Unable to remove user from group using scim 2.0 API wso2 IS

Question

I am using WSO2 IS v5.11.0.

I am trying to perform a PATCH request, where I am trying to remove a user from the group.

API: /Groups/{id}
Method: PATCH

Payload:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "remove",
      "value": {
        "members": [
          {
            "display": "USERSTORE1/newuser",
            "value": "5b957306-05ad-48ea-a2f5-230b99e989a8"
          }
        ]
      }
    }
  ]
}

I am getting the below error response

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "scimType": "noTarget",
    "detail": "No path value specified for remove operation",
    "status": "400"
}

For the same API request payload, I could do the addition of user to group using "op": "add" but remove alone doesn't work!!

Can someone let me know the issue and how to do the removal of user from group?

Ref: https://is.docs.wso2.com/en/5.11.0/develop/scim2-rest-apis/#/Groups%20Endpoint/patchGroup

Answer 1

PATCH request to /Groups/{group-id} endpoint with one of the following payload will remove the user from the group.

1. Specify the user need to be removed by user's uuid

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "remove",
            "path":"members[value eq 0565f472-28fe-4d93-83ad-096c66ed4a47]"
        }
    ]
}

2. Specify the user need to be removed by user's username

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:PatchOp"
    ],
    "Operations": [
        {
            "op": "remove",
            "path":"members[display eq anuradha]"
        }
    ]
}

You can find more details about scim "remove" operation in PATCH payload from here: https://datatracker.ietf.org/doc/html/rfc7644#section-3.5.2.2