Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1387

Automatic Provisioning: PATCH API endpoint to update user attributes doesn't work with manager field

XMLWordPrintable

      Atlassian Status Update - Nov 29, 2022

      Hi Everyone,

      Our development team has advised that support for syncing a "manager" field value in Azure AD is planned to be shipped at the end of January 2023.

      We will update this ticket when we have more information.


      Thanks,
      Derrick
      Atlassian Cloud Support

      Issue Summary

      As per: How to sync the manager attribute into Atlas it is possible to configure Okta to sync the "manager" field value to a user's Atlassian account

      The manager field value is only visible using reporting lines feature on Teams Central/Atlas and is not visible on the user's Atlassian account profile or in product(Jira/Confluence) contact card - ⚡️ Supercharge your project and goal reporting with your org structure

      Only Okta is supported at the time of writing(10-Jun-2022), so admins may want to use the API endpoints to update user SCIM/provisioning records to include the "manager" field.

      There are 2 supported request methods to update user SCIM record attributes:

      Steps to Reproduce

      Try sending a PATCH call to update the manager field. Example:

      curl --request PATCH \
  --url 'https://api.atlassian.com/scim/directory/<dir_id>/Users/<user_scim_id>' \
  --header 'Authorization: Bearer <dir_API_token>' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "operations": [
    {
      "op": "Add",
      "value":{
      "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{
      "manager":{
                 "value":"manager_email_address@example.domain.com"
                }
        }
      }
    }
  ]
}'

      Expected Results

      The manager field in SCIM record is updated and the manager value appears in Atlas/reporting lines feature

      Actual Results

      The call runs without an error response - 200 response, but the manager field is not updated

      Workaround

      Use the PUT method instead of PATCH: https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-userid-put

            [ACCESS-1387] Automatic Provisioning: PATCH API endpoint to update user attributes doesn't work with manager field

            Eric added a comment -

            We've released the fix to support syncing the manager attribute with Azure AD.

            Here is the guide to set up this integration: https://intercom.help/atlas-by-atlassian/en/articles/6872562-how-to-sync-the-manager-attribute-into-atlas-with-azure-ad

            Eric added a comment - We've released the fix to support syncing the manager attribute with Azure AD. Here is the guide to set up this integration: https://intercom.help/atlas-by-atlassian/en/articles/6872562-how-to-sync-the-manager-attribute-into-atlas-with-azure-ad

            Matthias Fleschütz added a comment - - edited

            We tried using PUT but still receiving error, when sending the manager attribute in urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

            We also fetched the schema, and it only includes department and organization but not manager.

            As soon as PUT includes

            "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
  "department": "Team A",
  "manager": "<atlassian-id-or-username-of-manager>",
  "organization": "Our Company"
}

            We receive a stacktrace error:

            Invalid payload: Unknown error with stack trace: [com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63), com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1455), com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1081), com.fasterxml.jackson.databind.deser.ValueInstantiator._createFromStringFallbacks(ValueInstantiator.java:371), com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.createFromString(StdValueInstantiator.java:323), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromString(BeanDeserializerBase.java:1408), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:176), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:120), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromString(BeanDeserializerBase.java:1401), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:176), com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:166), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:116), com.fasterxml.jackson.module.afterburner.deser.SettableObjectMethodProperty.deserializeAndSet(SettableObjectMethodProperty.java:47), com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:293), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:194), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:120), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1315), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserializeFromObject(SuperSonicBeanDeserializer.java:247), com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:164), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:116), com.fasterxml.jackson.module.afterburner.deser.SettableObjectMethodProperty.deserializeAndSet(SettableObjectMethodProperty.java:47), com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:293), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:194), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:120), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1315), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserializeFromObject(SuperSonicBeanDeserializer.java:247), com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:164), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:116), com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:2020), com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:1179), org.glassfish.jersey.jackson.internal.jackson.jaxrs.base.ProviderBase.readFrom(ProviderBase.java:837), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.invokeReadFrom(ReaderInterceptorExecutor.java:233), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.aroundReadFrom(ReaderInterceptorExecutor.java:212), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132), org.glassfish.jersey.server.internal.MappableExceptionWrapperInterceptor.aroundReadFrom(MappableExceptionWrapperInterceptor.java:49), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132), org.glassfish.jersey.message.internal.MessageBodyFactory.readFrom(MessageBodyFactory.java:1072), org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:882), org.glassfish.jersey.server.ContainerRequest.readEntity(ContainerRequest.java:274), org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:73), org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:56), org.glassfish.jersey.server.spi.internal.ParamValueFactoryWithSource.apply(ParamValueFactoryWithSource.java:50), org.glassfish.jersey.server.spi.internal.ParameterValueHelper.getParameterValues(ParameterValueHelper.java:68), org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$AbstractMethodParamInvoker.getParamValues(JavaResourceMethodDispatcherProvider.java:109), org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219), org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79), org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469), org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391), org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80), org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253), org.glassfish.jersey.internal.Errors$1.call(Errors.java:248), org.glassfish.jersey.internal.Errors$1.call(Errors.java:244), org.glassfish.jersey.internal.Errors.process(Errors.java:292), org.glassfish.jersey.internal.Errors.process(Errors.java:274), org.glassfish.jersey.internal.Errors.process(Errors.java:244), org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265), org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232), org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680), org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394), org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346), org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366), org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319), org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), brave.servlet.TracingFilter.doFilter(TracingFilter.java:68), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), com.atlassian.axe.servlet.AccessLoggingFilter.doFilter(AccessLoggingFilter.java:80), com.atlassian.axe.spring.SpringAccessLoggingFilter.doFilterInternal(SpringAccessLoggingFilter.java:25), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), brave.servlet.TracingFilter.doFilter(TracingFilter.java:68), org.springframework.cloud.sleuth.instrument.web.LazyTracingFilter.doFilter(TraceWebServletAutoConfiguration.java:141), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), io.atlassian.micros.springboot.rest.JerseyToSpringWebExceptionFilter.doFilter(JerseyToSpringWebExceptionFilter.java:30), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:97), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), brave.servlet.TracingFilter.doFilter(TracingFilter.java:87), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202), org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97), org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542), org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143), org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92), org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78), net.rakugakibox.spring.boot.logback.access.tomcat.LogbackAccessTomcatValve.invoke(LogbackAccessTomcatValve.java:91), org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764), org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357), org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374), org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65), org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893), org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707), org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49), java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128), java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628), org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61), java.base/java.lang.Thread.run(Thread.java:829)]

            It can be fixed by just removing manager attribute. As soon as you change manager attribute to something completely invalid (e.g. foobar) the request works and the wrong attribute is just ignored. Hence, it seems that API endpoint is somehow recognizing manager as some kind of valid but there is an issue to process it.

             

            Update: ignore my comment due to missing knowledge...

            Fixed: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager is of type "complex", so it needs to be 

            "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
  "department": "Team A",
  "manager": {
    "value": <id-or-username-of-manager>
  },
  "organization": "Our Company"
}

             

            Matthias Fleschütz added a comment - - edited We tried using PUT but still receiving error, when sending the manager attribute in urn:ietf:params:scim:schemas:extension:enterprise:2.0:User We also fetched the schema, and it only includes department and organization but not manager . As soon as PUT includes "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : {   "department" : "Team A" ,   "manager" : "<atlassian-id-or-username-of-manager>" ,   "organization" : "Our Company" } We receive a stacktrace error: Invalid payload: Unknown error with stack trace: [com.fasterxml.jackson.databind.exc.MismatchedInputException.from(MismatchedInputException.java:63), com.fasterxml.jackson.databind.DeserializationContext.reportInputMismatch(DeserializationContext.java:1455), com.fasterxml.jackson.databind.DeserializationContext.handleMissingInstantiator(DeserializationContext.java:1081), com.fasterxml.jackson.databind.deser.ValueInstantiator._createFromStringFallbacks(ValueInstantiator.java:371), com.fasterxml.jackson.databind.deser.std.StdValueInstantiator.createFromString(StdValueInstantiator.java:323), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromString(BeanDeserializerBase.java:1408), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:176), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:120), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromString(BeanDeserializerBase.java:1401), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:176), com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:166), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:116), com.fasterxml.jackson.module.afterburner.deser.SettableObjectMethodProperty.deserializeAndSet(SettableObjectMethodProperty.java:47), com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:293), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:194), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:120), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1315), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserializeFromObject(SuperSonicBeanDeserializer.java:247), com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:164), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:116), com.fasterxml.jackson.module.afterburner.deser.SettableObjectMethodProperty.deserializeAndSet(SettableObjectMethodProperty.java:47), com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:293), com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:194), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:120), com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromObjectUsingNonDefault(BeanDeserializerBase.java:1315), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserializeFromObject(SuperSonicBeanDeserializer.java:247), com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:164), com.fasterxml.jackson.module.afterburner.deser.SuperSonicBeanDeserializer.deserialize(SuperSonicBeanDeserializer.java:116), com.fasterxml.jackson.databind.ObjectReader._bind(ObjectReader.java:2020), com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:1179), org.glassfish.jersey.jackson.internal.jackson.jaxrs.base.ProviderBase.readFrom(ProviderBase.java:837), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.invokeReadFrom(ReaderInterceptorExecutor.java:233), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$TerminalReaderInterceptor.aroundReadFrom(ReaderInterceptorExecutor.java:212), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132), org.glassfish.jersey.server.internal.MappableExceptionWrapperInterceptor.aroundReadFrom(MappableExceptionWrapperInterceptor.java:49), org.glassfish.jersey.message.internal.ReaderInterceptorExecutor.proceed(ReaderInterceptorExecutor.java:132), org.glassfish.jersey.message.internal.MessageBodyFactory.readFrom(MessageBodyFactory.java:1072), org.glassfish.jersey.message.internal.InboundMessageContext.readEntity(InboundMessageContext.java:882), org.glassfish.jersey.server.ContainerRequest.readEntity(ContainerRequest.java:274), org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:73), org.glassfish.jersey.server.internal.inject.EntityParamValueParamProvider$EntityValueSupplier.apply(EntityParamValueParamProvider.java:56), org.glassfish.jersey.server.spi.internal.ParamValueFactoryWithSource.apply(ParamValueFactoryWithSource.java:50), org.glassfish.jersey.server.spi.internal.ParameterValueHelper.getParameterValues(ParameterValueHelper.java:68), org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$AbstractMethodParamInvoker.getParamValues(JavaResourceMethodDispatcherProvider.java:109), org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219), org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79), org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469), org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391), org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80), org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253), org.glassfish.jersey.internal.Errors$1.call(Errors.java:248), org.glassfish.jersey.internal.Errors$1.call(Errors.java:244), org.glassfish.jersey.internal.Errors.process(Errors.java:292), org.glassfish.jersey.internal.Errors.process(Errors.java:274), org.glassfish.jersey.internal.Errors.process(Errors.java:244), org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265), org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232), org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680), org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394), org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346), org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366), org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319), org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), brave.servlet.TracingFilter.doFilter(TracingFilter.java:68), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), com.atlassian.axe.servlet.AccessLoggingFilter.doFilter(AccessLoggingFilter.java:80), com.atlassian.axe.spring.SpringAccessLoggingFilter.doFilterInternal(SpringAccessLoggingFilter.java:25), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), brave.servlet.TracingFilter.doFilter(TracingFilter.java:68), org.springframework.cloud.sleuth.instrument.web.LazyTracingFilter.doFilter(TraceWebServletAutoConfiguration.java:141), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), io.atlassian.micros.springboot. rest .JerseyToSpringWebExceptionFilter.doFilter(JerseyToSpringWebExceptionFilter.java:30), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:97), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201), org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), brave.servlet.TracingFilter.doFilter(TracingFilter.java:87), org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189), org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162), org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202), org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97), org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542), org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143), org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92), org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78), net.rakugakibox.spring.boot.logback.access.tomcat.LogbackAccessTomcatValve.invoke(LogbackAccessTomcatValve.java:91), org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764), org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357), org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374), org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65), org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893), org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1707), org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49), java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128), java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628), org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61), java.base/java.lang. Thread .run( Thread .java:829)] It can be fixed by just removing manager attribute. As soon as you change manager attribute to something completely invalid (e.g. foobar) the request works and the wrong attribute is just ignored. Hence, it seems that API endpoint is somehow recognizing manager as some kind of valid but there is an issue to process it.   Update: ignore my comment due to missing knowledge... Fixed: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager is of type "complex", so it needs to be  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : { "department" : "Team A" , "manager" : { "value" : <id-or-username-of-manager> }, "organization" : "Our Company" }  

              Unassigned Unassigned
              dnguyen4 Derrick Nguyen
              Affected customers:
              5 This affects my team
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: