
No, I don't have one.
I was just checking the operation at hand.

[bettysteger]

@MorrisFreeman i made one for v1: #49

[pond]

Sorry for the slow response.

In addition to your PR, I'm building bunch of test coverage that'll the incorporate it, so we've got overall better support for extended schema. Within that, a failure does alert me to a missing initialiser from your example class which is included in the comment you referenced. Without this, schema enumeration via Scimitar::SchemasController will give unexpected results (and this is probably a canary warning us that other things might not work as expected either, bugs in schema extensions notwithstanding).

def initialize(options = {})
  super(
    name:            'ExtendedUser',
    description:     'Enterprise extension for a User',
    id:              self.class.id,
    scim_attributes: self.class.scim_attributes
  )
end

I'll follow up with more once I've got the tests etc. all sorted out; V2 initially, but as usual I'll backport to V1.

[pond]

So #50 is an attempt to get #49 into a branch form for merge onto V2 as a v2.4.1 path release, but is in draft as I write this because I want to add additional documentation to cover the use of extension schema without having to resort to reading comments in code! Although V2 (merging to main) is the initial target, I will definitely be backporting to V1 immediately afterwards.

[pond]

By the way, I just noticed from the RFC that manager is not a simple string type - it's a complex type, so your extension might not be compatible with SCIM API callers for that field. See https://www.rfc-editor.org/rfc/rfc7643#section-4.3 (top of page 27).

[bettysteger]

@pond thanks for the response, yes i know about the manager i had it like this as a complex type, but ones again, Azure sends the uid just as a string ... :(

[pond]

Closed by #50. See:

• https://rubygems.org/gems/scimitar/versions/2.4.2 (Rails 7)
• https://rubygems.org/gems/scimitar/versions/1.5.2 (Rails 6)

Thanks again for the contribution :-)