scimgateway 4.1.13 → 4.1.15

package/README.md

@@ -261,7 +261,12 @@ Below shows an example of config\plugin-saphana.json
               "readOnly": false,
               "baseEntities": []
             }
-          ]
+          ],
+          "passThrough": {
+             "enabled": false,
+             "readOnly": false,
+             "baseEntities": []
+          }
         },
 	    "certificate": {
 	      "key": null,
@@ -354,6 +359,8 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 - **auth.bearerOAuth** - Array of one or more Client Credentials OAuth configuration objects. **`client_id`** and **`client_secret`** are mandatory. client_secret value will become encrypted when gateway is started. OAuth token request url is **/oauth/token** e.g. http://localhost:8880/oauth/token  
 
+- **auth.passThrough** - Setting **auth.passThrough.enabled=true** will bypass SCIM Gateway authentication. Gateway will instead pass ctx containing authentication header to the plugin. Plugin could then use this information for endpoint authentication and we don't have any password/token stored at the gateway. Note, this also requires plugin binary having `scimgateway.authPassThroughAllowed = true` and endpoint logic for handling/passing ctx.request.header.authorization 
+
 - **certificate** - If not using TLS certificate, set "key", "cert" and "ca" to **null**. When using TLS, "key" and "cert" have to be defined with the filename corresponding to the primary-key and public-certificate. Both files must be located in the `<package-root>\config\certs` directory e.g:  
   
 		"certificate": {
@@ -1146,7 +1153,37 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
-### v4.1.13  
+### v4.1.15  
+
+[Added]  
+
+- authPassThrough for passing the authentication directly to plugin without being processed by scimgateway 
+
+    Plugin configuration prerequisites: **auth.passThrough.enabled=true**      
+
+        "auth": {
+           ...
+           "passThrough": {
+             "enabled": true,
+             "readOnly": false,
+             "baseEntities": []
+           }
+           ...
+         }
+
+    Plugin binary prerequisites:
+
+        scimgateway.authPassThroughAllowed = true
+        // also need endpoint logic for handling/passing ctx.request.header.authorization
+
+
+    For upgrading existing custom plugins, above mention prerequisites needs to be included and in addition all plugin methods must include the `ctx` parameter e.g.: 
+
+        scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx)
+        // tip, see provided example plugins
+
+
+### v4.1.14  
 
 [Fixed]  
 

package/config/plugin-api.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,
@@ -87,7 +92,9 @@
   "endpoint": {
     "entity": {
       "undefined": {
-        "baseUrls": ["http://fakerestapi.azurewebsites.net"],
+        "baseUrls": [
+          "http://fakerestapi.azurewebsites.net"
+        ],
         "username": "endpointuser",
         "password": "password",
         "proxy": {

package/config/plugin-azure-ad.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-forwardinc.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-ldap.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-loki.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-mongodb.json

@@ -63,7 +63,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-mssql.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-saphana.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,

package/config/plugin-scim.json

@@ -57,7 +57,12 @@
           "readOnly": false,
           "baseEntities": []
         }
-      ]
+      ],
+      "passThrough": {
+        "enabled": false,
+        "readOnly": false,
+        "baseEntities": []
+      }
     },
     "certificate": {
       "key": null,
@@ -87,7 +92,9 @@
   "endpoint": {
     "entity": {
       "undefined": {
-        "baseUrls": ["http://localhost:8880"],
+        "baseUrls": [
+          "http://localhost:8880"
+        ],
         "scimVersion": "2.0",
         "username": "gwadmin",
         "password": "password",
@@ -98,7 +105,9 @@
         }
       },
       "clientA": {
-        "baseUrls": ["http://localhost:8880"],
+        "baseUrls": [
+          "http://localhost:8880"
+        ],
         "scimVersion": "2.0",
         "username": "gwadmin",
         "password": "password",

package/lib/plugin-api.js

@@ -46,6 +46,7 @@ const configDir = path.join(__dirname, '..', 'config')
 const configFile = path.join(`${configDir}`, `${pluginName}.json`)
 let config = require(configFile).endpoint
 config = scimgateway.processExtConfig(pluginName, config) // add any external config process.env and process.file
+scimgateway.authPassThroughAllowed = false // true enables auth passThrough (no scimgateway authentication). scimgateway instead includes ctx (ctx.request.header) in plugin methods. Note, requires plugin-logic for handling/passing ctx.request.header.authorization to be used in endpoint communication
 // mandatory plugin initialization - end
 
 const _serviceClient = {}
@@ -58,7 +59,7 @@ const _serviceClient = {}
 // post http://localhost:8890/api
 // body = {"eventName":"AssignAccessRoleEvent","subjectName":"RACF_System-B","userID":"peter01"}
 //
-scimgateway.postApi = async (baseEntity, apiObj) => {
+scimgateway.postApi = async (baseEntity, apiObj, ctx) => {
   const action = 'postApi'
   scimgateway.logger.debug(`${pluginName} handling "${action}" apiObj=${JSON.stringify(apiObj)}`)
 
@@ -92,7 +93,7 @@ scimgateway.postApi = async (baseEntity, apiObj) => {
 // put http://localhost:8890/api/1
 // body = {"eventName":"AssignAccessRoleEvent","subjectName":"RACF_System-B","userID":"peter01"}
 //
-scimgateway.putApi = async (baseEntity, id, apiObj) => {
+scimgateway.putApi = async (baseEntity, id, apiObj, ctx) => {
   const action = 'putApi'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} apiObj=${JSON.stringify(apiObj)}`)
 
@@ -126,7 +127,7 @@ scimgateway.putApi = async (baseEntity, id, apiObj) => {
 // patch http://localhost:8890/api/1
 // body = {"eventName":"AssignAccessRoleEvent","subjectName":"RACF_System-B","userID":"peter01"}
 //
-scimgateway.patchApi = async (baseEntity, id, apiObj) => {
+scimgateway.patchApi = async (baseEntity, id, apiObj, ctx) => {
   const action = 'patchApi'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} apiObj=${JSON.stringify(apiObj)}`)
 
@@ -160,7 +161,7 @@ scimgateway.patchApi = async (baseEntity, id, apiObj) => {
 // get http://localhost:8890/api/1
 // get http://localhost:8890/api?queries
 //
-scimgateway.getApi = async (baseEntity, id, apiQuery, apiObj) => {
+scimgateway.getApi = async (baseEntity, id, apiQuery, apiObj, ctx) => {
   const action = 'getApi'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} apiQuery=${JSON.stringify(apiQuery)} apiObj=${JSON.stringify(apiObj)}`)
 
@@ -191,7 +192,7 @@ scimgateway.getApi = async (baseEntity, id, apiQuery, apiObj) => {
 // example:
 // delete http://localhost:8890/api/1
 //
-scimgateway.deleteApi = async (baseEntity, id) => {
+scimgateway.deleteApi = async (baseEntity, id, ctx) => {
   const action = 'deleteApi'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
 

package/lib/plugin-azure-ad.js

@@ -87,6 +87,7 @@ const configDir = path.join(__dirname, '..', 'config')
 const configFile = path.join(`${configDir}`, `${pluginName}.json`)
 let config = require(configFile).endpoint
 config = scimgateway.processExtConfig(pluginName, config) // add any external config process.env and process.file
+scimgateway.authPassThroughAllowed = false // true enables auth passThrough (no scimgateway authentication). scimgateway instead includes ctx (ctx.request.header) in plugin methods. Note, requires plugin-logic for handling/passing ctx.request.header.authorization to be used in endpoint communication
 // mandatory plugin initialization - end
 
 if (config.map) { // having licensDetails map here instead of config file
@@ -135,7 +136,7 @@ const lock = new scimgateway.Lock()
 // =================================================
 // getUsers
 // =================================================
-scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
+scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering
@@ -238,7 +239,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createUser
 // =================================================
-scimgateway.createUser = async (baseEntity, userObj) => {
+scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" userObj=${JSON.stringify(userObj)}`)
 
@@ -255,7 +256,7 @@ scimgateway.createUser = async (baseEntity, userObj) => {
   try {
     await doRequest(baseEntity, method, path, body)
     if (attrObj.servicePlan) {
-      await scimgateway.modifyUser(baseEntity, userObj.userName, attrObj)
+      await scimgateway.modifyUser(baseEntity, userObj.userName, attrObj, ctx)
       return null
     } else return (null)
   } catch (err) {
@@ -268,7 +269,7 @@ scimgateway.createUser = async (baseEntity, userObj) => {
 // =================================================
 // deleteUser
 // =================================================
-scimgateway.deleteUser = async (baseEntity, id) => {
+scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   const method = 'DELETE'
@@ -285,7 +286,7 @@ scimgateway.deleteUser = async (baseEntity, id) => {
 // =================================================
 // modifyUser
 // =================================================
-scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
+scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)
   const arrLicAdd = []
@@ -517,7 +518,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
 // =================================================
 // getGroups
 // =================================================
-scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
+scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering
@@ -652,7 +653,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createGroup
 // =================================================
-scimgateway.createGroup = async (baseEntity, groupObj) => {
+scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" groupObj=${JSON.stringify(groupObj)}`)
   const body = { displayName: groupObj.displayName }
@@ -663,7 +664,7 @@ scimgateway.createGroup = async (baseEntity, groupObj) => {
   const path = '/Groups'
 
   try {
-    const res = await scimgateway.getGroups(baseEntity, { attribute: 'displayName', operator: 'eq', value: groupObj.displayName }, ['id', 'displayName'])
+    const res = await scimgateway.getGroups(baseEntity, { attribute: 'displayName', operator: 'eq', value: groupObj.displayName }, ['id', 'displayName'], ctx)
     if (res && res.Resources && res.Resources.length > 0) {
       throw new Error(`group ${groupObj.displayName} already exist`)
     }
@@ -679,7 +680,7 @@ scimgateway.createGroup = async (baseEntity, groupObj) => {
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   throw new Error(`${action} error: ${action} is not supported`)
@@ -688,7 +689,7 @@ scimgateway.deleteGroup = async (baseEntity, id) => {
 // =================================================
 // modifyGroup
 // =================================================
-scimgateway.modifyGroup = async (baseEntity, id, attrObj) => {
+scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)
 
@@ -755,7 +756,7 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj) => {
 // =================================================
 // getServicePlans
 // =================================================
-scimgateway.getServicePlans = async (baseEntity, getObj, attributes) => {
+scimgateway.getServicePlans = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering - attribute, operator and value are included when requesting unique object or simpel filtering
@@ -875,7 +876,7 @@ scimgateway.getServicePlans = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createServicePlan
 // =================================================
-scimgateway.createServicePlan = async (baseEntity, id) => {
+scimgateway.createServicePlan = async (baseEntity, id, ctx) => {
   const action = 'createServicePlan'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   throw new Error(`${action} error: ${action} is not supported`)
@@ -884,7 +885,7 @@ scimgateway.createServicePlan = async (baseEntity, id) => {
 // =================================================
 // deleteServicePlan
 // =================================================
-scimgateway.deleteServicePlan = async (baseEntity, id) => {
+scimgateway.deleteServicePlan = async (baseEntity, id, ctx) => {
   const action = 'deleteServicePlan'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   throw new Error(`${action} error: ${action} is not supported`)
@@ -893,7 +894,7 @@ scimgateway.deleteServicePlan = async (baseEntity, id) => {
 // =================================================
 // modifyServicePlan
 // =================================================
-scimgateway.modifyServicePlan = async (baseEntity, id) => {
+scimgateway.modifyServicePlan = async (baseEntity, id, ctx) => {
   const action = 'modifyServicePlan'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   throw new Error(`${action} error: ${action} is not supported`)

package/lib/plugin-forwardinc.js

@@ -59,6 +59,7 @@ const validScimAttr = [ // array containing scim attributes supported by our plu
 ]
 let config = require(configFile).endpoint
 config = scimgateway.processExtConfig(pluginName, config) // add any external config process.env and process.file
+scimgateway.authPassThroughAllowed = false // true enables auth passThrough (no scimgateway authentication). scimgateway instead includes ctx (ctx.request.header) in plugin methods. Note, requires plugin-logic for handling/passing ctx.request.header.authorization to be used in endpoint communication
 // mandatory plugin initialization - end
 
 const wsdlDir = path.join(`${configDir}`, 'wsdls')
@@ -69,7 +70,7 @@ const _serviceClient = {}
 // =================================================
 // getUsers
 // =================================================
-scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
+scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering
@@ -192,7 +193,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createUser
 // =================================================
-scimgateway.createUser = async (baseEntity, userObj) => {
+scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" userObj=${JSON.stringify(userObj)}`)
   try {
@@ -241,7 +242,7 @@ scimgateway.createUser = async (baseEntity, userObj) => {
 // =================================================
 // deleteUser
 // =================================================
-scimgateway.deleteUser = async (baseEntity, id) => {
+scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   try {
@@ -268,7 +269,7 @@ scimgateway.deleteUser = async (baseEntity, id) => {
 // =================================================
 // modifyUser
 // =================================================
-scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
+scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)
   try {
@@ -281,7 +282,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
       value: id
     }
 
-    const res = await scimgateway.getUsers(baseEntity, getObj, '')
+    const res = await scimgateway.getUsers(baseEntity, getObj, '', ctx)
 
     let userObj
     if (res && Array.isArray(res.Resources) && res.Resources.length === 1) userObj = res.Resources[0]
@@ -342,7 +343,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
 // =================================================
 // getGroups
 // =================================================
-scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
+scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering
@@ -448,7 +449,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createGroup
 // =================================================
-scimgateway.createGroup = async (baseEntity, groupObj) => {
+scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" groupObj=${JSON.stringify(groupObj)}`)
   // groupObj.displayName contains the group to be created
@@ -459,7 +460,7 @@ scimgateway.createGroup = async (baseEntity, groupObj) => {
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
   // if supporting delete group, we need some endpoint logic here
@@ -469,7 +470,7 @@ scimgateway.deleteGroup = async (baseEntity, id) => {
 // =================================================
 // modifyGroup
 // =================================================
-scimgateway.modifyGroup = async (baseEntity, id, attrObj) => {
+scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)
 

package/lib/plugin-ldap.js

@@ -85,6 +85,7 @@ const configDir = path.join(__dirname, '..', 'config')
 const configFile = path.join(`${configDir}`, `${pluginName}.json`)
 let config = require(configFile).endpoint
 config = scimgateway.processExtConfig(pluginName, config) // add any external config process.env and process.file
+scimgateway.authPassThroughAllowed = false // true enables auth passThrough (no scimgateway authentication). scimgateway instead includes ctx (ctx.request.header) in plugin methods. Note, requires plugin-logic for handling/passing ctx.request.header.authorization to be used in endpoint communication
 // mandatory plugin initialization - end
 
 const _serviceClient = {}
@@ -123,7 +124,7 @@ if (config.map.user.userPrincipalName && config.map.user.userPrincipalName.mapDo
 // =================================================
 // getUsers
 // =================================================
-scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
+scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering
@@ -272,7 +273,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createUser
 // =================================================
-scimgateway.createUser = async (baseEntity, userObj) => {
+scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" userObj=${JSON.stringify(userObj)}`)
 
@@ -331,7 +332,7 @@ scimgateway.createUser = async (baseEntity, userObj) => {
 // =================================================
 // deleteUser
 // =================================================
-scimgateway.deleteUser = async (baseEntity, id) => {
+scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
 
@@ -358,7 +359,7 @@ scimgateway.deleteUser = async (baseEntity, id) => {
 // =================================================
 // modifyUser
 // =================================================
-scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
+scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)
 
@@ -423,7 +424,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
   // endpoint spesific attribute handling
   if (endpointObj.userAccountControl !== undefined) { // SCIM "active" - Active Directory
     // can't use getUser because there is "active" logic overriding original userAccountControl that we want
-    // const usr = await scimgateway.getUser(baseEntity, { filter: 'id', identifier: id }, 'active')
+    // const usr = await scimgateway.getUser(baseEntity, { filter: 'id', identifier: id }, 'active', ctx)
     const activeAttr = 'userAccountControl'
     const method = 'search'
     let base
@@ -487,7 +488,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
 // =================================================
 // getGroups
 // =================================================
-scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
+scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   //
   // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
   // rawFilter is always included when filtering
@@ -633,7 +634,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createGroup
 // =================================================
-scimgateway.createGroup = async (baseEntity, groupObj) => {
+scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" groupObj=${JSON.stringify(groupObj)}`)
 
@@ -663,7 +664,7 @@ scimgateway.createGroup = async (baseEntity, groupObj) => {
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id}`)
 
@@ -691,7 +692,7 @@ scimgateway.deleteGroup = async (baseEntity, id) => {
 // =================================================
 // modifyGroup
 // =================================================
-scimgateway.modifyGroup = async (baseEntity, id, attrObj) => {
+scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
   scimgateway.logger.debug(`${pluginName}[${baseEntity}] handling "${action}" id=${id} attrObj=${JSON.stringify(attrObj)}`)