Azure Active Directory SCIM:组的取消配置成员无法正常工作 [英] Azure Active Directory SCIM: Deprovision member of a group not working
问题描述
使用Azure AD Premium,Enterprise App&SCIM 2.0供应范围-仅分配了用户&组
Using Azure AD Premium, Enterprise App & SCIM 2.0 Provisioning Scope - Only assigned Users & Groups
我正在尝试下面的用例:
I'm trying to work through the use case below:
分配给给定广告组的用户的SCIM设置
SCIM provisioning of users that are assigned to a given AD Group
- 将用户添加(设置)到组中后,它会正确触发PATCH/Groups/{Id}以添加该组成员
- 从组中删除(取消配置)用户后,不会正确触发PATCH/Groups/{Id}来删除该组成员
- When a user is added (provisioned) to a group it correctly fires off a PATCH /Groups/{Id} to add member of the group
- When a user is removed (deprovisioned) from the group it does not correctly fires a PATCH /Groups/{Id} to remove member of the group
我在做什么错了?
此外,我不知道执行哪个调用Azure活动目录来了解谁当前是给定组的成员.(我注意到,AAD对我的SCIM/组服务实现的每次调用都将 excludedAttributes = members 作为查询参数)
In addition, I wonder which call azure active directory executes to get to know who is currently member of a given group. (I've noticed that every call AAD makes to my SCIM/group service implementation has the excludedAttributes=members as query parameter)
任何建议表示赞赏.
推荐答案
从我的看到,Azure SCIM将此请求发送到组终结点:
From what I saw, Azure SCIM sends this request to groups endpoint:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Remove",
"path": "members",
"value": [
{
"value": "49a5f81e-9f63-4f5e-b3e8-41db044c1af9"
}
]
}
]
}
在开发过程中,我使用ngrok来查看来自Azure SCIM集成的分析请求.
I use ngrok during the development to see an analyse requests from Azure SCIM integration.
这篇关于Azure Active Directory SCIM:组的取消配置成员无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!