scimgateway 6.1.3 → 6.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/README.md +20 -1
  2. package/config/plugin-entra-id.json +322 -314
  3. package/lib/helper-rest.ts +71 -60
  4. package/lib/plugin-entra-id.ts +239 -152
  5. package/lib/plugin-loki.ts +3 -37
  6. package/lib/plugin-scim.ts +8 -8
  7. package/lib/scimdef-v1.json +0 -2
  8. package/lib/scimdef-v2.json +2 -4
  9. package/lib/scimgateway.ts +101 -67
  10. package/lib/utils-scim.ts +30 -6
  11. package/lib/utils.ts +0 -1
  12. package/package.json +1 -1
  13. package/test/lib/plugin-loki_test.ts +2 -8
  14. package/test/lib/plugin-scim_test.ts +1 -4
package/README.md CHANGED
@@ -18,7 +18,7 @@
18
18
  Latest news:
19
19
 
20
20
  - Bun binary build is now supported, allowing SCIM Gateway to be compiled into a single executable binary for simplified deployment and execution. SCIM Gateway can now run as an ES module (TypeScript) in Node.js.
21
- - Major release **v6.0.0** introduces changes to API method response bodies (not SCIM-related) and a new method `publicApi()` for handling public path `/pub/api` requests with no authentication required. In addition, the configuration option `bearerJwtAzure.tenantIdGUID` has been replaced by `bearerJwt.azureTenantId`. See the version history for details.
21
+ - Major release **v6.0.0** introduces changes to API method responses (not SCIM-related) and a new method `publicApi()` for handling public path `/pub/api` requests with no authentication required. In addition, the configuration option `bearerJwtAzure.tenantIdGUID` has been replaced by `bearerJwt.azureTenantId`. See the version history for details.
22
22
  - Support for Entra ID [Federated Identity Credentials](https://learn.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0) has been added through internal JWKS (JSON Web Key Set), allowing SCIM Gateway to access Microsoft Entra–protected resources without the need to manage secrets
23
23
  - External JWKS (JSON Web Key Set) is now supported by JWT authentication, allowing external applications to access SCIM Gateway without the need to manage secrets
24
24
  - [Azure Relay](https://learn.microsoft.com/en-us/azure/azure-relay/relay-what-is-it) is now supported for secure and hassle-free outbound-only communication — with just one minute of configuration
@@ -1303,6 +1303,25 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
1303
1303
 
1304
1304
  ## Change log
1305
1305
 
1306
+
1307
+ ### v6.1.5
1308
+
1309
+ [Improved]
1310
+
1311
+ - complex filtering (and/or) now handled by scimgateway using plugin's simple filtering logic
1312
+ - modify group response now returns http status 204 (No Content) instead of 200 OK (full group object)
1313
+ - url `/auth` can now be used for validating external authentication
1314
+ - plugin-entra-id, now supports filter `sw` (startsWith)
1315
+
1316
+
1317
+ ### v6.1.4
1318
+
1319
+ [Fixed]
1320
+
1321
+ - plugin-entra-id, OData paging was not working, so some users/groups/members might be missing
1322
+ - helper-rest, OData paging
1323
+ - user’s group membership did not iterate through paging and may be incomplete
1324
+
1306
1325
  ### v6.1.3
1307
1326
 
1308
1327
  [Fixed]
package/config/plugin-entra-id.json CHANGED
@@ -1,315 +1,323 @@
1
- {
2
- "scimgateway": {
3
- "port": 8881,
4
- "localhostonly": false,
5
- "chainingBaseUrl": null,
6
- "scim": {
7
- "version": "2.0",
8
- "customSchema": null,
9
- "skipTypeConvert": false,
10
- "groupMemberOfUser": false,
11
- "usePutSoftSync": false
12
- },
13
- "log": {
14
- "loglevel": {
15
- "file": "debug",
16
- "console": "error"
17
- },
18
- "customMasking": null
19
- },
20
- "auth": {
21
- "basic": [
22
- {
23
- "username": "gwadmin",
24
- "password": "password",
25
- "readOnly": false,
26
- "baseEntities": []
27
- }
28
- ],
29
- "bearerToken": [
30
- {
31
- "token": null,
32
- "readOnly": false,
33
- "baseEntities": []
34
- }
35
- ],
36
- "bearerJwt": [
37
- {
38
- "secret": null,
39
- "publicKey": null,
40
- "wellKnownUri": null,
41
- "azureTenantId": null,
42
- "options": {
43
- "issuer": null
44
- },
45
- "readOnly": false,
46
- "baseEntities": []
47
- }
48
- ],
49
- "bearerOAuth": [
50
- {
51
- "clientId": null,
52
- "clientSecret": null,
53
- "readOnly": false,
54
- "baseEntities": []
55
- }
56
- ],
57
- "passThrough": {
58
- "enabled": false,
59
- "readOnly": false,
60
- "baseEntities": []
61
- }
62
- },
63
- "certificate": {
64
- "key": null,
65
- "cert": null,
66
- "ca": null,
67
- "pfx": {
68
- "bundle": null,
69
- "password": null
70
- }
71
- },
72
- "ipAllowList": [],
73
- "email": {
74
- "auth": {
75
- "type": "oauth",
76
- "options": {
77
- "azureTenantId": null,
78
- "clientId": null,
79
- "clientSecret": null
80
- }
81
- },
82
- "emailOnError": {
83
- "enabled": false,
84
- "from": null,
85
- "to": null
86
- }
87
- },
88
- "azureRelay": {
89
- "enabled": false,
90
- "connectionUrl": null,
91
- "apiKey": null
92
- },
93
- "stream": {
94
- "baseUrls": [],
95
- "certificate": {
96
- "ca": null
97
- },
98
- "subscriber": {
99
- "enabled": false,
100
- "entity": {
101
- "undefined": {
102
- "nats": {
103
- "tenant": null,
104
- "subject": null,
105
- "jwt": null,
106
- "secret": null
107
- },
108
- "deleteUserOnLastGroupRoleRemoval": false,
109
- "skipConvertRolesToGroups": false,
110
- "generateUserPassword": false,
111
- "modifyOnly": false,
112
- "replaceDomains": []
113
- }
114
- }
115
- },
116
- "publisher": {
117
- "enabled": false,
118
- "entity": {
119
- "undefined": {
120
- "nats": {
121
- "tenant": null,
122
- "subject": null,
123
- "jwt": null,
124
- "secret": null
125
- }
126
- }
127
- }
128
- }
129
- }
130
- },
131
- "endpoint": {
132
- "entity": {
133
- "undefined": {
134
- "connection": {
135
- "baseUrls": [],
136
- "auth": {
137
- "type": "oauth",
138
- "options": {
139
- "azureTenantId": "Entra ID Tenant ID (GUID)",
140
- "clientId": "Entra ID Application ID",
141
- "clientSecret": "Entra ID Application secret value"
142
- }
143
- },
144
- "proxy": {
145
- "host": null,
146
- "username": null,
147
- "password": null
148
- }
149
- }
150
- }
151
- },
152
- "map": {
153
- "user": {
154
- "id": {
155
- "mapTo": "id",
156
- "type": "string"
157
- },
158
- "userPrincipalName": {
159
- "mapTo": "userName,externalId",
160
- "type": "string"
161
- },
162
- "userType": {
163
- "mapTo": "userType",
164
- "type": "string"
165
- },
166
- "accountEnabled": {
167
- "mapTo": "active",
168
- "type": "boolean"
169
- },
170
- "givenName": {
171
- "mapTo": "name.givenName",
172
- "type": "string"
173
- },
174
- "surname": {
175
- "mapTo": "name.familyName",
176
- "type": "string"
177
- },
178
- "displayName": {
179
- "mapTo": "displayName",
180
- "type": "string"
181
- },
182
- "jobTitle": {
183
- "mapTo": "jobTitle",
184
- "type": "string"
185
- },
186
- "employeeId": {
187
- "mapTo": "employeeId",
188
- "type": "string"
189
- },
190
- "employeeType": {
191
- "mapTo": "employeeType",
192
- "type": "string"
193
- },
194
- "companyName": {
195
- "mapTo": "companyName",
196
- "type": "string"
197
- },
198
- "employeeOrgData.costCenter": {
199
- "mapTo": "employeeOrgData.costCenter",
200
- "type": "string"
201
- },
202
- "employeeOrgData.division": {
203
- "mapTo": "employeeOrgData.division",
204
- "type": "string"
205
- },
206
- "officeLocation": {
207
- "mapTo": "officeLocation",
208
- "type": "string"
209
- },
210
- "department": {
211
- "mapTo": "department",
212
- "type": "string"
213
- },
214
- "manager": {
215
- "mapTo": "manager.managerId",
216
- "type": "string"
217
- },
218
- "mail": {
219
- "mapTo": "mail",
220
- "type": "string"
221
- },
222
- "mailNickname": {
223
- "mapTo": "mailNickname",
224
- "type": "string"
225
- },
226
- "proxyAddresses": {
227
- "mapTo": "proxyAddresses.value",
228
- "type": "array",
229
- "items": {
230
- "type": "string"
231
- }
232
- },
233
- "mobilePhone": {
234
- "mapTo": "mobilePhone",
235
- "type": "string"
236
- },
237
- "businessPhones": {
238
- "mapTo": "businessPhones",
239
- "type": "array",
240
- "typeInbound": "string"
241
- },
242
- "country": {
243
- "mapTo": "country",
244
- "type": "string"
245
- },
246
- "city": {
247
- "mapTo": "city",
248
- "type": "string"
249
- },
250
- "streetAddress": {
251
- "mapTo": "streetAddress",
252
- "type": "string"
253
- },
254
- "postalCode": {
255
- "mapTo": "postalCode",
256
- "type": "string"
257
- },
258
- "state": {
259
- "mapTo": "state",
260
- "type": "string"
261
- },
262
- "passwordPolicies": {
263
- "mapTo": "passwordPolicies",
264
- "type": "string"
265
- },
266
- "passwordProfile.forceChangePasswordNextSignIn": {
267
- "mapTo": "passwordProfile.forceChangePasswordNextSignIn",
268
- "type": "string"
269
- },
270
- "passwordProfile.password": {
271
- "mapTo": "passwordProfile.password",
272
- "type": "string"
273
- },
274
- "servicePlan": {
275
- "mapTo": "servicePlan.value",
276
- "type": "array"
277
- },
278
- "usageLocation": {
279
- "mapTo": "usageLocation",
280
- "type": "string"
281
- },
282
- "preferredLanguage": {
283
- "mapTo": "preferredLanguage",
284
- "type": "string"
285
- },
286
- "onPremisesSyncEnabled": {
287
- "mapTo": "onPremisesSyncEnabled",
288
- "type": "boolean"
289
- },
290
- "onPremisesImmutableId": {
291
- "mapTo": "onPremisesImmutableId",
292
- "type": "string"
293
- }
294
- },
295
- "group": {
296
- "id": {
297
- "mapTo": "id",
298
- "type": "string"
299
- },
300
- "displayName": {
301
- "mapTo": "displayName,externalId",
302
- "type": "string"
303
- },
304
- "securityEnabled": {
305
- "mapTo": "securityEnabled",
306
- "type": "boolean"
307
- },
308
- "mailEnabled": {
309
- "mapTo": "mailEnabled",
310
- "type": "boolean"
311
- }
312
- }
313
- }
314
- }
1
+ {
2
+ "scimgateway": {
3
+ "port": 8881,
4
+ "localhostonly": false,
5
+ "chainingBaseUrl": null,
6
+ "scim": {
7
+ "version": "2.0",
8
+ "customSchema": null,
9
+ "skipTypeConvert": false,
10
+ "groupMemberOfUser": false,
11
+ "usePutSoftSync": false
12
+ },
13
+ "log": {
14
+ "loglevel": {
15
+ "file": "debug",
16
+ "console": "error"
17
+ },
18
+ "customMasking": null
19
+ },
20
+ "auth": {
21
+ "basic": [
22
+ {
23
+ "username": "gwadmin",
24
+ "password": "password",
25
+ "readOnly": false,
26
+ "baseEntities": []
27
+ }
28
+ ],
29
+ "bearerToken": [
30
+ {
31
+ "token": null,
32
+ "readOnly": false,
33
+ "baseEntities": []
34
+ }
35
+ ],
36
+ "bearerJwt": [
37
+ {
38
+ "secret": null,
39
+ "publicKey": null,
40
+ "wellKnownUri": null,
41
+ "azureTenantId": null,
42
+ "options": {
43
+ "issuer": null
44
+ },
45
+ "readOnly": false,
46
+ "baseEntities": []
47
+ }
48
+ ],
49
+ "bearerOAuth": [
50
+ {
51
+ "clientId": null,
52
+ "clientSecret": null,
53
+ "readOnly": false,
54
+ "baseEntities": []
55
+ }
56
+ ],
57
+ "passThrough": {
58
+ "enabled": false,
59
+ "readOnly": false,
60
+ "baseEntities": []
61
+ }
62
+ },
63
+ "certificate": {
64
+ "key": null,
65
+ "cert": null,
66
+ "ca": null,
67
+ "pfx": {
68
+ "bundle": null,
69
+ "password": null
70
+ }
71
+ },
72
+ "ipAllowList": [],
73
+ "email": {
74
+ "auth": {
75
+ "type": "oauth",
76
+ "options": {
77
+ "azureTenantId": null,
78
+ "clientId": null,
79
+ "clientSecret": null
80
+ }
81
+ },
82
+ "emailOnError": {
83
+ "enabled": false,
84
+ "from": null,
85
+ "to": null
86
+ }
87
+ },
88
+ "azureRelay": {
89
+ "enabled": false,
90
+ "connectionUrl": null,
91
+ "apiKey": null
92
+ },
93
+ "stream": {
94
+ "baseUrls": [],
95
+ "certificate": {
96
+ "ca": null
97
+ },
98
+ "subscriber": {
99
+ "enabled": false,
100
+ "entity": {
101
+ "undefined": {
102
+ "nats": {
103
+ "tenant": null,
104
+ "subject": null,
105
+ "jwt": null,
106
+ "secret": null
107
+ },
108
+ "deleteUserOnLastGroupRoleRemoval": false,
109
+ "skipConvertRolesToGroups": false,
110
+ "generateUserPassword": false,
111
+ "modifyOnly": false,
112
+ "replaceDomains": []
113
+ }
114
+ }
115
+ },
116
+ "publisher": {
117
+ "enabled": false,
118
+ "entity": {
119
+ "undefined": {
120
+ "nats": {
121
+ "tenant": null,
122
+ "subject": null,
123
+ "jwt": null,
124
+ "secret": null
125
+ }
126
+ }
127
+ }
128
+ }
129
+ }
130
+ },
131
+ "endpoint": {
132
+ "entity": {
133
+ "undefined": {
134
+ "connection": {
135
+ "baseUrls": [],
136
+ "auth": {
137
+ "type": "oauth",
138
+ "options": {
139
+ "azureTenantId": "Entra ID Tenant ID (GUID)",
140
+ "clientId": "Entra ID Application ID",
141
+ "clientSecret": "Entra ID Application secret value"
142
+ }
143
+ },
144
+ "proxy": {
145
+ "host": null,
146
+ "username": null,
147
+ "password": null
148
+ }
149
+ }
150
+ }
151
+ },
152
+ "map": {
153
+ "user": {
154
+ "id": {
155
+ "mapTo": "id",
156
+ "type": "string"
157
+ },
158
+ "userPrincipalName": {
159
+ "mapTo": "userName,externalId",
160
+ "type": "string"
161
+ },
162
+ "userType": {
163
+ "mapTo": "userType",
164
+ "type": "string"
165
+ },
166
+ "accountEnabled": {
167
+ "mapTo": "active",
168
+ "type": "boolean"
169
+ },
170
+ "givenName": {
171
+ "mapTo": "name.givenName",
172
+ "type": "string"
173
+ },
174
+ "surname": {
175
+ "mapTo": "name.familyName",
176
+ "type": "string"
177
+ },
178
+ "displayName": {
179
+ "mapTo": "displayName",
180
+ "type": "string"
181
+ },
182
+ "jobTitle": {
183
+ "mapTo": "jobTitle",
184
+ "type": "string"
185
+ },
186
+ "employeeId": {
187
+ "mapTo": "employeeId",
188
+ "type": "string"
189
+ },
190
+ "employeeType": {
191
+ "mapTo": "employeeType",
192
+ "type": "string"
193
+ },
194
+ "companyName": {
195
+ "mapTo": "companyName",
196
+ "type": "string"
197
+ },
198
+ "employeeHireDate": {
199
+ "mapTo": "employeeHireDate",
200
+ "type": "string"
201
+ },
202
+ "employeeOrgData.costCenter": {
203
+ "mapTo": "employeeOrgData.costCenter",
204
+ "type": "string"
205
+ },
206
+ "employeeOrgData.division": {
207
+ "mapTo": "employeeOrgData.division",
208
+ "type": "string"
209
+ },
210
+ "officeLocation": {
211
+ "mapTo": "officeLocation",
212
+ "type": "string"
213
+ },
214
+ "department": {
215
+ "mapTo": "department",
216
+ "type": "string"
217
+ },
218
+ "manager": {
219
+ "mapTo": "manager.managerId",
220
+ "type": "string"
221
+ },
222
+ "mail": {
223
+ "mapTo": "mail",
224
+ "type": "string"
225
+ },
226
+ "mailNickname": {
227
+ "mapTo": "mailNickname",
228
+ "type": "string"
229
+ },
230
+ "proxyAddresses": {
231
+ "mapTo": "proxyAddresses.value",
232
+ "type": "array",
233
+ "items": {
234
+ "type": "string"
235
+ }
236
+ },
237
+ "mobilePhone": {
238
+ "mapTo": "mobilePhone",
239
+ "type": "string"
240
+ },
241
+ "businessPhones": {
242
+ "mapTo": "businessPhones",
243
+ "type": "array",
244
+ "typeInbound": "string"
245
+ },
246
+ "faxNumber": {
247
+ "mapTo": "faxNumber",
248
+ "type": "string"
249
+ },
250
+ "country": {
251
+ "mapTo": "country",
252
+ "type": "string"
253
+ },
254
+ "city": {
255
+ "mapTo": "city",
256
+ "type": "string"
257
+ },
258
+ "streetAddress": {
259
+ "mapTo": "streetAddress",
260
+ "type": "string"
261
+ },
262
+ "postalCode": {
263
+ "mapTo": "postalCode",
264
+ "type": "string"
265
+ },
266
+ "state": {
267
+ "mapTo": "state",
268
+ "type": "string"
269
+ },
270
+ "passwordPolicies": {
271
+ "mapTo": "passwordPolicies",
272
+ "type": "string"
273
+ },
274
+ "passwordProfile.forceChangePasswordNextSignIn": {
275
+ "mapTo": "passwordProfile.forceChangePasswordNextSignIn",
276
+ "type": "string"
277
+ },
278
+ "passwordProfile.password": {
279
+ "mapTo": "passwordProfile.password",
280
+ "type": "string"
281
+ },
282
+ "servicePlan": {
283
+ "mapTo": "servicePlans.value",
284
+ "type": "array"
285
+ },
286
+ "usageLocation": {
287
+ "mapTo": "usageLocation",
288
+ "type": "string"
289
+ },
290
+ "preferredLanguage": {
291
+ "mapTo": "preferredLanguage",
292
+ "type": "string"
293
+ },
294
+ "onPremisesSyncEnabled": {
295
+ "mapTo": "onPremisesSyncEnabled",
296
+ "type": "boolean"
297
+ },
298
+ "onPremisesImmutableId": {
299
+ "mapTo": "onPremisesImmutableId",
300
+ "type": "string"
301
+ }
302
+ },
303
+ "group": {
304
+ "id": {
305
+ "mapTo": "id",
306
+ "type": "string"
307
+ },
308
+ "displayName": {
309
+ "mapTo": "displayName",
310
+ "type": "string"
311
+ },
312
+ "securityEnabled": {
313
+ "mapTo": "securityEnabled",
314
+ "type": "boolean"
315
+ },
316
+ "mailEnabled": {
317
+ "mapTo": "mailEnabled",
318
+ "type": "boolean"
319
+ }
320
+ }
321
+ }
322
+ }
315
323
  }