Skip to content

SCIM endpoints missing from REST API endpoint access control catalog #48062

Description

@AdamBaali

Fleet versions

  • Discovered: 4.86.0
  • Reproduced: 4.86.0

Web browser and operating system: Chrome/Safari on macOS

💥 Actual behavior

SCIM endpoints (GET /api/v1/fleet/scim/Users, GET /api/v1/fleet/scim/Groups, GET /api/v1/fleet/scim/Schemas, GET /api/v1/fleet/scim/ServiceProviderConfig) are functional and return 200 OK with valid SCIM data, but they do not appear in the REST API endpoint catalog returned by GET /api/v1/fleet/rest_api. Only /api/v1/fleet/scim/details is listed.

This prevents creating API-only service accounts with SCIM-only endpoint access, as the SCIM endpoints cannot be selected for API endpoint access control.

🛠️ Expected behavior

All /scim/* endpoints should show up in Settings > Users when creating an API only user w/ specific API endpoints.

🧑‍💻 Steps to reproduce

  1. On Fleet 4.86.0+, get your API token
  2. Run: curl -s https://your-fleet/api/v1/fleet/rest_api -H "Authorization: Bearer YOUR_TOKEN" | grep -i scim
  3. Observe only one result: /api/v1/fleet/scim/details
  4. Run: curl -s https://your-fleet/api/v1/fleet/scim/Users -H "Authorization: Bearer YOUR_TOKEN"
  5. Confirm endpoint returns 200 OK with user data (endpoint is live but missing from catalog)
  6. Go to Settings > Users > Create user > API-only toggle
  7. Try to select SCIM endpoints for access control — they do not appear in the endpoint selector

These steps:

  • Have been confirmed to consistently lead to reproduction in multiple Fleet instances.

🕯️ More info

SCIM endpoints confirmed working:

  • GET /api/v1/fleet/scim/Users
  • GET /api/v1/fleet/scim/Groups
  • GET /api/v1/fleet/scim/Schemas
  • GET /api/v1/fleet/scim/ServiceProviderConfig

Related feature: #38044 (API endpoint access control)

Metadata

Metadata

Assignees

Labels

#g-orchestrationOrchestration product group:productProduct Design department (shows up on 🦢 Drafting board)P2Urgent: Supported workflow not functioning as intended, newly drafted feature with urgent Fleet needbugSomething isn't working as documentedcustomer-cisneros-acustomer-cisneros-lcustomer-cisneros-w

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
🐣 In progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions