[midPoint] Configuring SCIM / Slack connector
Matus Macik
matus.macik at evolveum.com
Tue Oct 10 17:30:47 CEST 2017
Hello Keith,
It seems that there were a couple of changes to the Users schema provided by the Slack scim endpoint. I made some modifications to the Scim connector which should fix these issues. You can clone the project from our git repository at: https://github.com/Evolveum/connector-scim1
Regards,
Matus Macik | Developer and Identity Management Engineer
matus.macik at evolveum.com | www.evolveum.com
Evolveum
From: Keith Hazelton
Sent: Friday, October 6, 2017 3:58 PM
To: midPoint General Discussion; gustav.palos at evolveum.com
Subject: Re: [midPoint] Configuring SCIM / Slack connector
Here’s the relevant section of the SCIM Protocol RFC 7644. I think it shows that Slack is not completely SCIM compliant.
4. Service Provider Configuration Endpoints
SCIM defines three endpoints to facilitate discovery of SCIM service
provider features and schema that MAY be retrieved using HTTP GET:
/ServiceProviderConfig
An HTTP GET to this endpoint will return a JSON structure that
describes the SCIM specification features available on a service
provider. This endpoint SHALL return responses with a JSON object
using a "schemas" attribute of
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig".
The attributes returned in the JSON object are defined in
Section 5 of [RFC7643]. An example representation of SCIM service
provider configuration may be found in Section 8.5 of [RFC7643].
Hunt, et al. Standards Track [Page 73]
RFC 7644 SCIM Protocol Specification September 2015
/Schemas
An HTTP GET to this endpoint is used to retrieve information about
resource schemas supported by a SCIM service provider. An HTTP
GET to the endpoint "/Schemas" SHALL return all supported schemas
in ListResponse format (see Figure 3). Individual schema
definitions can be returned by appending the schema URI to the
/Schemas endpoint. For example:
/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
___________________________________
email & jabber: keith.hazelton at wisc.edu
calendar: http://go.wisc.edu/i6zxx0
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Keith Hazelton <keith.hazelton at wisc.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Friday, October 6, 2017 at 08:46
To: midPoint General Discussion <midpoint at lists.evolveum.com>, "gustav.palos at evolveum.com" <gustav.palos at evolveum.com>
Subject: Re: [midPoint] Configuring SCIM / Slack connector
I note that Slack DOES return responses for ../scim/v1/Schemas/Users and ../Schemas/Groups. Is midPoint’s SCIM Slack connector looking for the bare ../Schemas endpoint? That may be an issue.
--Keith
___________________________________
email & jabber: keith.hazelton at wisc.edu
calendar: http://go.wisc.edu/i6zxx0
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Keith Hazelton <keith.hazelton at wisc.edu>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Friday, October 6, 2017 at 08:06
To: "gustav.palos at evolveum.com" <gustav.palos at evolveum.com>, midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Configuring SCIM / Slack connector
Gustáv,
Thanks for the new connector config. I believe the logs show that with the new config, midPoint Test Connection errors out after getting a null result back when GETting api.slack.com/scim/v1/Schemas (see log snippet below)
Using Postman, I confirmed that this is true—Querying for …/Schemas gives an empty response body.
Is there a way to skip that request to the Schemas endpoint?
--Keith
2017-10-06 12:31:04,281 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Configuring connector connector:0a71bfb2-a5ad-424f-b45b-cce972d82cbe(ConnId com.evolveum.polygon.scim.ScimConnector v1.4.4), provided configuration:
configurationProperties:
authentication: [ token (raw) ]
token: [ <class MapXNode> (raw) ]
endpoint: [ /scim (raw) ]
version: [ /v1 (raw) ]
baseUrl: [ https://api.slack.com (raw) ]
resultsHandlerConfiguration:
enableNormalizingResultsHandler: false
enableFilteredResultsHandler: false
filteredResultsHandlerInValidationMode: true
enableAttributesToGetSearchResultsHandler: false
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Configuring connector connector:0a71bfb2-a5ad-424f-b45b-cce972d82cbe(ConnId com.evolveum.polygon.scim.ScimConnector v1.4.4), transformed configuration:
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: authentication = token
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: token = org.identityconnectors.common.security.GuardedString at f26fa483
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: userName = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: password = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: clientSecret = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: clientID = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: endpoint = /scim
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: version = /v1
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: loginURL = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: service = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: baseUrl = https://api.slack.com
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: proxyUrl = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: proxyPortNumber = null
2017-10-06 12:31:04,352 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Legacy schema (config): null
2017-10-06 12:31:04,353 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Connector supported operations: [interface org.identityconnectors.framework.api.operations.SearchApiOp, interface org.identityconnectors.framework.api.operations.UpdateApiOp, interface org.identityconnectors.framework.api.operations.ScriptOnConnectorApiOp, interface org.identityconnectors.framework.api.operations.CreateApiOp, interface org.identityconnectors.framework.api.operations.SchemaApiOp, interface org.identityconnectors.framework.api.operations.ValidateApiOp, interface org.identityconnectors.framework.api.operations.TestApiOp, interface org.identityconnectors.framework.api.operations.DeleteApiOp, interface org.identityconnectors.framework.api.operations.GetApiOp]
2017-10-06 12:31:04,807 [] [http-nio-8080-exec-6] WARN (com.evolveum.polygon.scim.StandardScimHandlingStrategy): method: null msg:Response string for the "schemas/" endpoint returned empty
2017-10-06 12:31:05,010 [] [http-nio-8080-exec-6] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId Exception org.json.JSONException in connector:0a71bfb2-a5ad-424f-b45b-cce972d82cbe(ConnId com.evolveum.polygon.scim.ScimConnector v1.4.4): ConnectorSpec(resource:86437f3a-661a-4135-876a-233b67256bf0(Slack), name=null, oid=0a71bfb2-a5ad-424f-b45b-cce972d82cbe): JSONArray[0] is not a JSONObject.
org.json.JSONException: JSONArray[0] is not a JSONObject.
at org.json.JSONArray.getJSONObject(JSONArray.java:366) ~[na:na]
at com.evolveum.polygon.scim.ParserSchemaScim.parseSchema(ParserSchemaScim.java:69) ~[na:na]
at…
___________________________________
email & jabber: keith.hazelton at wisc.edu
calendar: http://go.wisc.edu/i6zxx0
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Pálos Gustáv <gustav.palos at evolveum.com>
Reply-To: "gustav.palos at evolveum.com" <gustav.palos at evolveum.com>, midPoint General Discussion <midpoint at lists.evolveum.com>
Date: Friday, October 6, 2017 at 02:05
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Configuring SCIM / Slack connector
Hi,
please try to replace yours connectorConfiguration section to this one & try test connection:
<connectorConfiguration
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
<icfc:configurationProperties
xmlns:icfcp="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.scim.connector-scim/com.evolveum.polygon.scim.ScimConnector">
<icfcp:authentication>token</icfcp:authentication>
<icfcp:token>
<t:clearValue>your token</t:clearValue>
</icfcp:token>
<icfcp:endpoint>/scim</icfcp:endpoint>
<icfcp:version>/v1</icfcp:version>
<icfcp:baseUrl>https://api.slack.com</icfcp:baseUrl>
</icfc:configurationProperties>
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:filteredResultsHandlerInValidationMode>true</icfc:filteredResultsHandlerInValidationMode>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
</connectorConfiguration>
Best regards,
Gustav
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171010/b86a2d0a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: A99BB2B2C2784749922FA2D5BB5541DA.png
Type: image/png
Size: 153 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171010/b86a2d0a/attachment.png>
More information about the midPoint
mailing list