scimgateway 6.1.16 → 6.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +12 -3
  2. package/config/plugin-entra-id.json +1 -0
  3. package/lib/plugin-entra-id.ts +10 -2
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -1051,7 +1051,7 @@ For testing purposes we could get an Azure free account
1051
1051
  Note: Entra ID has a role hierarchy, and running SCIM Gateway as a `User Administrator` has some limitations when administering users who have administrative roles. For full administrative access to all users, SCIM Gateway must have the `Global Administrator` role (`62e90394-69f5-4237-9190-012177145e10`).
1052
1052
 
1053
1053
  Also note: The `plugin-entra-id.json` configuration file includes `map.user.signInActivity`. Using the `signInActivity` attribute requires an Entra ID Premium license and the API permission `AuditLog.Read.All`.
1054
- **Remove this mapping configuration if these conditions are not met**, otherwise provisioning will fail and errors such as `Authentication_RequestFromNonPremiumTenantOrB2CTenant` may occur.
1054
+ **Remove this mapping configuration if these conditions are not met or override by configuring endpoint.entity.[baseEntity].skipSignInActivity = true**, otherwise provisioning will fail and errors such as `Authentication_RequestFromNonPremiumTenantOrB2CTenant` may occur.
1055
1055
 
1056
1056
  ### SCIM Gateway configuration
1057
1057
 
@@ -1301,14 +1301,23 @@ In code editor (e.g., Visual Studio Code), method details and documentation are
1301
1301
 
1302
1302
  MIT © [Jarle Elshaug](https://www.elshaug.xyz)
1303
1303
 
1304
+ ## Change log
1305
+
1306
+ ### v6.1.17
1307
+
1308
+ [Fixed]
1309
+
1310
+ - plugin-entra-id:
1311
+
1312
+ - Fixed an issue where `filter=userName eq "user_upn"` was broken in v6.1.11 when using the updated configuration file that includes `map.user.signInActivity`.
1313
+ - Added new configuration option `endpoint.entity.[baseEntity].skipSignInActivity = true` to exclude the `signInActivity` attribute. This attribute requires a Microsoft Entra ID Premium license and the `AuditLog.Read.All` API permission.
1314
+
1304
1315
  ### v6.1.16
1305
1316
 
1306
1317
  [Improved]
1307
1318
 
1308
1319
  - plugin-entra-id: `GET /Entitlements` using derivedIncludes, fully flattened (recursive expansion of previous includes).
1309
1320
 
1310
- ## Change log
1311
-
1312
1321
  ### v6.1.15
1313
1322
 
1314
1323
  [Fixed]
package/config/plugin-entra-id.json CHANGED
@@ -131,6 +131,7 @@
131
131
  "endpoint": {
132
132
  "entity": {
133
133
  "undefined": {
134
+ "skipSignInActivity": false,
134
135
  "connection": {
135
136
  "baseUrls": [],
136
137
  "auth": {
package/lib/plugin-entra-id.ts CHANGED
@@ -158,6 +158,13 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
158
158
  }
159
159
  } else selectAttributes = userSelectAttributes
160
160
 
161
+ if (config.entity[baseEntity]?.skipSignInActivity === true) { // remove signInActivity that requires Entra ID Premium license
162
+ const index = selectAttributes.indexOf('signInActivity')
163
+ if (index > -1) {
164
+ selectAttributes.splice(index, 1)
165
+ }
166
+ }
167
+
161
168
  const method = 'GET'
162
169
  const body = null
163
170
  let path
@@ -170,7 +177,7 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
170
177
 
171
178
  // mandatory if-else logic - start
172
179
  if (getObj.operator) {
173
- if (getObj.operator === 'eq' && ['id', 'userName', 'externalId'].includes(getObj.attribute)) {
180
+ if (getObj.operator === 'eq' && ['id'].includes(getObj.attribute)) { // userName/externalId using simpel filtering because direct lookup by upn do not allow select attribute signInActivity
174
181
  // mandatory - unique filtering - single unique user to be returned - correspond to getUser() in versions < 4.x.x
175
182
  path = `/users/${getObj.value}?$select=${selectAttributes.join(',')}`
176
183
  } else if (getObj.operator === 'eq' && getObj.attribute === 'group.value') {
@@ -848,7 +855,8 @@ scimgateway.getEntitlements = async (baseEntity, getObj, attributes, ctx) => {
848
855
  licenseInfo.derivedIncludes = licenseMapping[skuPartNumber].derivedIncludes
849
856
  }
850
857
  ret.Resources.push({
851
- type: skuPartNumber, value: response.body.value[i].skuId, display: displayName, licenseInfo })
858
+ type: skuPartNumber, value: response.body.value[i].skuId, display: displayName, licenseInfo,
859
+ })
852
860
  }
853
861
 
854
862
  if (searchAttr && ret.Resources.length > 0) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "scimgateway",
3
- "version": "6.1.16",
3
+ "version": "6.1.17",
4
4
  "type": "module",
5
5
  "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
6
6
  "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",