scim-for-keycloak
scim-for-keycloak copied to clipboard
Captain-P-Goldfish
New Resource Type
Hello,
Was wondering how we go about creating a new resource type via this plugin. According to the official docs, it is possible to add a new resource type, however I'm getting a missing schema error when attempting to post via Postman. Any ideas?
https://datatracker.ietf.org/doc/html/rfc7643#page-18 https://datatracker.ietf.org/doc/html/rfc7643#section-6
Thanks in advance.
Hi,
it is not possible to add new ResourceTypes during runtime. It is possible to add new ResourceTypes by extending the implementation. The Roles-ResourceType describes simply an example that it is possible to do so and how to do it. Keycloak does not provide an implementation that is generic enough to easily add new ResourceTypes during runtime.
OK, thanks for the info. Is it possible to update a schema by adding another attribute?
not without sourceCode changes. It would be possible though to implement it for users dynamically. Since keycloak has the user-attribute table. Currently it is not possible but it one could extend the admin UI interface by making changes or by overriding the update-endpoint for schemas and then it would be possible to dynamically add new attributes during runtime.
OK, makes sense. Instead of opening another issue, I have another question. When posting a user with a password to keycloak via a SCIM call, the user is successfully created, however, said user is unable to retrieve a token unless the password is set in Keycloak via the Admin UI. Is this a bug or am I doing something wrong?
just tried and it worked without a problem:
PATCH https://my-keycloak/auth/realms/master/scim/v2/Users/f451a7c5-15d8-4ad9-98a2-2043efce00a4
Authorization: [ey...]
Content-Type: application/json+scim
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "password",
"value": "654321"
}
]
}
Did you activate the changePassword option?
