modernisation-platform
modernisation-platform copied to clipboard
ministryofjustice
Update SSO SCIM (node.js)
Expected Behavior
Actual Behavior
Steps to Reproduce the Problem
Other information
After today's scrum we had a meeting with the team to discuss what appears to be an issue with the AWS SSO SCIM API. We decided to raise a support request with AWS: https://console.aws.amazon.com/support/home#/case/?displayId=9654051721&language=en
If the outcome is that the API does not support the retrieval of groups. This will need escalation to Jake, to discuss potential workarounds. As this is a very critical part of the system affecting many organisations, security and stability is paramount.
AWS support responded that the AWS SSO SCIM API does not support retrieving the groups associated with a user. They have submitted this as a feature request internally, however, cannot provide an estimate as to when it will be implemented.
Relevant Slack thread: https://mojdt.slack.com/archives/C013RM6MFFW/p1646071605051019
Assigned to DaveE to proceed with documenting a manual step as we cannot automate at this point.
Just noting that the recommended way from AWS support to find out when the API is enhanced with the requested feature is by keeping an eye on the announcements at https://aws.amazon.com/new/?whats-new-content-all
Just had a look at the above link for relevant announcement but could not find any. I am trying to access the original ticket but do not remember the SSO account I used to open it. Let me know if anyone can access the original ticket. I was thinking to reopen it to ask AWS support if there's any progress with the AWS SSO SCIM API enhancement.
Just opened a new ticket Case ID 10363568221 to ask AWS support to provide an update in regards to the feature.
Response from AWS Support:
Hello,
Warm Greetings! Thank you for contacting AWS Premium support. My name is Vimal and I will be assisting you with your query today.
From the case description I understand that you want to know the update on the feature request that was raised in relation of the old case ID 9654051721, in which you requested for a SSO/IdentityStore API to retrieve the group membership details of the user or member details of the group for External Identity Provider. Please feel free to correct me, if I have misunderstood your case query.
Unfortunately, the feature request has not been implemented yet and its still under 'Investigating' stage. I understand that this was not something you expected and my apologies for any inconveniences/delay. I won’t be able to provide you with an ETA on when this feature might be released as it will be completely handled by our SSO service team and we Premium Support Engineers don't have insight into Service Team roadmap for feature request. Therefore, I recommend subscribing to our "What's New" page referenced below in [1] and our "AWS News Blog" in [2] to stay informed about the latest features, services, and changes.
I sincerely regret the inconvenience caused due to lack of this feature and hope the above information is useful.
Thank you for your understanding and cooperation. Please let me know if you have any other questions and I will be happy to assist. I wish you a great day!
References
[1] AWS News Blog - https://aws.amazon.com/blogs/aws/
[2] What's New with AWS - https://aws.amazon.com/new/
We value your feedback. Please share your experience by rating this correspondence using the AWS Support Center link at the end of this correspondence. Each correspondence can also be rated by selecting the stars in top right corner of each correspondence within the AWS Support Center.
Best regards, Vimal P. Amazon Web Services
https://aws.amazon.com/about-aws/whats-new/2022/09/aws-iam-identity-center-apis-manage-users-groups-scale/