SCIM GET /Users supports requests without a filter
What
Adds support for SCIM requests that do not have a filter.
Closes #35209 (closed)
Works towards #13138 (closed)
Why
SCIM clients will sometimes send a request without a filter, using pagination to limit results instead. Previously we would raise an error when a filter wasn't provided, meaning we were unable to process those requests.
This is needed for Okta compatibility, since their setup first tests SCIM with startIndex=1&count=1 with no filter.
Screenshots
Risks
- Changes to SCIM risk breaking user provisioning, but here that is mitigated by only changing
GET /Usersrather than the main process of creating and updating users. Verifying this change against an Azure setup would further mitigate this risk. - We'll want to verify behaviour on Okta before updating docs to mention any support. In particular we don't yet follow the SCIM spec regarding IDs, and there is a risk that could lead to duplicate users and users unable to sign in so we will not treat this MR as having implemented Okta support.
Acceptance criteria
-
Change target branch back to master after !19417 (merged) merges -
Changelog entry -
Documentation created/updated or follow-up review issue created -
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Edited by James Edwards-Jones