如何使用 WSO2 SCIM 2.0 REST API 更新单个用户的组? [英] How to update a single user's groups with WSO2 SCIM 2.0 REST API?

问题描述

我正在尝试用一组全新的组替换单个用户的组.我可以使用 https://docs.wso2.com/display/IS570/apidocs/SCIM2-endpoints/#!/operations#GroupsEndpoint#patchGroup API.

I'm trying to replace a single user's group with a completely new set of groups. I am able to add user to a group and remove user from a group with https://docs.wso2.com/display/IS570/apidocs/SCIM2-endpoints/#!/operations#GroupsEndpoint#patchGroup API.

但是，我想用一个新数组完全替换这些组，因此我不必从每个组中单独添加/删除用户.我尝试使用以下请求

However, I want to completely replace the groups entirely with a new array, so I don't have to individually add/remove user from each group. I have tried using the following request

POST {url}/scim2/Users/{groupID}

POST {url}/scim2/Users/{groupID}

具有以下 POST 正文

with the following POST body

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "replace",
            "value": {
                "groups": [
                    {
                        "display": "group1",
                        "value": "092555e8-1636-4642-924e-27aef49757fe"
                    },
                    {
                        "display": "group2",
                        "value": "b0d42429-67e2-4447-9846-2b001add431f"
                    }
                ]
            }
        }
    ]
}

然而，返回的响应是

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "detail": "Error in performing the add operation",
    "status": "500"
}

我怎样才能做到这一点?

How can I achieve this?

推荐答案

POST {url}/scim2/Users/{groupID} 请求将不起作用，因为没有这样的端点.我认为您试图通过补丁操作替换用户资源的 groups 属性.如果是这样，请求将是 PATCH {url}/scim2/Users/{userId}.但是，由于以下原因，这不起作用.

POST {url}/scim2/Users/{groupID} request won't work since there is no such endpoint. I think you tried to replace the groups attribute of the user resource by a patch operation. If so, the request would be PATCH {url}/scim2/Users/{userId}. However, that doesn't work due to the following reasons.

1. 根据 SCIM 规范(请参阅 https://tools.ietf.org/html/rfc7643#section-4.1.2) 用户的组属性应使用/Groups 端点进行管理.

1. According to the SCIM specification(see groups description in https://tools.ietf.org/html/rfc7643#section-4.1.2) groups attribute of the user should be managed using the /Groups endpoint.

直接组成员资格表示用户直接与该组相关联，并且应该表示客户端可以通过组"修改成员资格.资源.

用户资源的组属性也是一个 ReadOnly 属性.因此，不能使用 PATCH/User 端点修改它.(https://tools.ietf.org/html/rfc7643#section-8.7.1) WSO2 中的架构定义是:https://github.com/wso2/charon/blob/f5229c1ed55548d74b833e1a04656ac695899d9b/modules/charon/javasrc/modules/charon/javacore/charon3/core/schema/SCIMSchemaDefinitions.java#L791

Also groups attribute of User resource is a ReadOnly attribute. Therefore, it can't be modified using PATCH /User endpoint. (https://tools.ietf.org/html/rfc7643#section-8.7.1) Schema definition in WSO2 IS: https://github.com/wso2/charon/blob/f5229c1ed55548d74b833e1a04656ac695899d9b/modules/charon-core/src/main/java/org/wso2/charon3/core/schema/SCIMSchemaDefinitions.java#L791

因此您必须使用 PATCH/Groups 端点来修改用户的组详细信息.

Therefore you have to use PATCH /Groups endpoint to modify the groups details of the user.

这篇关于如何使用 WSO2 SCIM 2.0 REST API 更新单个用户的组?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！