libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Does not retrieve all the users from the IdP #25

New issue
Open
opened 2024-11-22 17:46:33 +00:00 by fflorent · 0 comments
fflorent commented 2024-11-22 17:46:33 +00:00
Copy link

When enabling "Periodic full sync", the client fetches the Service Provider users. It uses /Users for that purpose.

SCIMMY uses a pagination by default when requesting that endpoint.

I think SCIMMY is right, regarding section 3.4.2.4 of RFC7644, table 6 :

   | count      | Non-negative integer.      | None.  When specified,  |
   |            | Specifies the desired      | the service provider    |
   |            | maximum number of query    | MUST NOT return more    |
   |            | results per page, e.g.,    | results than specified, |
   |            | 10.  A negative value      | although it MAY return  |
   |            | SHALL be interpreted as    | fewer results.  If      |
   |            | "0".  A value of "0"       | unspecified, the        |
   |            | indicates that no resource | maximum number of       |
   |            | results are to be returned | results is set by the   |
   |            | except for "totalResults". | service provider.       |
   +------------+----------------------------+-------------------------+

Especially:

When specified, the service provider MUST NOT return more results than specified, although it MAY return fewer results. If unspecified, the maximum number of results is set by the service provider.

So I guess the client must use the pagination or otherwise it will not get all the results.

You may use count=BIG_NUMBER to circumvent some cases, with no warranty it will work in all cases.

When enabling "Periodic full sync", the client fetches the Service Provider users. It uses `/Users` for that purpose. SCIMMY uses a pagination by default when requesting that endpoint. I think SCIMMY is right, regarding [section 3.4.2.4 of RFC7644](https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2.4), table 6 : ``` | count | Non-negative integer. | None. When specified, | | | Specifies the desired | the service provider | | | maximum number of query | MUST NOT return more | | | results per page, e.g., | results than specified, | | | 10. A negative value | although it MAY return | | | SHALL be interpreted as | fewer results. If | | | "0". A value of "0" | unspecified, the | | | indicates that no resource | maximum number of | | | results are to be returned | results is set by the | | | except for "totalResults". | service provider. | +------------+----------------------------+-------------------------+ ``` Especially: > When specified, the service provider MUST NOT return more results than specified, **although it MAY return fewer results**. If unspecified, the maximum number of results is set by the service provider. So I guess the client must use the pagination or otherwise it will not get all the results. You may use `count=BIG_NUMBER` to circumvent some cases, with no warranty it will work in all cases.
fflorent changed title from Does not retrieve all the users in the IdP to Does not retrieve all the users from the IdP 2024-11-22 17:46:49 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
scim-support-13484
feat/ci
develop
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: libre.sh/keycloak-scim#25
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?