scimgateway 4.1.1 → 4.1.4

package/README.md

@@ -31,7 +31,7 @@ Latest news:
 
 ## Overview  
  
-With SCIM Gateway we could do user management by using REST based [SCIM](http://www.simplecloud.info/) 1.1 or 2.0 protocol. Gateway will translate incoming SCIM requests and expose CRUD functionality (create, read, update and delete user/group) towards destinations using endpoint specific protocols. In other words, none SCIM-endpoints will become SCIM-endpoints. Gateway do not require SCIM to be used, it's also an API Gateway that could be used for other things than user provisioning.  
+With SCIM Gateway we can manage users and groups by using REST based [SCIM](http://www.simplecloud.info/) 1.1 or 2.0 protocol. Gateway translates incoming SCIM requests and expose CRUD functionality (create, read, update and delete user/group) towards destinations using endpoint specific protocols. In other words, none SCIM-endpoints will become SCIM-endpoints. Gateway do not require SCIM to be used, it's also an API Gateway that could be used for other things than user provisioning.  
 
 SCIM Gateway is a standalone product, however this document shows how the gateway could be used by products like Symatec/Broadcom/CA Identity Manager.
 
@@ -208,7 +208,8 @@ Below shows an example of config\plugin-saphana.json
         "scim": {
           "version": "2.0",
           "customSchema": null,
-          "skipTypeConvert" : false
+          "skipTypeConvert" : false,
+          "usePutSoftSync" : false
         },
         "log": {
           "loglevel": {
@@ -326,6 +327,8 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 		]  
 
 
+- **scim.usePutSoftSync** - true or false, default false. `PUT /Users/bjensen` will replace the user bjensen with body content. If body contains groups, usePutSoftsync=true will prevent removing any existing groups that are not included in body.groups   
+
 - **log.loglevel.file** - off, error, info, or debug. Output to plugin-logfile e.g. `logs\plugin-saphana.log`  
 
 - **log.loglevel.console** - off, error, info, or debug. Output to stdout and errors to stderr.   
@@ -347,7 +350,7 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 - **auth.bearerOAuth** - Array of one or more Client Credentials OAuth configuration objects. **`client_id`** and **`client_secret`** are mandatory. client_secret value will become encrypted when gateway is started. OAuth token request url is **/oauth/token** e.g. http://localhost:8880/oauth/token  
 
-- **certificate** - If not using SSL/TLS certificate, set "key", "cert" and "ca" to **null**. When using SSL/TLS, "key" and "cert" have to be defined with the filename corresponding to the primary-key and public-certificate. Both files must be located in the `<package-root>\config\certs` directory e.g:  
+- **certificate** - If not using TLS certificate, set "key", "cert" and "ca" to **null**. When using TLS, "key" and "cert" have to be defined with the filename corresponding to the primary-key and public-certificate. Both files must be located in the `<package-root>\config\certs` directory e.g:  
   
 		"certificate": {
 		  "key": "key.pem",
@@ -1139,6 +1142,54 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v4.1.4  
+[Fixed] 
+
+- TypeConvert logic for multivalue attribute `addresses` did not correctly catch duplicate entries  
+- PUT (Replace User) configuration `scim.usePutSoftsync=true` will also prevent removing any existing roles that are not included in body.roles ref. v4.1.3
+
+### v4.1.3  
+[Fixed] 
+
+- createUser response did not include the id that was returned by plugin   
+
+[Added] 
+
+- PUT (Replace User) now includes group handling. Using configuration `scim.usePutSoftsync=true` will prevent removing any existing groups that are not included in body.groups
+
+    Example:  
+
+        PUT /Users/bjensen
+        {
+          ...
+		  "groups": [
+            {"value":"Employees","display":"Employees"},
+            {"value":"Admins","display":"Admins"}
+           ],
+          ...
+        }
+
+
+
+
+### v4.1.2  
+[Added] 
+
+- endpointMapper supporting one to many mappings using a comma separated list of attributes in the `mapTo`  
+
+    Configuration example:  
+
+        "map": {
+          "user": {
+            "PersonnelNumber": {
+              "mapTo": "id,userName",
+              "type": "string"
+            },
+            ...
+          }
+        }
+          
+
 ### v4.1.1  
 [Added] 
 

package/config/plugin-api.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-azure-ad.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "1.1",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-forwardinc.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-ldap.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-loki.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-mongodb.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-mssql.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-saphana.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-scim.json

@@ -5,7 +5,8 @@
     "scim": {
       "version": "2.0",
       "customSchema": null,
-      "skipTypeConvert": false
+      "skipTypeConvert": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/lib/plugin-loki.js

@@ -272,7 +272,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
         } else { // add
           if (!userObj[key]) userObj[key] = []
           let exists
-          if (el.value) exists = userObj[key].find(e => e.value && e.value === el.value)
+          if (el.value) exists = userObj[key].find(e => e.value && e.value === el.value && e.type === el.type) // allowing same value on different type (type not mandatory)
           if (!exists) userObj[key].push(el)
         }
       })

package/lib/plugin-mongodb.js

@@ -355,7 +355,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
         } else { // add
           if (!userObj[key]) userObj[key] = []
           let exists
-          if (el.value) exists = userObj[key].find(e => e.value && e.value === el.value)
+          if (el.value) exists = userObj[key].find(e => e.value && e.value === el.value && e.type === el.type) // allowing same value on different type (type not mandatory)
           if (!exists) userObj[key].push(el)
         }
       })

package/lib/scimgateway.js

@@ -276,8 +276,8 @@ const ScimGateway = function () {
     }
   }
 
-  this.testmodeusers = scimDef.TestmodeUsers.Resources // exported and used by plugin-loki
-  this.testmodegroups = scimDef.TestmodeGroups.Resources // exported and used by plugin-loki
+  this.testmodeusers = scimDef.TestmodeUsers.Resources // exposed and used by plugin-loki
+  this.testmodegroups = scimDef.TestmodeGroups.Resources // exposed and used by plugin-loki
 
   // multiValueTypes array contains attributes that will be used by "type converted objects" logic
   // groups, roles, and members are excluded
@@ -1083,33 +1083,36 @@ const ScimGateway = function () {
       return
     }
     logger.debug(`${gwName}[${pluginName}] calling "${handle.createMethod}" and awaiting result`)
+    delete jsonBody.id // in case included in request
     try {
       const res = await this[handle.createMethod](ctx.params.baseEntity, scimdata)
-      for (const key in res) { // merge any result e.g: data = {'id': 'xxxx'}
+      for (const key in res) { // merge any result e.g: {'id': 'xxxx'}
         jsonBody[key] = res[key]
       }
 
-      let obj
-      try { // retrieve id
-        if (handle.createMethod === 'createUser') {
-          if (jsonBody.userName) {
-            jsonBody.id = jsonBody.userName
-            obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'userName', operator: 'eq', value: jsonBody.userName }, ['id', 'userName'])
-          } else if (jsonBody.externalId) {
-            jsonBody.id = jsonBody.externalId
-            obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'externalId', operator: 'eq', value: jsonBody.externalId }, ['id', 'externalId'])
-          }
-        } else if (handle.createMethod === 'createGroup') {
-          if (jsonBody.externalId) {
-            jsonBody.id = jsonBody.externalId
-            obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'externalId', operator: 'eq', value: jsonBody.externalId }, ['id', 'externalId'])
-          } else if (jsonBody.displayName) {
-            jsonBody.id = jsonBody.displayName
-            obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'displayName', operator: 'eq', value: jsonBody.displayName }, ['id', 'displayName'])
+      if (!jsonBody.id) { // retrieve id
+        let obj
+        try {
+          if (handle.createMethod === 'createUser') {
+            if (jsonBody.userName) {
+              jsonBody.id = jsonBody.userName
+              obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'userName', operator: 'eq', value: jsonBody.userName }, ['id', 'userName'])
+            } else if (jsonBody.externalId) {
+              jsonBody.id = jsonBody.externalId
+              obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'externalId', operator: 'eq', value: jsonBody.externalId }, ['id', 'externalId'])
+            }
+          } else if (handle.createMethod === 'createGroup') {
+            if (jsonBody.externalId) {
+              jsonBody.id = jsonBody.externalId
+              obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'externalId', operator: 'eq', value: jsonBody.externalId }, ['id', 'externalId'])
+            } else if (jsonBody.displayName) {
+              jsonBody.id = jsonBody.displayName
+              obj = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'displayName', operator: 'eq', value: jsonBody.displayName }, ['id', 'displayName'])
+            }
           }
-        }
-      } catch (err) { }
-      if (obj && obj.id) jsonBody.id = obj.id
+        } catch (err) { }
+        if (obj && obj.id) jsonBody.id = obj.id
+      }
 
       const location = `${ctx.origin}${ctx.path}/${jsonBody.id}`
       if (!jsonBody.meta) jsonBody.meta = {}
@@ -1206,7 +1209,7 @@ const ScimGateway = function () {
     } else {
       logger.debug(`${gwName}[${pluginName}] [Modify ${handle.description}] id=${id}`)
       let scimdata, err
-      if (jsonBody.Operations) [scimdata, err] = convertedScim20(jsonBody) // v2.0
+      if (jsonBody.Operations) [scimdata, err] = ScimGateway.prototype.convertedScim20(jsonBody) // v2.0
       else [scimdata, err] = ScimGateway.prototype.convertedScim(jsonBody) // v1.1
       logger.debug(`${gwName}[${pluginName}] convertedBody=${JSON.stringify(scimdata)}`)
       if (err) {
@@ -1268,7 +1271,6 @@ const ScimGateway = function () {
       err = jsonErr(config.scim.version, pluginName, ctx.status, err)
       ctx.body = err
     } else {
-      logger.debug(`${gwName}[${pluginName}] [Modify ${handle.description}] id=${id}`)
       logger.debug(`${gwName}[${pluginName}] PUT ${ctx.originalUrl} body=${strBody}`)
       try {
         // get current object
@@ -1286,6 +1288,18 @@ const ScimGateway = function () {
         delete clearedObj.password
         delete clearedObj.meta
 
+        // usePutSoftSync=true prevents removing existing roles (only add roles)
+        if (config.scim.usePutSoftSync) {
+          if (clearedObj.roles && Array.isArray(clearedObj.roles)) {
+            for (let i = 0; i < clearedObj.roles.length; i++) {
+              if (clearedObj.roles[i].operation && clearedObj.roles[i].operation === 'delete') {
+                clearedObj.roles.splice(i, 1) // delete
+                i -= 1
+              }
+            }
+          }
+        }
+
         // merge cleared object with the new
         const newObj = utils.extendObj(clearedObj, jsonBody)
         delete newObj.id
@@ -1302,6 +1316,86 @@ const ScimGateway = function () {
         logger.debug(`${gwName}[${pluginName}] calling "${handle.modifyMethod}" and awaiting result`)
         await this[handle.modifyMethod](ctx.params.baseEntity, id, scimdata)
 
+        // add/remove groups
+        if (jsonBody.groups && Array.isArray(jsonBody.groups)) { // only if groups included, { "groups": [] } will remove all existing
+          if (typeof this[handler.groups.getMethod] !== 'function' || typeof this[handler.groups.modifyMethod] !== 'function') {
+            throw new Error('replaceUser error: put operation can not be fully completed for the user`s groups, methods like getGroups() and modifyGroup() are not implemented')
+          }
+          let currentGroups
+          if (currentObj.groups && Array.isArray(currentObj.groups)) currentGroups = currentObj.groups
+          else { // try to get current groups the standard way
+            let res
+            try {
+              res = await this[handler.groups.getMethod](ctx.params.baseEntity, { attribute: 'members.value', operator: 'eq', value: decodeURIComponent(id) }, ['members.value', 'id', 'displayName']) // await scimgateway.getUserGroups(baseEntity, userObj.id, 'members.value,displayName')
+            } catch (err) {} // method may be implemented but throwing error like groups not supported/implemented
+            currentGroups = []
+            if (res && res.Resources && Array.isArray(res.Resources) && res.Resources.length > 0) {
+              for (let i = 0; i < res.Resources.length; i++) {
+                if (!res.Resources[i].id) continue
+                const el = {}
+                el.value = res.Resources[i].id
+                if (res.Resources[i].displayName) el.display = res.Resources[i].displayName
+                if (el.value) currentGroups.push(el) // { "value": "Admins", "display": "Admins"}
+              }
+            }
+          }
+          const addGrps = []
+          const removeGrps = []
+          // add
+          for (let i = 0; i < jsonBody.groups.length; i++) {
+            let found = false
+            for (let j = 0; j < currentGroups.length; j++) {
+              if (jsonBody.groups[i].value === currentGroups[j].value) {
+                found = true
+                break
+              }
+            }
+            if (!found && jsonBody.groups[i].value) addGrps.push(jsonBody.groups[i].value)
+          }
+          // remove
+          for (let i = 0; i < currentGroups.length; i++) {
+            let found = false
+            for (let j = 0; j < jsonBody.groups.length; j++) {
+              if (currentGroups[i].value === jsonBody.groups[j].value) {
+                found = true
+                break
+              }
+            }
+            if (!found && currentGroups[i].value) removeGrps.push(currentGroups[i].value)
+          }
+
+          const addGroups = async (grp) => {
+            const obj = { members: [{ value: id }] }
+            return await this[handler.groups.modifyMethod](ctx.params.baseEntity, grp, obj)
+          }
+
+          const removeGroups = async (grp) => {
+            const obj = { members: [{ operation: 'delete', value: id }] }
+            return await this[handler.groups.modifyMethod](ctx.params.baseEntity, grp, obj)
+          }
+
+          let errRemove
+          if (!config.scim.usePutSoftSync) { // default will remove any existing groups not included, usePutSoftSync=true prevents removing existing groups (only add groups)
+            await Promise.all(removeGrps.map((grp) => removeGroups(grp)))
+              .then()
+              .catch((err) => {
+                errRemove = err
+              })
+          }
+
+          let errAdd
+          await Promise.all(addGrps.map((grp) => addGroups(grp)))
+            .then()
+            .catch((err) => {
+              errAdd = err
+            })
+
+          let errMsg = ''
+          if (errRemove) errMsg = `removeGroups error: ${errRemove.message}`
+          if (errAdd) errMsg += `${errMsg ? ' ' : ''}addGroups error: ${errAdd.message}`
+          if (errMsg) throw new Error(errMsg)
+        }
+
         // get updated object
         logger.debug(`${gwName}[${pluginName}] calling "${handle.getMethod}" and awaiting result`)
         res = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'id', operator: 'eq', value: id }, [])
@@ -1313,7 +1407,7 @@ const ScimGateway = function () {
         else throw Error(`put using method ${handle.getMethod} got unexpected response: ${JSON.stringify(res)}`)
 
         // include groups
-        if (handle.getMethod === handler.users.getMethod) {
+        if (handle.getMethod === handler.users.getMethod && typeof this[handler.groups.getMethod] === 'function') {
           logger.debug(`${gwName}[${pluginName}] calling "${handler.groups.getMethod}" and awaiting result`)
           const res = await this[handler.groups.getMethod](ctx.params.baseEntity, { attribute: 'members.value', operator: 'eq', value: id }, ['members.value', 'id', 'displayName'])
           let grps = []
@@ -1346,7 +1440,7 @@ const ScimGateway = function () {
         ctx.body = e
       }
     }
-  }) // put
+  })
 
   // ==========================================
   //           API POST (no SCIM)
@@ -1719,13 +1813,27 @@ const ScimGateway = function () {
             }
           })
         } else if (multiValueTypes.includes(key)) { // "type converted object" // groups, roles, member and scim.excludeTypeConvert are not included
+          const tmpAddr = []
           scimdata[key].forEach(function (element, index) {
             if (!element.type) element.type = 'undefined' // "none-type"
             if (element.operation && element.operation === 'delete') { // add as delete if same type not included as none delete
               const arr = scimdata[key].filter(obj => obj.type && obj.type === element.type && !obj.operation)
               if (arr.length < 1) {
                 if (!newMulti[key]) newMulti[key] = {}
-                if (newMulti[key][element.type]) err = new Error(`'type converted object' ${key} - includes more than one element having same type, or type is blank on more than one element - note, setting configuration scim.skipTypeConvert=true will disable this logic/check`)
+                if (newMulti[key][element.type]) {
+                  if (['addresses'].includes(key)) { // not checking type, but the others have to be unique
+                    for (const i in element) {
+                      if (i !== 'type') {
+                        if (tmpAddr.includes(i)) {
+                          err = new Error(`'type converted object' ${key} - includes more than one element having same ${i}, or ${i} is blank on more than one element - note, setting configuration scim.skipTypeConvert=true will disable this logic/check`)
+                        }
+                        tmpAddr.push(i)
+                      }
+                    }
+                  } else {
+                    err = new Error(`'type converted object' ${key} - includes more than one element having same type, or type is blank on more than one element - note, setting configuration scim.skipTypeConvert=true will disable this logic/check`)
+                  }
+                }
                 newMulti[key][element.type] = {}
                 for (const i in element) {
                   newMulti[key][element.type][i] = element[i]
@@ -1734,7 +1842,20 @@ const ScimGateway = function () {
               }
             } else {
               if (!newMulti[key]) newMulti[key] = {}
-              if (newMulti[key][element.type]) err = new Error(`'type converted object' ${key} - includes more than one element having same type, or type is blank on more than one element - note, setting configuration scim.skipTypeConvert=true will disable this logic/check`)
+              if (newMulti[key][element.type]) {
+                if (['addresses'].includes(key)) { // not checking type, but the others have to be unique
+                  for (const i in element) {
+                    if (i !== 'type') {
+                      if (tmpAddr.includes(i)) {
+                        err = new Error(`'type converted object' ${key} - includes more than one element having same ${i}, or ${i} is blank on more than one element - note, setting configuration scim.skipTypeConvert=true will disable this logic/check`)
+                      }
+                      tmpAddr.push(i)
+                    }
+                  }
+                } else {
+                  err = new Error(`'type converted object' ${key} - includes more than one element having same type, or type is blank on more than one element - note, setting configuration scim.skipTypeConvert=true will disable this logic/check`)
+                }
+              }
               newMulti[key][element.type] = {}
               for (const i in element) {
                 newMulti[key][element.type][i] = element[i]
@@ -1782,7 +1903,7 @@ const ScimGateway = function () {
 // exported methods
 //
 ScimGateway.prototype.endpointMap = endpointMap
-ScimGateway.prototype.countries = endpointMap
+ScimGateway.prototype.countries = countries
 
 ScimGateway.prototype.getPassword = (pwEntity, configFile) => {
   return utils.getPassword(pwEntity, configFile) // utils.getPassword('scimgateway.password', './config/plugin-testmode.json');
@@ -1994,7 +2115,7 @@ ScimGateway.prototype.endpointMapper = function endpointMapper (direction, parse
             }
           }
           for (const key2 in mapObj) {
-            if (mapObj[key2].mapTo.toLowerCase() === key.toLowerCase()) {
+            if (mapObj[key2].mapTo.split(',').map(item => item.trim().toLowerCase()).includes(key.toLowerCase())) {
               found = true
               if (mapObj[key2].type === 'array' && arrIndex && arrIndex >= 0) {
                 dotNewObj[`${key2}.${arrIndex}`] = dotObj[keyOrg] // servicePlan.0.value => servicePlan.0 and groups[0].value => memberOf.0
@@ -2007,16 +2128,19 @@ ScimGateway.prototype.endpointMapper = function endpointMapper (direction, parse
         }
       } else { // string (get)
         const resArr = []
-        let strArr
-        if (Array.isArray(str)) strArr = str
-        else strArr = str.split(',').map(item => item.trim())
+        let strArr = []
+        if (Array.isArray(str)) {
+          for (let i = 0; i < str.length; i++) {
+            strArr = strArr.concat(str[i].split(',').map(item => item.trim())) // supports "id,userName" e.g. {"mapTo": "id,userName"}
+          }
+        } else strArr = str.split(',').map(item => item.trim())
         for (let i = 0; i < strArr.length; i++) {
           const attr = strArr[i]
           let found = false
           for (const key in mapObj) {
-            if (mapObj[key].mapTo === attr) {
+            if (mapObj[key].mapTo && mapObj[key].mapTo.split(',').map(item => item.trim()).includes(attr)) { // supports { "mapTo": "userName,id" }
               found = true
-              resArr.push(key)
+              if (!resArr.includes(key)) resArr.push(key)
               break
             } else if (attr === 'roles' && mapObj[key].mapTo === 'roles.value') { // allow get using attribute roles - convert to correct roles.value
               found = true
@@ -2098,7 +2222,10 @@ ScimGateway.prototype.endpointMapper = function endpointMapper (direction, parse
               mapTo = mapTo.replace('.', '##') // only first occurence
               noneCore = true
             }
-            dotNewObj[mapTo] = dotObj[key] // {"active": {"mapTo": "accountEnabled"} => str.replace("accountEnabled", "active")
+            const arrMapTo = mapTo.split(',').map(item => item.trim()) // supports {"mapTo": "id,userName"}
+            for (let i = 0; i < arrMapTo.length; i++) {
+              dotNewObj[arrMapTo[i]] = dotObj[key] // {"active": {"mapTo": "accountEnabled"} => str.replace("accountEnabled", "active")
+            }
           }
           let mapTo = mapObj[key].mapTo
           if (mapTo.startsWith('urn:')) {
@@ -2400,7 +2527,7 @@ const notValidAttributes = (obj, validScimAttr) => {
 // "type converted object" and blank deleted values
 // {"name":{"givenName":"Rocky",formatted:""},"emails":{"work":{"value":"user@company.com","type":"work"}}}
 //
-const convertedScim20 = (obj) => {
+ScimGateway.prototype.convertedScim20 = function convertedScim20 (obj) {
   let scimdata = {}
   if (!obj.Operations || !Array.isArray(obj.Operations)) return scimdata
   const o = utils.copyObj(obj)
@@ -2587,7 +2714,7 @@ const convertedScim20 = (obj) => {
 // clearObjectValues returns a new object having values set to blank
 // array values are kept, but includes {"operation" : "delete"} - scim 1.1 formatted
 // boolean values e.g. {"active" : true} are kept "as is"
-// parent only used for internal recursive logic
+// parent used for internal recursive logic
 const clearObjectValues = (o, parent) => {
   if (!o) return {}
   let v, key
@@ -2595,18 +2722,14 @@ const clearObjectValues = (o, parent) => {
   for (key in o) {
     v = o[key]
     if (typeof v === 'object' && v !== null) {
-      const objProp = Object.getPrototypeOf(v) // e.g. HttpsProxyAgent {}
+      const objProp = Object.getPrototypeOf(v)
       if (objProp !== null && objProp !== Object.getPrototypeOf({}) && objProp !== Object.getPrototypeOf([])) {
-        output[key] = Object.assign(Object.create(v), v) // e.g. { HttpsProxyAgent {...} }
+        output[key] = Object.assign(Object.create(v), v)
       } else {
         output[key] = clearObjectValues(v, key)
       }
-    } else if (key === 'type') {
-      output[key] = v
-      output.operation = 'delete'
-      if (output.value) output.value = ''
     } else {
-      if (parent && !isNaN(parent) && key === 'value') { // array
+      if (parent && !isNaN(parent)) { // array
         output.operation = 'delete'
         output[key] = v
       } else {
@@ -2623,7 +2746,7 @@ const clearObjectValues = (o, parent) => {
 //
 const jsonErr = (scimVersion, pluginName, htmlErrCode, err, scimType) => {
   let errJson = {}
-  let msg = `ScimGateway[${pluginName}] `
+  let msg = `scimgateway[${pluginName}] `
   err.constructor === Error ? msg += err.message : msg += err
 
   if (scimVersion !== '2.0' && scimVersion !== 2) { // v1.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "4.1.1",
+  "version": "4.1.4",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",
   "homepage": "https://elshaug.xyz",

package/test/lib/plugin-loki.js

@@ -13,7 +13,6 @@ const options = {
 }
 
 describe('plugin-loki tests', () => {
-
   it('getUsers all test (1)', function (done) {
     server_8880.get('/Users' +
       '?startIndex=1&count=100')
@@ -362,7 +361,7 @@ describe('plugin-loki tests', () => {
   */
 
   it('modifyUser test', (done) => {
-    var user = {
+    let user = {
       Operations: [
         {
           op: 'replace',
@@ -490,7 +489,11 @@ describe('plugin-loki tests', () => {
       }],
       'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User': {
         employeeNumber: '1111'
-      }
+      },
+      groups: [
+        { value: 'Employees', display: 'Employees' },
+        { value: 'Admins', display: 'Admins' }
+      ]
     }
 
     server_8880.put('/Users/jgilber')
@@ -517,6 +520,9 @@ describe('plugin-loki tests', () => {
         expect(user['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].manager).to.equal(undefined) // deleted
         expect(user['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].test1).to.equal(undefined) // deleted
         expect(user['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User'].test2).to.equal(undefined) // deleted
+        expect(user.groups.length).to.equal(2)
+        expect(user.groups[0].value).to.equal('Admins')
+        expect(user.groups[1].value).to.equal('Employees')
         done()
       })
   })