Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-5128

add basic auth to scim for grouper

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • 4.9.0, 5.6.0
    • None
    • None
    • None

    Description

      Michael Gettes
      15 hours ago
      I am trying to configure ServiceNow with SCIMv2 other/generic provisioner. In the External Systems I have defined ServiceNow as WS (bearer token auth) which doesn’t seem to work as ServiceNow appears to want to specify a username AND a password along with base URL. I am getting the following errors in diagnostics:
      Select group from Target Error: Selecting specific group(s) (elapsed: 0:00:01.538)
      java.lang.RuntimeException: Error connecting to 'get' 'https://slacdev.servicenowservices.com/api/now/scim/Groups?filter=displayName%20eq%20%22GrouperRoleTest%22, body: 'null' returnCode: 401, response: '"error":

      {"message":"User Not Authenticated","detail":"Required to provide Auth information"}

      ,"status":"failure"'
      at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.executeMethod(GrouperScim2ApiCommands.java:441)
      at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.executeGetMethod(GrouperScim2ApiCommands.java:391)
      at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.retrieveScimGroup(GrouperScim2ApiCommands.java:755)
      at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2TargetDao.retrieveGroup(GrouperScim2TargetDao.java:174)
      at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter.retrieveGroupHelper(GrouperProvisionerTargetDaoAdapter.java:2735)
      at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter$6.callLogic(GrouperProvisionerTargetDaoAdapter.java:1268)
      at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter$6.callLogic(GrouperProvisionerTargetDaoAdapter.java:1260)
      at edu.internet2.middleware.grouper.util.GrouperUtil.executorServiceSubmit(GrouperUtil.java:14112)
      at edu.internet2.middleware.grouper.app.provisioning.targetDao.GrouperProvisionerTargetDaoAdapter.retrieveGroups(GrouperProvisionerTargetDaoAdapter.java:1294)
      at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningDiagnosticsContainer.appendSelectGroupFromTarget(GrouperProvisioningDiagnosticsContainer.java:1605)
      at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningDiagnosticsContainer.runDiagnostics(GrouperProvisioningDiagnosticsContainer.java:202)
      at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningType$2.provision(GrouperProvisioningType.java:72)
      at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioningLogic.provision(GrouperProvisioningLogic.java:77)
      at edu.internet2.middleware.grouper.app.provisioning.GrouperProvisioner.provision(GrouperProvisioner.java:850)
      at edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2ProvisionerConfiguration$1.callLogic(UiV2ProvisionerConfiguration.java:234)
      at edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2ProvisionerConfiguration$1.callLogic(UiV2ProvisionerConfiguration.java:229)
      at edu.internet2.middleware.grouper.util.GrouperCallable$1.callback(GrouperCallable.java:203)
      at edu.internet2.middleware.grouper.GrouperSession.callbackGrouperSession(GrouperSession.java:1000)
      at edu.internet2.middleware.grouper.util.GrouperCallable.callLogicWithSessionIfExists(GrouperCallable.java:200)
      at edu.internet2.middleware.grouper.util.GrouperCallable.call(GrouperCallable.java:166)
      at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
      at java.base/java.lang.Thread.run(Thread.java:840)
      Caused by: java.lang.RuntimeException: Invalid return code '401', expecting: 200, 404
      at edu.internet2.middleware.grouper.app.scim2Provisioning.GrouperScim2ApiCommands.executeMethod(GrouperScim2ApiCommands.java:428)
      ... 23 more
      (edited)

      Michael Gettes
      13 hours ago
      doc for ServiceNow SCIM api is at: https://developer.servicenow.com/dev.do#!/reference/api/utah/rest/scim-api

      Michael Gettes
      11 hours ago
      @mchyzer
      can we add a userid?

      Michael Gettes
      11 hours ago
      ServiceNow supports OAuth — will this work with the OIDC you have in Grouper? https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/authentication/task/provisioning-user-oauth.html

      Michael Gettes
      11 hours ago
      i’m trying to get with SNow admin to give the OAuth a try.

      Michael Gettes
      10 hours ago
      So the OAuth capability on SNow is far more involved. We’d have to set up an OIDC provider some place. So, I am wondering if we can meet the needs of the basic auth mech they claim to provide for SCIM at https://docs.servicenow.com/bundle/vancouver-platform-security/page/integrate/authentication/task/provisioning-user-basic-auth.html

      Chris Hyzer
      3 hours ago
      all scim ive seen is bearer token. we can add basic auth, thats what is needed right?
      New

      Michael Gettes
      2 hours ago
      I believe so. The above urls apppear to be the extent of the docs.

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: