[midPoint] Configuring SCIM / Slack connector

Keith Hazelton keith.hazelton at wisc.edu
Tue Oct 10 17:42:20 CEST 2017


Excellent!  I will give this a try.

             Many thanks,  --Keith

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of Matus Macik
Sent: Tuesday, October 10, 2017 10:31 AM
To: midPoint General Discussion <midpoint at lists.evolveum.com>; gustav.palos at evolveum.com
Subject: Re: [midPoint] Configuring SCIM / Slack connector


Hello Keith,


It seems that there were a couple of changes to the Users schema provided by the Slack scim endpoint. I made some modifications to the Scim connector which should fix these issues. You can clone the project from our git repository at: https://github.com/Evolveum/connector-scim1


Regards,


Matus Macik | Developer and Identity Management Engineer
matus.macik at evolveum.com<mailto:matus.macik at evolveum.com> | www.evolveum.com<http://www.evolveum.com>
Evolveum

From: Keith Hazelton<mailto:keith.hazelton at wisc.edu>
Sent: Friday, October 6, 2017 3:58 PM
To: midPoint General Discussion<mailto:midpoint at lists.evolveum.com>; gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>
Subject: Re: [midPoint] Configuring SCIM / Slack connector

Here’s the relevant section of the SCIM Protocol RFC 7644. I think it shows that Slack is not completely SCIM compliant.

4<https://tools.ietf.org/html/rfc7644#section-4>.  Service Provider Configuration Endpoints


   SCIM defines three endpoints to facilitate discovery of SCIM service
   provider features and schema that MAY be retrieved using HTTP GET:

  /ServiceProviderConfig
      An HTTP GET to this endpoint will return a JSON structure that
      describes the SCIM specification features available on a service
      provider.  This endpoint SHALL return responses with a JSON object
      using a "schemas" attribute of
      "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig".
      The attributes returned in the JSON object are defined in
      Section 5 of [RFC7643]<https://tools.ietf.org/html/rfc7643#section-5>.  An example representation of SCIM service
      provider configuration may be found in Section 8.5 of [RFC7643]<https://tools.ietf.org/html/rfc7643#section-8.5>.
















Hunt, et al.                 Standards Track                   [Page 73]


RFC 7644<https://tools.ietf.org/html/rfc7644>               SCIM Protocol Specification        September 2015


   /Schemas
      An HTTP GET to this endpoint is used to retrieve information about
      resource schemas supported by a SCIM service provider.  An HTTP
      GET to the endpoint "/Schemas" SHALL return all supported schemas
      in ListResponse format (see Figure 3).  Individual schema
      definitions can be returned by appending the schema URI to the
      /Schemas endpoint.  For example:

            /Schemas/urn:ietf:params:scim:schemas:core:2.0:User



___________________________________
email & jabber: keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>
calendar: http://go.wisc.edu/i6zxx0

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Keith Hazelton <keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Friday, October 6, 2017 at 08:46
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>, "gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>" <gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>>
Subject: Re: [midPoint] Configuring SCIM / Slack connector

I note that Slack DOES return responses for ../scim/v1/Schemas/Users    and  ../Schemas/Groups.  Is midPoint’s SCIM Slack connector looking for the bare ../Schemas endpoint?  That may be an issue.

         --Keith
___________________________________
email & jabber: keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>
calendar: http://go.wisc.edu/i6zxx0

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Keith Hazelton <keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>>
Reply-To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Friday, October 6, 2017 at 08:06
To: "gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>" <gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>>, midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] Configuring SCIM / Slack connector

Gustáv,

Thanks for the new connector config. I believe the logs show that with the new config, midPoint Test Connection errors out after getting a null result back when GETting api.slack.com/scim/v1/Schemas  (see log snippet below)

Using Postman, I confirmed that this is true—Querying for …/Schemas gives an empty response body.

Is there a way to skip that request to the Schemas endpoint?

         --Keith

2017-10-06 12:31:04,281 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Configuring connector connector:0a71bfb2-a5ad-424f-b45b-cce972d82cbe(ConnId com.evolveum.polygon.scim.ScimConnector v1.4.4), provided configuration:
    configurationProperties:
        authentication: [ token (raw) ]
        token: [ <class MapXNode> (raw) ]
        endpoint: [ /scim (raw) ]
        version: [ /v1 (raw) ]
        baseUrl: [ https://api.slack.com<https://api.slack.com/> (raw) ]
    resultsHandlerConfiguration:
        enableNormalizingResultsHandler: false
        enableFilteredResultsHandler: false
        filteredResultsHandlerInValidationMode: true
        enableAttributesToGetSearchResultsHandler: false
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Configuring connector connector:0a71bfb2-a5ad-424f-b45b-cce972d82cbe(ConnId com.evolveum.polygon.scim.ScimConnector v1.4.4), transformed configuration:
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: authentication = token
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: token = org.identityconnectors.common.security.GuardedString at f26fa483<mailto:org.identityconnectors.common.security.GuardedString at f26fa483>
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: userName = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: password = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: clientSecret = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: clientID = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: endpoint = /scim
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: version = /v1
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: loginURL = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: service = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: baseUrl = https://api.slack.com<https://api.slack.com/>
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: proxyUrl = null
2017-10-06 12:31:04,321 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): P: proxyPortNumber = null
2017-10-06 12:31:04,352 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Legacy schema (config): null
2017-10-06 12:31:04,353 [] [http-nio-8080-exec-6] TRACE (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl): Connector supported operations: [interface org.identityconnectors.framework.api.operations.SearchApiOp, interface org.identityconnectors.framework.api.operations.UpdateApiOp, interface org.identityconnectors.framework.api.operations.ScriptOnConnectorApiOp, interface org.identityconnectors.framework.api.operations.CreateApiOp, interface org.identityconnectors.framework.api.operations.SchemaApiOp, interface org.identityconnectors.framework.api.operations.ValidateApiOp, interface org.identityconnectors.framework.api.operations.TestApiOp, interface org.identityconnectors.framework.api.operations.DeleteApiOp, interface org.identityconnectors.framework.api.operations.GetApiOp]

2017-10-06 12:31:04,807 [] [http-nio-8080-exec-6] WARN (com.evolveum.polygon.scim.StandardScimHandlingStrategy): method: null msg:Response string for the "schemas/" endpoint returned empty

2017-10-06 12:31:05,010 [] [http-nio-8080-exec-6] ERROR (com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnIdUtil): ConnId Exception org.json.JSONException in connector:0a71bfb2-a5ad-424f-b45b-cce972d82cbe(ConnId com.evolveum.polygon.scim.ScimConnector v1.4.4): ConnectorSpec(resource:86437f3a-661a-4135-876a-233b67256bf0(Slack), name=null, oid=0a71bfb2-a5ad-424f-b45b-cce972d82cbe): JSONArray[0] is not a JSONObject.
org.json.JSONException: JSONArray[0] is not a JSONObject.
                at org.json.JSONArray.getJSONObject(JSONArray.java:366) ~[na:na]
                at com.evolveum.polygon.scim.ParserSchemaScim.parseSchema(ParserSchemaScim.java:69) ~[na:na]
                at…
___________________________________
email & jabber: keith.hazelton at wisc.edu<mailto:keith.hazelton at wisc.edu>
calendar: http://go.wisc.edu/i6zxx0

From: midPoint <midpoint-bounces at lists.evolveum.com<mailto:midpoint-bounces at lists.evolveum.com>> on behalf of Pálos Gustáv <gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>>
Reply-To: "gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>" <gustav.palos at evolveum.com<mailto:gustav.palos at evolveum.com>>, midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Date: Friday, October 6, 2017 at 02:05
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Subject: Re: [midPoint] Configuring SCIM / Slack connector

Hi,

please try to replace yours connectorConfiguration section to this one & try test connection:
<connectorConfiguration
xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
<icfc:configurationProperties
xmlns:icfcp="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.scim.connector-scim/com.evolveum.polygon.scim.ScimConnector">
<icfcp:authentication>token</icfcp:authentication>
<icfcp:token>
<t:clearValue>your token</t:clearValue>
</icfcp:token>
<icfcp:endpoint>/scim</icfcp:endpoint>
<icfcp:version>/v1</icfcp:version>
<icfcp:baseUrl>https://api.slack.com</icfcp:baseUrl>
</icfc:configurationProperties>
<icfc:resultsHandlerConfiguration>
<icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
<icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
<icfc:filteredResultsHandlerInValidationMode>true</icfc:filteredResultsHandlerInValidationMode>
<icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
</icfc:resultsHandlerConfiguration>
</connectorConfiguration>

Best regards,

Gustav


[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon>

Virus-free. www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171010/22d438f7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 153 bytes
Desc: image001.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20171010/22d438f7/attachment.png>


More information about the midPoint mailing list