I have written an application compliant to the SCIM standard (https://www.rfc-editor.org/rfc/rfc7644), but integrating with Azure I can see that it fails to update a user if it is disabled, the request that Azure send is the following:
PATCH /Users/:id
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "active",
"value": "False"
}
]
}
The SCIM protocol "sais" that the attribute active
accept boolean values (https://www.rfc-editor.org/rfc/rfc7643#section-4.1.1), so following the PATCH protocol (https://www.rfc-editor.org/rfc/rfc6902#section-4.3) I expect a boolean value not a string with a boolean written inside it, so the expected request is the following:
PATCH /Users/:id
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "active",
"value": false
}
]
}
So the problem is that the given value "False"
should be false
.
Is this a bug of Azure or am I missing something? If it is a bug, should I try to parse the string and eventually extract a boolean? But if I do that I'm going to be out of standard. How did you manage this problem?
I also spent a lot of time trying to figure out if Azure was being compliant with the SCIM spec and the answer is that they are not.
The default values that they send for PATCH requests are indeed strings, not booleans as the User
JSON schema defines.
You can override the values that get send/mapped into the SCIM schema by:
Synchronize Azure Active Directory Users to customappsso
(the name here might be different in your directory)Switch([IsSoftDeleted], "False", "True", "True", "False")
Switch([IsSoftDeleted], , false, true, true, false)
(note the additional comma.)NOTE that after saving it will still see quotes around the booleans, but the PATCH request will be sent correctly.