scimgateway 6.0.0 → 6.0.1

package/README.md

@@ -1484,6 +1484,13 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log
 
+
+### v6.0.1
+
+[Fixed]
+- plugin-ldap, failed when the RDN value contained the character '=' e.g., `CN=Firstname \= Lastname,CN=Users,DC=my-company,DC=com`
+- GET using filter failed when filter value contained the character '%' e.g., `GET /Users?filter=userName eq "my % name"`
+
 ### v6.0.0
 
 **[MAJOR]**

package/lib/plugin-api.ts

@@ -55,7 +55,7 @@ const helper = new HelperRest(scimgateway)
 //
 scimgateway.postApi = async (baseEntity, body, ctx) => {
   const action = 'postApi'
-  scimgateway.logDebug(baseEntity, `handling ${action} body=${JSON.stringify(body)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} body=${JSON.stringify(body)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if ((typeof (body) !== 'object') || (Object.keys(body).length === 0)) {
     throw new Error('unsupported POST syntax')
@@ -81,7 +81,7 @@ scimgateway.postApi = async (baseEntity, body, ctx) => {
 //
 scimgateway.putApi = async (baseEntity, id, body, ctx) => {
   const action = 'putApi'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} body=${JSON.stringify(body)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} body=${JSON.stringify(body)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if ((typeof (body) !== 'object') || (Object.keys(body).length === 0)) {
     throw new Error('unsupported PUT syntax')
@@ -108,7 +108,7 @@ scimgateway.putApi = async (baseEntity, id, body, ctx) => {
 //
 scimgateway.patchApi = async (baseEntity, id, body, ctx) => {
   const action = 'patchApi'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} body=${JSON.stringify(body)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} body=${JSON.stringify(body)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if ((typeof (body) !== 'object') || (Object.keys(body).length === 0)) {
     throw new Error('unsupported PATCH syntax')
@@ -135,7 +135,7 @@ scimgateway.patchApi = async (baseEntity, id, body, ctx) => {
 //
 scimgateway.getApi = async (baseEntity, id, query, ctx) => {
   const action = 'getApi'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} apiQuery=${JSON.stringify(query)}}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} apiQuery=${JSON.stringify(query)}} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'GET'
   let path = '/products'
@@ -162,7 +162,7 @@ scimgateway.getApi = async (baseEntity, id, query, ctx) => {
 //
 scimgateway.deleteApi = async (baseEntity, id, ctx) => {
   const action = 'deleteApi'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'DELETE'
   const path = `/products/${id}`
@@ -212,9 +212,9 @@ const deletePublicApi = async (baseEntity: string, id: string | undefined, body:
   return { delete: { id, body } }
 }
 
-scimgateway.publicApi = async (baseEntity, method, id, query, body) => {
+scimgateway.publicApi = async (baseEntity, method, id, query, body, ctx) => {
   const action = 'publicApi'
-  scimgateway.logDebug(baseEntity, `handling ${action} method=${method} id=${id} query=${query ? JSON.stringify(query) : query} body=${JSON.stringify(body)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} method=${method} id=${id} query=${query ? JSON.stringify(query) : query} body=${JSON.stringify(body)} passThrough=${ctx ? 'true' : 'false'}`)
 
   switch (method) {
     case 'GET':

package/lib/plugin-entra-id.ts

@@ -140,7 +140,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   // scimgateway will automatically filter response according to the attributes list
   //
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const ret: any = {
     Resources: [],
@@ -207,7 +207,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   const addonObj: Record<string, any> = {}
   if (userObj.servicePlan) {
@@ -241,7 +241,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
 // =================================================
 scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
   const method = 'DELETE'
   const path = `/Users/${id}`
   const body = null
@@ -258,7 +258,7 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (attrObj.servicePlan) delete attrObj.servicePlan // use license management through groups
   const [parsedAttrObj] = scimgateway.endpointMapper('outbound', attrObj, config.map.user) // SCIM/CustomSCIM => endpoint attribute standard
@@ -340,7 +340,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
 // =================================================
 scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const ret: any = {
     Resources: [],
@@ -444,7 +444,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
   const body: any = { displayName: groupObj.displayName }
   body.mailNickName = groupObj.displayName
   body.mailEnabled = false
@@ -469,9 +469,9 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
   throw new Error(`${action} error: ${action} is not supported`)
 }
 
@@ -480,7 +480,7 @@ scimgateway.deleteGroup = async (baseEntity, id) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!attrObj.members) {
     throw new Error(`${action} error: only supports modification of members`)
@@ -559,7 +559,7 @@ scimgateway.getServicePlans = async (baseEntity, getObj, attributes, ctx) => {
   // scimgateway will automatically filter response according to the attributes list
   //
   const action = 'getServicePlans'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const ret: any = {
     Resources: [],

package/lib/plugin-ldap.ts

@@ -1,5 +1,5 @@
 // =================================================================================
-// File:    plugin-ldap.js
+// File:    plugin-ldap.ts
 //
 // Author:  Jarle Elshaug
 //
@@ -123,7 +123,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   // scimgateway will automatically filter response according to the attributes list
   //
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity: ${baseEntity}`)
 
   const result: any = {
@@ -272,7 +272,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   let userBase = null
   if (userObj.entitlements && userObj.entitlements.userbase) { // override default userBase (type userbase will be lowercase)
@@ -338,7 +338,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
 // =================================================
 scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'del'
   let base
@@ -365,7 +365,7 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   // groups must be handled separate - using group member of user and not user member of group
   if (attrObj.groups) { // not supported by AD - will fail (not allowing updating users memberOf attribute, must update group instead of user)
@@ -539,7 +539,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   // scimgateway will automatically filter response according to the attributes list
   //
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity: ${baseEntity}`)
 
   const result: any = {
@@ -683,7 +683,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.map.group) throw new Error(`${action} error: missing configuration endpoint.map.group`)
   const groupBase = config.entity[baseEntity].ldap.groupBase
@@ -723,7 +723,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
 // =================================================
 scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.map.group) throw new Error(`${action} error: missing configuration endpoint.map.group`)
   const method = 'del'
@@ -751,7 +751,7 @@ scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.map.group) throw new Error(`${action} error: missing configuration endpoint.map.group`)
   if (attrObj.members && !Array.isArray(attrObj.members)) {
@@ -772,6 +772,8 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
       if (!dn) throw new Error(`${action} error: sidGuidToDn() did not return any objectGUID value for dn=${el.value}`)
       el.value = dn
     }
+    const dnObj = ldapEscDn(config.entity[baseEntity].ldap.isOpenLdap, el.value)
+    el.value = dnObj.toString()
     if (el.operation && el.operation === 'delete') { // delete member from group
       grp.remove[memberAttr].push(el.value) // endpointMapper returns URI encoded id because some IdP's don't encode id used in GET url e.g. Symantec/Broadcom/CA
     } else { // add member to group
@@ -1098,8 +1100,8 @@ const getMemberOfGroups = async (baseEntity: string, id: string, ctx: any) => {
 // using OpenLDAP, DN must be escaped - national characters and special ldap characters
 // using Active Directory (none OpenLDAP), DN should not be escaped, but DN retrieved from AD is character escaped
 //
-const ldapEscDn = (isOpenLdap: any, str: string) => {
-  if (typeof str !== 'string' || str.length < 1) return str
+const ldapEscDn = (isOpenLdap: any, str: string): ldap.DN => {
+  if (typeof str !== 'string' || str.length < 1) return new ldap.DN()
 
   if (!isOpenLdap && str.indexOf('\\') > 0) {
     const conv = str.replace(/\\([0-9A-Fa-f]{2})/g, (_, hex) => {
@@ -1127,6 +1129,10 @@ const ldapEscDn = (isOpenLdap: any, str: string) => {
       continue
     }
     const a = arr[i].split('=')
+    while (a.length > 2) { // 'uid=Firstname \= Lastname'
+      a[1] += '=' + a[2]
+      a.splice(2, 1)
+    }
     if (a.length < 2 && i > 0) { // value having comma and content
       if (arr[i - 1].charAt(arr[i - 1].length - 1) === '\\') {
         arr[i - 1] = arr[i - 1].substring(0, arr[i - 1].length - 1)
@@ -1142,17 +1148,18 @@ const ldapEscDn = (isOpenLdap: any, str: string) => {
     }
     if (i > 0) break // only escape logic on first, assume sub OU's are correct
   }
-  if (isOpenLdap) {
-    str = arr.join(',')
-    return str
-  }
-  // Using dn object and BER encoding
-  // e.g., Active Directory to avoid internal ldapjs OpenLDAP validating and string escaping logic
+
+  // Using dn object instead of string to ensure all escaping will be OK e.g. 'uid=test \= test,dc=example,dc=com'
+  // For non OpenLdap e.g., Active Directory, we must include BER encoding 
   const dn = new ldap.DN()
   for (let i = 0; i < arr.length; i++) {
     const a = arr[i].split('=') // cn=Kürt
+    while (a.length > 2) {
+      a[1] += '=' + a[2]
+      a.splice(2, 1)
+    }
     if (a.length === 2) {
-      if (i === 0) {
+      if (i === 0 && !isOpenLdap) {
         const ua = new Uint8Array(Buffer.from(a[1], 'utf-8'))
         const buf = Buffer.from(new Uint8Array([4, ua.length, ...ua]))
         const rdn: any = {}
@@ -1328,8 +1335,7 @@ const checkIfNewDN = (baseEntity: string, base: any, type: string, obj: any, end
   if (a[1].toLowerCase() !== namingAttr.toLowerCase() + '=') return ''
   if (a[2] === newNamingValue) return ''
   let newDN = a[1] + newNamingValue + a[3]
-  newDN = ldapEscDn(config.entity[baseEntity].ldap.isOpenLdap, newDN)
-  return newDN
+  return ldapEscDn(config.entity[baseEntity].ldap.isOpenLdap, newDN)
 }
 
 //
@@ -1422,7 +1428,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity: ${baseEntity}`)
   let result: any = null
   let client: any = null
-  base = ldapEscDn(config.entity[baseEntity].ldap.isOpenLdap, base)
+  const dnObj = ldapEscDn(config.entity[baseEntity].ldap.isOpenLdap, base)
 
   // support having different upn-domain on IdP and target
   if (options.modification && options.modification.userPrincipalName && config.map.user.userPrincipalName && config.map.user.userPrincipalName.mapDomain) {
@@ -1441,7 +1447,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
         result = await new Promise((resolve, reject) => {
           const results: any = []
 
-          client.search(base, options, (err: any, search: any) => {
+          client.search(dnObj, options, (err: any, search: any) => {
             if (err) {
               return reject(err)
             }
@@ -1510,7 +1516,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
 
       case 'modify':
         result = await new Promise((resolve: any, reject: any) => {
-          const dn = base
+          const dn = dnObj
           const changes: any = []
           for (const key in options.modification) {
             const mod: any = {}
@@ -1549,8 +1555,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
 
       case 'modifyDN':
         result = await new Promise((resolve: any, reject: any) => {
-          let dn = base
-          if (Object.prototype.toString.call(dn) === '[object LdapDn]') dn = base.toString() // needed for client.modifyDN...
+          let dn = dnObj.toString() // needed for client.modifyDN...
           let newDN = options?.modification?.newDN
           if (!newDN) return reject(new Error('modifyDN() missing newDN'))
           if (Object.prototype.toString.call(newDN) === '[object LdapDn]') newDN = newDN.toString()
@@ -1565,7 +1570,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
 
       case 'add':
         result = await new Promise((resolve: any, reject: any) => {
-          client.add(base, options, (err: any) => {
+          client.add(dnObj, options, (err: any) => {
             if (err) {
               return reject(err)
             }
@@ -1576,7 +1581,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
 
       case 'del':
         result = await new Promise((resolve: any, reject: any) => {
-          client.del(base, (err: any) => {
+          client.del(dnObj, (err: any) => {
             if (err) {
               return reject(err)
             }
@@ -1593,7 +1598,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
     if (options.filter && typeof options.filter === 'object') {
       options.filter = options.filter.toString()
     }
-    scimgateway.logDebug(baseEntity, `doRequest method=${method} base=${berDecodeDn(base)} ldapOptions=${JSON.stringify(options)} Error Response = ${err.message}`)
+    scimgateway.logDebug(baseEntity, `doRequest method=${method} base=${berDecodeDn(dnObj)} ldapOptions=${JSON.stringify(options)} Error Response = ${err.message}`)
     if (client) {
       try {
         client.destroy()
@@ -1605,7 +1610,7 @@ const doRequest = async (baseEntity: string, method: string, base: any, options:
   if (options.filter && typeof options.filter === 'object') {
     options.filter = options.filter.toString()
   }
-  scimgateway.logDebug(baseEntity, `doRequest method=${method} base=${berDecodeDn(base)} ldapOptions=${JSON.stringify(options)} Response=${JSON.stringify(result)}`)
+  scimgateway.logDebug(baseEntity, `doRequest method=${method} base=${berDecodeDn(dnObj)} ldapOptions=${JSON.stringify(options)} Response=${JSON.stringify(result)}`)
   return result
 } // doRequest
 

package/lib/plugin-loki.ts

@@ -104,9 +104,9 @@ for (const baseEntity in config.entity) {
 // =================================================
 // getUsers
 // =================================================
-scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
+scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const users = config.entity[baseEntity].users
@@ -232,9 +232,9 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createUser
 // =================================================
-scimgateway.createUser = async (baseEntity, userObj) => {
+scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const users = config.entity[baseEntity].users
@@ -271,9 +271,9 @@ scimgateway.createUser = async (baseEntity, userObj) => {
 // =================================================
 // deleteUser
 // =================================================
-scimgateway.deleteUser = async (baseEntity, id) => {
+scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const users = config.entity[baseEntity].users
@@ -287,9 +287,9 @@ scimgateway.deleteUser = async (baseEntity, id) => {
 // =================================================
 // modifyUser
 // =================================================
-scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
+scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const users = config.entity[baseEntity].users
@@ -408,9 +408,9 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
 // =================================================
 // getGroups
 // =================================================
-scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
+scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const groups = config.entity[baseEntity].groups
@@ -502,7 +502,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
 // =================================================
 scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const groups = config.entity[baseEntity].groups
@@ -540,9 +540,9 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const groups = config.entity[baseEntity].groups
@@ -558,7 +558,7 @@ scimgateway.deleteGroup = async (baseEntity, id) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!config.entity[baseEntity]) throw new Error(`unsupported baseEntity=${baseEntity}`)
   const groups = config.entity[baseEntity].groups

package/lib/plugin-mongodb.ts

@@ -158,7 +158,7 @@ async function loadHandler(baseEntity: string, ctx: undefined | Record<string, a
 // =================================================
 scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -258,7 +258,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -307,7 +307,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
 // =================================================
 scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -336,7 +336,7 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -490,7 +490,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
 // =================================================
 scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -586,7 +586,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -638,7 +638,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
 // =================================================
 scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 
@@ -667,7 +667,7 @@ scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   const clientIdentifier = await loadHandler(baseEntity, ctx) // includes Auth PassThrough logic and loaded only once
 

package/lib/plugin-mssql.ts

@@ -83,7 +83,7 @@ if (config?.connection?.authentication?.options?.password) {
 // =================================================
 scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   let sqlQuery
 
@@ -147,7 +147,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise(async (resolve) => {
@@ -183,7 +183,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
 // =================================================
 scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise(async (resolve) => {
@@ -202,7 +202,7 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise(async (resolve) => {
@@ -255,7 +255,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
 // =================================================
 scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   let sqlQuery
 
@@ -324,7 +324,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise(async (resolve) => {
@@ -355,7 +355,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
 // =================================================
 scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise(async (resolve) => {
@@ -374,7 +374,7 @@ scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   let sql = ''
 

package/lib/plugin-saphana.ts

@@ -50,9 +50,9 @@ const hdbClient = hdb.createClient({
 // =================================================
 // getUsers
 // =================================================
-scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
+scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   let sqlQuery
 
@@ -118,9 +118,9 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createUser
 // =================================================
-scimgateway.createUser = async (baseEntity, userObj) => {
+scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise((resolve, reject) => {
@@ -159,9 +159,9 @@ scimgateway.createUser = async (baseEntity, userObj) => {
 // =================================================
 // deleteUser
 // =================================================
-scimgateway.deleteUser = async (baseEntity, id) => {
+scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise((resolve, reject) => {
@@ -189,9 +189,9 @@ scimgateway.deleteUser = async (baseEntity, id) => {
 // =================================================
 // modifyUser
 // =================================================
-scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
+scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   try {
     return await new Promise((resolve, reject) => {
@@ -225,9 +225,9 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
 // =================================================
 // getGroups
 // =================================================
-scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
+scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   // mandatory if-else logic - start
   if (getObj.operator) {
@@ -252,27 +252,27 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes) => {
 // =================================================
 // createGroup
 // =================================================
-scimgateway.createGroup = async (baseEntity, groupObj) => {
+scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
   throw new Error(`${action} error: ${action} is not supported`)
 }
 
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
   throw new Error(`${action} error: ${action} is not supported`)
 }
 
 // =================================================
 // modifyGroup
 // =================================================
-scimgateway.modifyGroup = async (baseEntity, id, attrObj) => {
+scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
   throw new Error(`${action} error: ${action} is not supported`)
 }
 

package/lib/plugin-scim.ts

@@ -56,7 +56,7 @@ const helper = new HelperRest(scimgateway)
 // =================================================
 scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'GET'
   let path
@@ -156,7 +156,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!userObj.name) userObj.name = {}
   if (!userObj.emails) userObj.emails = { work: {} }
@@ -203,7 +203,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
 // =================================================
 scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'DELETE'
   const path = `/Users/${id}`
@@ -225,7 +225,7 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!attrObj.name) attrObj.name = {}
   if (!attrObj.emails) attrObj.emails = {}
@@ -308,7 +308,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
 // =================================================
 scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'GET'
   let path
@@ -388,7 +388,7 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'POST'
   const path = '/Groups'
@@ -410,7 +410,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
 // =================================================
 scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
 
   const method = 'DELETE'
   const path = `/Groups/${id}`
@@ -432,7 +432,7 @@ scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!attrObj.members) {
     throw new Error(`${action} error: only supports modification of members`)

package/lib/plugin-soap.ts

@@ -58,7 +58,7 @@ if (!scimgateway.authPassThroughAllowed) {
 // =================================================
 scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getUsers'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   let soapRequest
   let soapAction
@@ -169,7 +169,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   const action = 'createUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} userObj=${JSON.stringify(userObj)} passThrough=${ctx ? 'true' : 'false'}`)
   try {
     if (!userObj.name) userObj.name = {}
     if (!userObj.emails) userObj.emails = { work: {} }
@@ -213,7 +213,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
 // =================================================
 scimgateway.deleteUser = async (baseEntity, id, ctx) => {
   const action = 'deleteUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
   try {
     const serviceClient = await getServiceClient(baseEntity, action, ctx)
 
@@ -240,7 +240,7 @@ scimgateway.deleteUser = async (baseEntity, id, ctx) => {
 // =================================================
 scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyUser'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
   try {
     // forwardinc modify user will blank all attributes not included in soap request...
     // We therefore need to to retrieve all user attributes from forwardinc and merge with updated attributes.
@@ -309,7 +309,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
 // =================================================
 scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   const action = 'getGroups'
-  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} getObj=${getObj ? JSON.stringify(getObj) : ''} attributes=${attributes} passThrough=${ctx ? 'true' : 'false'}`)
 
   let soapRequest
   let soapAction
@@ -401,9 +401,9 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 // =================================================
 // createGroup
 // =================================================
-scimgateway.createGroup = async (baseEntity, groupObj) => {
+scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   const action = 'createGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} groupObj=${JSON.stringify(groupObj)} passThrough=${ctx ? 'true' : 'false'}`)
   // groupObj.displayName contains the group to be created
   // if supporting create group, we need some endpoint logic here
   throw new Error(`${action} error: ${action} is not supported`)
@@ -412,9 +412,9 @@ scimgateway.createGroup = async (baseEntity, groupObj) => {
 // =================================================
 // deleteGroup
 // =================================================
-scimgateway.deleteGroup = async (baseEntity, id) => {
+scimgateway.deleteGroup = async (baseEntity, id, ctx) => {
   const action = 'deleteGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} passThrough=${ctx ? 'true' : 'false'}`)
   // if supporting delete group, we need some endpoint logic here
   throw new Error(`${action} error: ${action} is not supported`)
 }
@@ -424,7 +424,7 @@ scimgateway.deleteGroup = async (baseEntity, id) => {
 // =================================================
 scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   const action = 'modifyGroup'
-  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)}`)
+  scimgateway.logDebug(baseEntity, `handling ${action} id=${id} attrObj=${JSON.stringify(attrObj)} passThrough=${ctx ? 'true' : 'false'}`)
 
   if (!attrObj.members) {
     throw new Error(`${action} error: only supports modification of members`)

package/lib/scimgateway.ts

@@ -314,7 +314,7 @@ export class ScimGateway {
   * PATCH http://localhost:8890/pub/api/100  
   * body = {"title":"BMW X3"}
   */
-  publicApi!: (baseEntity: string, method: string, id: string | undefined, query: Record<string, any> | undefined, apiObj: any) => any
+  publicApi!: (baseEntity: string, method: string, id: string | undefined, query: Record<string, any> | undefined, apiObj: any, ctx?: undefined | Record<string, any>) => any
 
   constructor() {
     const funcHandler: any = {}
@@ -1279,7 +1279,12 @@ export class ScimGateway {
         if (arrFilter.length === 3 || (arrFilter.length > 2 && arrFilter[2].startsWith('"') && arrFilter[arrFilter.length - 1].endsWith('"'))) {
           getObj.attribute = arrFilter[0] // userName
           getObj.operator = arrFilter[1].toLowerCase() // eq
-          getObj.value = decodeURIComponent(arrFilter.slice(2).join(' ').replace(/"/g, '')) // bjensen
+          const value = arrFilter.slice(2).join(' ').replace(/"/g, '')
+          try {
+            getObj.value = decodeURIComponent(value) // bjensen
+          } catch (err) { // e.g., character '%' in string - 'name%test' 
+            getObj.value = value
+          }
         }
       }
 
@@ -2443,7 +2448,7 @@ export class ScimGateway {
         return
       }
       const handle = ctx.routeObj.handle
-      const baseEntity = ctx.routeObj.baseEntity
+      const baseEntity = ctx.routeObj.baseEntity = 'undefined'
       const method = ctx.request.method
       const id = ctx.routeObj.id || undefined
       const query = Object.keys(ctx.query).length > 0 ? ctx.query : undefined
@@ -2453,7 +2458,7 @@ export class ScimGateway {
 
       try {
         logger.debug(`${gwName}[${pluginName}][${ctx?.routeObj?.baseEntity}] calling publicApi and awaiting result`, { baseEntity: ctx?.routeObj?.baseEntity })
-        let result = await this.publicApi(baseEntity, method, id, query, body)
+        let result = await this.publicApi(baseEntity, method, id, query, body, ctx.passThrough)
         if (result) {
           if (typeof result === 'string') {
             const r = result.trim()
@@ -2475,8 +2480,10 @@ export class ScimGateway {
       } catch (err: any) {
         const [e, statusCode] = utilsScim.jsonErr('1.1', pluginName, 500, err)
         ctx.response.status = statusCode
-        ctx.response.body = JSON.stringify(e)
-        ctx.response.headers.set('content-type', 'application/json; charset=utf-8')
+        if (err.message) { // may use err.name (xxx#<code>) and no message to avoid returning standard error formatted body e.g., const err=new Error(); err.name=err.name +='#404'; throw err
+          ctx.response.body = JSON.stringify(e)
+          ctx.response.headers.set('content-type', 'application/json; charset=utf-8')
+        }
       }
     }
     funcHandler.publicApiHandler = publicApiHandler

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "type": "module",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",