Azure广告无法在microsoft.systemForCrossDomainIdentityManagement nuget程序包上使用补丁更新用户
[英]Azure Ad fails to update users using Patch on microsoft.systemForCrossDomainIdentityManagement nuget package
问题描述
We have created a SCIM integration using microsoft.systemForCrossDomainIdentityManagement nuget package which has been described in here: 
我们使用microsoft.systemForCrossDomainIdentityManagement nuget包创建了SCIM集成,该包在下面进行了描述:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups
We have tested the APIs using Postman and they work as they should but when we test them with Azure AD the patch requests fail. 我们已经使用Postman测试了API,它们可以正常工作,但是当我们使用Azure AD测试它们时,补丁请求失败。
Looking at the logs and narrowing them down we figured that the request is not in the same format as what microsoft.systemForCrossDomainIdentityManagement expects. 查看日志并将其缩小范围,我们发现该请求的格式与microsoft.systemForCrossDomainIdentityManagement期望的格式不同。
One patch request from AD is like below (which will fail): 来自AD的一个补丁请求如下所示(将失败):
{ "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [ {"op":"Replace","path":"displayName","value":" User X"} ]}
While the request that works is like this: 虽然有效的请求是这样的:
{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"] ,
"Operations":[ {"op":"Replace","path":"displayName","value":
[ {"$ref":null,"value":"User x"}]}]
}}
- Please note the difference between 2 requests which in the 1st call is a string and in the second one is a list of objects. 请注意,两个请求之间的区别是第一个调用是字符串,第二个请求是对象列表。
How should we fix this? 我们应该如何解决呢?
The Nuget package take the request and deliver the IPatchRequest so the request doesn't even receive to our part of the code and both parts are Microsoft :| Nuget软件包接受请求并传递IPatchRequest,因此请求甚至都不会收到我们的部分代码,而这两部分都是Microsoft的:
1 个解决方案
解决方案1
0 已采纳 2019-02-18 16:42:52
Since there was no answer from Microsoft after more than a month, they only other way that I know to fix this is to intercept the call before it gets to Microsoft's part of the code (using a middle ware) and change it to the format that they are expecting :\\ 由于一个多月后没有收到Microsoft的答复,因此,我知道要解决此问题的另一种方法是在调用到达Microsoft的部分代码之前(使用中间件)拦截该调用,并将其更改为他们期望的是:\\
I have discussed the problem and the solution further in the link below, but I am still waiting for a fix from Microsoft :\\ http://pilpag.blogspot.com/2019/02/enabling-scim-using-microsoftsystemforc.html 我已经在下面的链接中进一步讨论了该问题和解决方案,但我仍在等待Microsoft的修复程序:\\ http://pilpag.blogspot.com/2019/02/enabling-scim-using-microsoftsystemforc.html
The easy fix is like this: 简单的解决方法是这样的:
public class PatchRequestUpdaterMiddleware : OwinMiddleware
{
private const string OperationValueFinderRegex = "({[\\s\\w\":,.\\[\\]\\\\]*op[\\s\\w\":,.\\[\\]\\\\]*\"value\"\\s*:\\s*)(\"[\\w\\s\\-,.@?!*;\'\\(\\)]+\")"; //{"op":"x","value":"Andrew1"}
public override async Task Invoke(IOwinContext context)
{
if (context.Request.Method.ToLower() != "patch")
{
await Next.Invoke(context);
return;
}
var streamReader = new StreamReader(context.Request.Body);
string body = streamReader.ReadToEnd();
body = Regex.Replace(body, OperationValueFinderRegex, m => $"{m.Groups[1].Value}[{{\"value\":{m.Groups[2].Value}}}]"); //{"op":"x","value":"Ashkan"} ==>> {"op":"x","value":[{"value":"Ashkan"}]}
context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body));
await Next.Invoke(context);
}
}
And just add this to the provider that you have created: 并将其添加到您创建的提供程序中:
class myProvider:ProviderBase
{
....
private void OnServiceStartup(IAppBuilder appBuilder, HttpConfiguration configuration)
{
...
appBuilder.Use<PatchRequestUpdaterMiddleware>();
...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.