Hi Ciprian, There was a known limitation where it was unable to perform SCIM operations on SCIM claims with mapped wso2 identity claims such as *askPassword *claim. We have fixed this in latest versions. Can you please try the same scenario in the latest released version?
[1] https://github.com/wso2/product-is/issues/3035 [2] https://wso2.com/identity-and-access-management/install/ Thanks, Sathya On Fri, Dec 21, 2018 at 8:54 AM Ciprian Sabolovits < [email protected]> wrote: > Hello, > > > > We are currently running version 5.4.1 of WSO2 IS and we would like to > create a user without a password. Adding the user will send an email to the > user to set up his password. We got this configured in and is working fine > in the Console however when trying to execute it over skim, it always fails > with the following error: > > > > > > *REQUEST* > > *RESPONSE (500 ERROR)* > > > > *curl --request POST \* > > * --url https://localhost:9443/scim2/Users > <https://localhost:9443/scim2/Users> \* > > * --header 'authorization: Basic YWRtaW46YWRtaW4=' \* > > * --header 'content-type: application/json' \* > > * --cookie JSESSIONID=D9975506C1B12C6C938912EB3488F7DE \* > > * --data '{* > > * "schemas": [],* > > * "name": {* > > * "familyName": "Foo",* > > * "givenName": "Bar"* > > * },* > > * "userName": "foo.user15",* > > * "password": "Yads445!sa",* > > * "emails": [* > > * {* > > * "primary": true,* > > * "value": foo.user15 > @email.com <http://email.com>",* > > * "type": "home"* > > * }* > > * ],* > > * "EnterpriseUser": {* > > * "askPassword": "true"* > > * }* > > *}'* > > > > { > > "schemas": "urn:ietf:params:scim:api:messages:2.0:Error", > > "detail": "Error in adding the user: foo.user15 to the user store. Error > occurred while accessing Java Security Manager Privilege Block", > > "status": "500" > > } > > > > > > > > The user gets actually created but the request fails with a 500 error. If > we remove “EnterpriseUser” then a 2XX response is received. > > > > Here’s the stacktrace for the error: > > > > [2018-12-20 22:21:34,395] DEBUG > {org.wso2.carbon.identity.governance.listener.IdentityMgtEventListener} - > post get user claim values is called in IdentityMgtEventListener > > [2018-12-20 22:21:34,395] DEBUG > {org.wso2.carbon.identity.governance.listener.IdentityStoreEventListener} > - doPostGetUserClaimValues getting executed in the > IdentityStoreEventListener for user: foo.user16 > > [2018-12-20 22:21:34,395] DEBUG > {org.wso2.carbon.identity.governance.store.InMemoryIdentityDataStore} - > Case insensitive user store found. Changing username from : > WSO2.ORG/foo.user16 to: wso2.org/foo.user16 > > [2018-12-20 22:21:34,395] DEBUG {jdbc.sqlonly} - > sun.reflect.GeneratedMethodAccessor37.invoke(null:-1) > > 14. SELECT DATA_KEY, DATA_VALUE FROM IDN_IDENTITY_USER_DATA WHERE > TENANT_ID = -1234 AND LOWER(USER_NAME) > > = LOWER('WSO2.ORG/foo.user16') > > > > [2018-12-20 22:21:34,396] DEBUG > {org.wso2.carbon.identity.governance.store.JDBCIdentityDataStore} - > Retrieved identity data for:-1234:WSO2.ORG/foo.user16 > > [2018-12-20 22:21:34,396] DEBUG > {org.wso2.carbon.identity.governance.store.InMemoryIdentityDataStore} - > Case insensitive user store found. Changing username from : > WSO2.ORG/foo.user16 to: wso2.org/foo.user16 > > [2018-12-20 22:21:34,396] DEBUG > {org.wso2.carbon.identity.governance.store.InMemoryIdentityDataStore} - > Storing UserIdentityClaimsDO to cache for user: wso2.org/foo.user16 with > claims: {} > > [2018-12-20 22:21:34,396] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,396] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,397] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > [2018-12-20 22:21:34,406] DEBUG > {org.wso2.carbon.identity.claim.metadata.mgt.dao.CacheBackedLocalClaimDAO} > - Cache hit for local claim list for tenant: -1234 > > *[2018-12-20 22:21:34,406] ERROR > {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Error > occurred while accessing Java Security Manager Privilege Block* > > > > Any idea how to overcome this would be greatly appreciated since this is > for us a big blocker. > > > > Thank you, > > Ciprian > CONFIDENTIALITY NOTICE: This email message and any attachments are for the > sole use of the intended recipient(s) and may contain confidential > information of Cognosante Holdings, LLC and/or its subsidiaries, including > Cognosante, LLC, Cognosante Consulting, LLC, and Cognosante MVH, LLC and is > protected by law. If you have received this in error, please reply to the > sender and delete it from your system. If you are the intended recipient, > you may use the information contained in this message and any files > attached only as authorized. > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Sathya Bandara Senior Software Engineer Blog: https://medium.com/@technospace WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032> <+94%2071%20411%205032>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
