You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The endpoint "/ids/Users" allows filtering the users of an identity zone by ID and/or username by using a SCIM filter. Furthermore, it (optionally) allows restricting the result to only those users that come from an active IdP.
In the endpoint handler, this filter for active origins is implemented by constructing an additional clause in the SCIM filter: first, all active IdPs in the current identity zone are read. Second, for each of their origins, the clause origin eq <origin key> is added to the SCIM filter (combined by using the or operator).
This modified SCIM filter is then passed to the endpoint handler of the regular SCIM users endpoint, where an SQL query is generated from it. Analogous to the SCIM filter, this query will contain a WHERE clause containing one origin = <origin key> condition for each origin of an active IdP.
Especially for large number of active IdPs in an identity zone, the execution of this query will become less performant.
Due to the nature of the original SCIM filter, i.e., only allowing the username and/or the ID of the user, there will be relatively few matches. Therefore, the following approach is more efficient:
First, fetch users by applying the initial filter (i.e., the one containing only conditions regarding the user's ID and/or username). Then, if necessary (i.e., if only users from active IdPs shall be returned), these IdPs are to be read and the users list finally filtered for the origins of the active IdPs in Java code.
The text was updated successfully, but these errors were encountered:
The endpoint "/ids/Users" allows filtering the users of an identity zone by ID and/or username by using a SCIM filter. Furthermore, it (optionally) allows restricting the result to only those users that come from an active IdP.
In the endpoint handler, this filter for active origins is implemented by constructing an additional clause in the SCIM filter: first, all active IdPs in the current identity zone are read. Second, for each of their origins, the clause
origin eq <origin key>
is added to the SCIM filter (combined by using theor
operator).This modified SCIM filter is then passed to the endpoint handler of the regular SCIM users endpoint, where an SQL query is generated from it. Analogous to the SCIM filter, this query will contain a
WHERE
clause containing oneorigin = <origin key>
condition for each origin of an active IdP.Especially for large number of active IdPs in an identity zone, the execution of this query will become less performant.
Due to the nature of the original SCIM filter, i.e., only allowing the username and/or the ID of the user, there will be relatively few matches. Therefore, the following approach is more efficient:
First, fetch users by applying the initial filter (i.e., the one containing only conditions regarding the user's ID and/or username). Then, if necessary (i.e., if only users from active IdPs shall be returned), these IdPs are to be read and the users list finally filtered for the origins of the active IdPs in Java code.
The text was updated successfully, but these errors were encountered: