-
Type:
Task
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Identity Management
-
Epic Link:
-
Tags:
-
Sprint:nxplatform #116
-
Story Points:2
Currently, the SCIM 2.0 /Groups endpoint allows to create or update a Nuxeo group by provinding its members:
Create:
curl -u Administrator:Administrator -X POST -H 'Content-Type: application/json' http://localhost:8080/nuxeo/scim/v2/Groups \
-d '{
"displayName": "testGroup",
"members": [
{
"type": "User",
"value": "joe"
},
{
"type": "User",
"value": "jack"
}
]
}'
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "ec19c54b-972b-4e4f-b857-f7a18dc73acf",
"externalId": "ec19c54b-972b-4e4f-b857-f7a18dc73acf",
"meta": {
"resourceType": "Group",
"location": "http://localhost:8080/nuxeo/scim/v2/Groups/ec19c54b-972b-4e4f-b857-f7a18dc73acf",
"version": "1"
},
"displayName": "testGroup",
"members": [
{
"value": "joe",
"type": "User"
},
{
"value": "jack",
"type": "User"
}
]
}
Update:
curl -u Administrator:Administrator -X PUT -H 'Content-Type: application/json' http://localhost:8080/nuxeo/scim/v2/Groups/ec19c54b-972b-4e4f-b857-f7a18dc73acf \
-d '{
"displayName": "testGroup",
"members": [
{
"type": "User",
"value": "joe"
}
]
}'
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "ec19c54b-972b-4e4f-b857-f7a18dc73acf",
"externalId": "ec19c54b-972b-4e4f-b857-f7a18dc73acf",
"meta": {
"resourceType": "Group",
"location": "http://localhost:8080/nuxeo/scim/v2/Groups/ec19c54b-972b-4e4f-b857-f7a18dc73acf",
"version": "1"
},
"displayName": "testGroup",
"members": [
{
"value": "joe",
"type": "User"
}
]
}
This raises 2 potential issues:
1. Does it scale in case of a huge list of members?
2. With a single SCIM PUT request, one can replace all the members of an existing group. Typically, if the Nuxeo "members" group contains 1.000.000 users, it could be updated with a single member.
