WSO2 Identity Server 5.11.0 我的帐户个人信息不适用于 Active Directory 用户存储

Question

I am operating a WSO2 identity server 5.11.0 behind an Apache proxy with a Samba based Active Directory user store. The most relevant claims have been mapped to the local claim dialect. The authentication to services works and the claim attributes are also transmitted properly to the mod_auth_openidc of the Apache server.

However, when entering the myaccount url, login works properly to the personal space. But no user attributes are shown in the personal info section for users that are stored in the AD userstore. For users in the primary store it works well. Thus, I don't think it belongs to the proxy setup.

Looking at the http requests, the scim2 api call is failing:

https://server.at.domain/scim2/Me?attributes=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.isReadOnlyUser

The response is

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"No such user exist","status":"404"}

Does anybody know this problem?

Answer 1

Finally I could solve the problem. The error message is quite misleading. A very essential attribute of the SCIM 2.0 profile is the attribute urn:ietf:params:scim:schemas:core:2.0:id, which is mapped by default to the local claim http://wso2.org/claims/userid . I did not map this claim to an ldap attribute. After mapping simply to objectGUID, the personal info appeared in the myaccount url.