Make Azure Groups PATCH remove operation SCIM v2 compliant
The request body for Update Group [Remove Members] is not compliant with the SCIM v2 specification.
Azure is specifying the member value they want deleted in the "value" property. SCIM specification states that the member value that would be removed in the PATCH operation needs to be set in the "path" property, not "value". The "value" property should actually never be sent in a PATCH remove operation per specification.
If a Service Provider that implemented SCIM per specification were to receive PATCH remove request from Azure as is documented above, that request would result in ALL users being removed from the group.
Azure should to be corrected to be SCIM compliant for this request type.
Thank you for the feedback, we will review.
Hans Kusters (Infoland) commented
Our application is currently implemented to work with the MS spec but will also work fine the SCIM spec is followed.
I do think the SCIM spec is leading, thus MS should update their call to adhere to the rules.
A T commented
Our application is following SCIM 2.0 spec and when we did functional testings, we find this problem and our groups are constantly emptied of user memberships.
Please FIX this ASAP as this is not SCIM 2.0 compliant and WILL cause all groups to use memberships (production ISSUEs) for the SCIM providers, such as our company.