scimgateway 4.5.6 → 4.5.8

package/README.md

@@ -9,14 +9,14 @@ Validated through IdP's:
 
 - Symantec/Broadcom/CA Identity Manager
 - Microsoft Entra ID  
-- OneLogin  
+- One Identity/OneLogin  
 - Okta 
 - Omada 
 - SailPoint/IdentityNow  
   
 Latest news:  
 
-- Supports stream publishing mode having [SCIM Stream](https://elshaug.xyz/docs/scim-stream) as a prerequisite. In this mode, standard incoming SCIM requests from your Identity Provider (IdP) or API are directed and published to the stream. Subsequently, one of the gateways subscribing to the channel utilized by the publisher will manage the SCIM request, and response back. Using SCIM Stream we have egress/outbound only traffic and get loadbalancing/failover by adding more gateways subscribing to the same channel.
+- Supports stream publishing mode having [SCIM Stream](https://elshaug.xyz/docs/scim-stream) as a prerequisite. In this mode, standard incoming SCIM requests from your Identity Provider (IdP) or API are directed and published to the stream. Subsequently, one of the gateways subscribing to the channel utilized by the publisher will manage the SCIM request, and response back. Using SCIM Stream we have only egress/outbound traffic and get loadbalancing/failover by adding more gateways subscribing to the same channel.
 - **BREAKING**: [SCIM Stream](https://elshaug.xyz/docs/scim-stream) is the modern way of user provisioning letting clients subscribe to messages instead of traditional IGA top-down provisioning. SCIM Gateway now offers enhanced functionality with support for message subscription and automated provisioning using SCIM Stream
 - Authentication PassThrough letting plugin pass authentication directly to endpoint for avoid maintaining secrets at the gateway. Kubernetes health checks and shutdown handler support
 - Supports OAuth Client Credentials authentication
@@ -212,8 +212,8 @@ Below shows an example of config\plugin-saphana.json
           "version": "2.0",
           "skipTypeConvert" : false,
           "skipMetaLocation" false,
-          "usePutSoftSync" : false,
-          "usePutGroupMemberOfUser": false
+          "groupMemberOfUser": false
+          "usePutSoftSync" : false
         },
         "log": {
           "loglevel": {
@@ -379,9 +379,9 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 - **scim.skipMetaLocation** - true or false, default false. If set to true, `meta.location` which contains protocol and hostname from request-url, will be excluded from response e.g. `"{...,meta":{"location":"https://my-company.com/<...>"}}`. If using reverse proxy and not including headers `X-Forwarded-Proto` and `X-Forwarded-Host`, originator will be the proxy and we might not want to expose internal protocol and hostname being used by the proxy request.
 
-- **scim.usePutSoftSync** - true or false, default false. `PUT /Users/bjensen` will replace the user bjensen with body content. If set to `true`, only PUT body content will be replaced. Any additional existing user attributes and groups supported by plugin will remain as-is.
+- **scim."groupMemberOfUser** - true or false, default false. If body contains groups and groupMemberOfUser=true, groups attribute will remain at user object (groups are member of user) instead of default user member of groups that will use modifyGroup method for maintaining group members.
 
-- **scim."usePutGroupMemberOfUser** - true or false, default false. `PUT /Users/<user>` will replace the user with body content. If body contains groups and usePutGroupMemberOfUser=true, groups will be set on user object (groups are member of user) instead of default user member of groups  
+- **scim.usePutSoftSync** - true or false, default false. `PUT /Users/bjensen` will replace the user bjensen with body content. If set to `true`, only PUT body content will be replaced. Any additional existing user attributes and groups supported by plugin will remain as-is.
 
 - **log.loglevel.file** - off, error, info, or debug. Output to plugin-logfile e.g. `logs\plugin-saphana.log`  
 
@@ -522,7 +522,7 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 
 ## Manual startup    
 
-Gateway can now be started from a command window running in administrative mode
+Gateway can be started from a command window running in administrative mode
 
 3 ways to start:
 
@@ -1163,6 +1163,58 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v4.5.8  
+
+[Fixed]
+
+- plugin-ldap failed when using national special characters and some other LDAP special characters in DN
+
+Note, plugin-ldap now has following new configuration:
+
+	"ldap": {
+	  "isOpenLdap": false,
+	  ...
+	  "namingAttribute": {
+		"user": [
+		  {
+			"attribute": "CN",
+			"mapTo": "userName"
+		  }
+		],
+		"group": [
+		  {
+			"attribute": "CN",
+			"mapTo": "displayName"
+		  }
+		]
+	  },
+	  ...
+	}
+
+`isOpenLdap` true/false decides whether or not OpenLDAP Foundation protocol should be used for national characters and special characters in DN. For Active Directory, default isOpenLdap=false should be used.
+
+`namingAttribute` can now be linked to scim `mapTo` attribute and is not hardcoded like it was in previous version.
+
+Previous `userNamingAttr` and `groupNamingAttr` shown below, is now deprecated
+
+	"ldap": {
+	  ...
+	  "userNamingAttr": "CN",
+	  "groupNamingAttr": "CN",
+	  ...
+	}
+
+
+### v4.5.7  
+
+[Fixed]
+
+- PUT changes introduced in v4.4.6 did not handle PUT /Groups correctly
+
+[Improved]
+- configuration scim.usePutGroupMemberOfUser replaced by scim.groupMemberOfUser
+- misc cosmetics
+
 ### v4.5.6  
 
 [Improved]

package/config/plugin-api.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-entra-id.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-ldap.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {
@@ -139,12 +139,25 @@
         "username": "CN=Administrator,CN=Users,DC=test,DC=com",
         "password": "password",
         "ldap": {
+          "isOpenLdap": false,
           "userBase": "CN=Users,DC=test,DC=com",
           "groupBase": "OU=Groups,DC=test,DC=com",
           "userFilter": null,
           "groupFilter": null,
-          "userNamingAttr": "CN",
-          "groupNamingAttr": "CN",
+          "namingAttribute": {
+            "user": [
+              {
+                "attribute": "CN",
+                "mapTo": "userName"
+              }
+            ],
+            "group": [
+              {
+                "attribute": "CN",
+                "mapTo": "displayName"
+              }
+            ]
+          },
           "userObjectClasses": [
             "user",
             "person",

package/config/plugin-loki.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-mongodb.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-mssql.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-saphana.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-scim.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {

package/config/plugin-soap.json

@@ -7,8 +7,8 @@
       "version": "2.0",
       "skipTypeConvert": false,
       "skipMetaLocation": false,
-      "usePutSoftSync": false,
-      "usePutGroupMemberOfUser": false
+      "groupMemberOfUser": false,
+      "usePutSoftSync": false
     },
     "log": {
       "loglevel": {