SCIM API throwing 404 for many users
Summary
One of our large GitLab.com customers reported that for many users (300+), the SCIM API is throwing a 404.
When using /api/scim/v2/groups/:group_path/Users/:id
a 404 is thrown even though the user account has the correct SAML provider id
, and extern_uid
.
Details
Customer is on Okta using SAML app only (SCIM app is set up in preview for testing but not live).
Started happening 2020-05-04 21:33 - 23:02 UTC, which coincides with turning on scim_identities
2020-05-04T21:47:38Z
As described in the ticket, it's a mix of old and new GitLab user accounts, so I've not been able to discern a pattern.
Using my own gitlab saml test group, I have not been able to reproduce this, but my setup is slightly different in that I am using the Okta SCIM app.
Impact
While this does not appear to be impacting the users and their ability to log in, it does impact our ability to report on all users that are in the group and tie them back to our active directory. We need information from the SCIM endpoint to be able to look them up in AD - until then, we have hundreds of users that appear to not be valid users.
What is the current bug behavior?
SCIM API throws 404
What is the expected correct behavior?
SCIM API returns user information
Output of checks
GitLab.com, GitLab Enterprise Edition 13.0.0-pre 10aa387d