IETF Logo Mail Archive

Re: [scim] How to check isUsernameExist for Self Sign Up

Phil Hunt <phil.hunt@oracle.com> Thu, 02 February 2017 18:49 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: scim@ietfa.amsl.com
Delivered-To: scim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EA2B12996D for <scim@ietfa.amsl.com>; Thu, 2 Feb 2017 10:49:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.555
X-Spam-Level:
X-Spam-Status: No, score=-8.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-1.156, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jc6ecYYiIQD7 for <scim@ietfa.amsl.com>; Thu, 2 Feb 2017 10:49:48 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5A0F129972 for <scim@ietf.org>; Thu, 2 Feb 2017 10:49:43 -0800 (PST)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v12Ingau018659 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 2 Feb 2017 18:49:43 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserv0021.oracle.com (8.13.8/8.14.4) with ESMTP id v12Inf1R014931 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 2 Feb 2017 18:49:42 GMT
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id v12IndBm025072; Thu, 2 Feb 2017 18:49:41 GMT
Received: from [10.0.1.30] (/24.86.208.48) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 02 Feb 2017 10:49:39 -0800
Content-Type: multipart/alternative; boundary="Apple-Mail=_B13FA35F-5547-4FC1-A678-A690C56A5777"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <CALzgRADp+vQfzQT9MEHWKiLJWH4kaSKtCUHDBOot79y18xyV0g@mail.gmail.com>
Date: Thu, 02 Feb 2017 10:49:38 -0800
Message-Id: <96ACFE7E-9A4C-4010-B43B-50D4086D0C49@oracle.com>
References: <CALzgRADp+vQfzQT9MEHWKiLJWH4kaSKtCUHDBOot79y18xyV0g@mail.gmail.com>
To: Gayan Gunawardana <gayan@wso2.com>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <https://mailarchive.ietf.org/arch/msg/scim/wxriIZY72DP-KlX2xH02AOlq1Jg>
Cc: scim@ietf.org
Subject: Re: [scim] How to check isUsernameExist for Self Sign Up
X-BeenThere: scim@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Simple Cloud Identity Management BOF <scim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scim>, <mailto:scim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scim/>
List-Post: <mailto:scim@ietf.org>
List-Help: <mailto:scim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scim>, <mailto:scim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2017 18:49:50 -0000

Gayan,

Keep in mind SCIM is just a RESTful api. There are no functional methods like isUsernameExist.

You can…

1.  Just try HTTP POST to create the user and if there is a conflict, it gets rejected.  This is probably easiest.

2.  Use GET /Users?filter="(userName eq \”val\”)”&attributes=id.  If you can no records return there were no matches. If you get a return, it is in use.  Note, either way, you will get a successful response.

Note, I suspect it is possible that despite checking with #2, you might still get a rejection when you POST. This might be due to a reserve or lock on the username or other identifier.

Your rights as an administrative client will also impact what you get back with the query in particular.  For example, if you are querying anonymously, you might get no matches because the service provider has determined it is not going to answer your and confirm presence or not of the match.

Likewise, many service providers will have DoS and other security restrictions on what clients can register.  

E.g. to moderate the need for “anonymous” registration, a mobile app could register with the service provider to obtain a “public” OAuth client credential that gives the mobile client the right to register a new user profile on behalf of the user (e.g. by using profile data from the mobile phone).

Phil

Oracle Corporation, Identity Cloud Services & Identity Standards
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>







> On Feb 2, 2017, at 10:18 AM, Gayan Gunawardana <gayan@wso2.com> wrote:
> 
> Hello,
> 
> According to [1] self sign up can be achieved via sending authenticated request to /Me. 
> 
> What is the proper way to check isUsernameExist before self sign up ?
>   
> [1]https://tools.ietf.org/html/rfc7644#section-3.11 <https://tools.ietf.org/html/rfc7644#section-3.11>
> 
> Thanks,
> Gayan
> -- 
> Gayan Gunawardana
> Software Engineer; WSO2 Inc.; http://wso2.com/ <http://wso2.com/>
> Email: gayan@wso2.com <mailto:gayan@wso2.com> 
> Mobile: +94 (71) 8020933
>  <>_______________________________________________
> scim mailing list
> scim@ietf.org
> https://www.ietf.org/mailman/listinfo/scim

v2.23.0 | Report a Bug | By Email