Share via

SCIM PATCH sent even complex multi-valued attribute is included in GET response from client

FlorianF 26 Reputation points
2022-05-25T14:33:48.56+00:00

This might be related to post "SCIM PATCH of Complex Multi-Valued Attribute Includes Filter and Sub Attribute in Path" 1 but rather from AD side, than client side perspective.

I have now the issue, that client is providing complex-structure correctly (based on mapping), but AD Provisioning does not seem to care and send PATCH operation anyway - which is a lot of PATCH operations over and over again in our setup.

Sent by client GET response 

"emails": [  
   {  
     "value": "max.miller@example.com",  
     "type": "work",  
     "primary": true  
   }  
 ],  
....  
"addresses": [  
   {  
     "formatted": "Street, zipcode, CountryCode",  
     "streetAddress": "Street",  
     "postalCode": "zipcode",  
     "country": "CountryCode",  
     "type": "work",  
     "primary": true  
   }  
 ],

Right after the GET a PATCH operation is received by the client, trying to update over and over again the following

Did we made in mapping a mistake and should not use this complex multi-value attribute? 

{  
  "schemas": [  
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"  
  ],  
  "Operations": [  
    {  
      "op": "Add",  
      "path": "addresses[type eq \"work\"].primary",  
      "value": "true"  
    },  
    {  
      "op": "Add",  
      "path": "emails[primary eq true].value",  
      "value": "max.miller@example.com"  
    }  
  ]  
}

Best
Florian.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.