Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SCIM2 GET user call is responding 500, if a custom domain name set in PRIMARY userstore. #15253

Closed
DInuwan97 opened this issue Dec 4, 2022 · 1 comment · Fixed by wso2-extensions/identity-inbound-provisioning-scim2#454 · May be fixed by wso2-extensions/identity-inbound-provisioning-scim2#451
Closed

SCIM2 GET user call is responding 500, if a custom domain name set in PRIMARY userstore. #15253

DInuwan97 opened this issue Dec 4, 2022 · 1 comment · Fixed by wso2-extensions/identity-inbound-provisioning-scim2#454 · May be fixed by wso2-extensions/identity-inbound-provisioning-scim2#451
Labels
Type/Bug
Milestone
6.1.0-alpha

Comments

@DInuwan97
Copy link

DInuwan97 commented Dec 4, 2022
edited by rksk
Loading

Describe the issue:
The current implementation of org.wso2.carbon.identity.scim2.common is unable to retrieve the user-mgt.xml file.[1] (RelamConfigs) since if the user is in the primary user store it is taking the domain PRIMARY from a hard-coded constant variable from the source code itself.

How to reproduce:
Change the deployment.toml config set as below in the primary user store. The domain name for the primary user store is "WSO2" for this example.

[user_store.properties]
DomainName = "WSO2"

Execute the following curl command to the user in the PRIMARY user store.

curl --location --request GET 'https://localhost:9443/scim2/Users?filter=userName+eq+<test_user>&startIndex=0&count=10' \
--header 'Authorization: Basic YWRtaW46YWRtaW4=' -kv

	at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.getMaxLimit(SCIMUserManager.java:1906)
	at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.filterUsersBySingleAttribute(SCIMUserManager.java:1297)
	at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.filterUsers(SCIMUserManager.java:1241)
	at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.listUsersWithGET(SCIMUserManager.java:509)
	at org.wso2.charon3.core.protocol.endpoints.UserResourceManager.listWithGET(UserResourceManager.java:354)
	at org.wso2.carbon.identity.scim2.provider.resources.UserResource.getUser(UserResource.java:215)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
	at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:201)
	at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:104)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
	at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:265)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:225)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:222)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:655)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:659)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:107)
	at org.wso2.carbon.identity.cors.valve.CORSValve.invoke(CORSValve.java:93)
	at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:102)
	at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:133)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:101)
	at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
	at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
	at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:145)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
	at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
	at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
	at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:126)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:359)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1735)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)

Also 500 error response in http_access_logs as well.

How to Fix :

Above issue should be fixed as follows. Also it needs to handle the NPE properly.

private int getMaxLimit(String domainName) {

        int givenMax = UserCoreConstants.MAX_USER_ROLE_LIST;
        if (StringUtils.isEmpty(domainName)) {
            domainName = carbonUM.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.
                    PROPERTY_DOMAIN_NAME);
        }

        if (carbonUM.getSecondaryUserStoreManager(domainName).getRealmConfiguration()
                .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST) != null) {
            givenMax = Integer.parseInt(carbonUM.getSecondaryUserStoreManager(domainName).getRealmConfiguration()
                    .getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_MAX_USER_LIST));
        }
        return givenMax;
}

However this is not an an issue with secondary user store since there is having a seperate appruch to fetch the domain name from userstore.xml file.

[1] - https://github.com/wso2-extensions/identity-inbound-provisioning-scim2/blob/2e6a5a0b30676b84fe482215d42bede30ea0f9cc/components/org.wso2.carbon.identity.scim2.common/src/main/java/org/wso2/carbon/identity/scim2/common/impl/SCIMUserManager.java#L2048
@DInuwan97 DInuwan97 changed the title SCIM2 GET user call is unable to respond if a custom domain name set in PRIMARY userstore. SCIM2 GET user call is responding 500, if a custom domain name set in PRIMARY userstore. Dec 4, 2022
@DInuwan97 DInuwan97 mentioned this issue Dec 5, 2022
Open
@ChanikaRuchini ChanikaRuchini mentioned this issue Dec 14, 2022
Merged
@ImalshaG ImalshaG added this to the 6.1.0-alpha milestone Dec 16, 2022
@mifrazmurthaja
Copy link

Possible duplicate of #13325

@DInuwan97 DInuwan97 mentioned this issue Jan 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Bug
Projects
None yet
Milestone
6.1.0-alpha
3 participants
@mifrazmurthaja @DInuwan97 @ImalshaG