SCIM POST /Users with "manager.value" throws error 500

[LazaroOnline]

In the "SimpleIdServer.Scim" package library, if an enterprise user is created using:
POST /Users with a manager.value having the value of another user's SCIM Id (as per the RFC), then SCIM library throws a 500 error with the message: "Sequence contains no matching element".

Also strangely it allows me to set any string in "manager.value" as far as it is not a userId, not sure if it should be validated or not, but it at least should work when the value is a correct userId.

How to reproduce this bug

Here is an example, first creating the user1 that will be the manager:

POST /Users

{
  "userName": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48",
  "displayName": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48DisplayName",
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "externalId": "4b62f66b-7439-42c8-8dfb-79081844d4f5",
  "name": {
    "formatted": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48GivenName FamilyName",
    "familyName": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48FamilyName",
    "givenName": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48GivenName"
  },
  "emails": [
    {
      "primary": true,
      "type": "work",
      "value": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48.work\u0027[email protected]"
    },
    {
      "type": "home",
      "value": "[email protected]\u002B-4431a44c-2190-4d1b-84a7-2c98ae9fbe48.home\u0027[email protected]"
    }
  ]
}

Returns 201 Created:

{
  "id": "b48e12e6-865f-4130-beb0-732d17ba37c5",
  "userName": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48",
  "displayName": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48DisplayName",
  "name": {
    "formatted": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48GivenName FamilyName",
    "familyName": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48FamilyName",
    "givenName": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48GivenName"
  },
  "emails": [
    {
      "primary": true,
      "type": "work",
      "value": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48.work'[email protected]"
    },
    {
      "type": "home",
      "value": "[email protected]+-4431a44c-2190-4d1b-84a7-2c98ae9fbe48.home'[email protected]"
    }
  ],
  "entitlements": [],
  "groups": [],
  "roles": [],
  "ims": [],
  "addresses": [],
  "photos": [],
  "x509Certificates": [],
  "phoneNumbers": [],
  "meta": {
    "resourceType": "User",
    "created": "2024-03-13T07:01:48.5125431Z",
    "lastModified": "2024-03-13T07:01:48.5125435Z",
    "version": 0,
    "location": "http://127.0.0.1:51631/Users/b48e12e6-865f-4130-beb0-732d17ba37c5"
  },
  "externalId": "4b62f66b-7439-42c8-8dfb-79081844d4f5",
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ]
}

then creating the user2 that will have user1 as manager:

POST /Users

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
  ],
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "department": "sales",
    "manager": {
      "value": "b48e12e6-865f-4130-beb0-732d17ba37c5"
    }
  },
  "userName": "4e9b338c-b678-4fb7-98cc-477fdf616c4b",
  "active": true,
  "displayName": "4e9b338c-b678-4fb7-98cc-477fdf616c4bDisplayName",
  "externalId": "87756ee1-7491-4612-863e-c12ef30ce37e",
  "name": {
    "formatted": "4e9b338c-b678-4fb7-98cc-477fdf616c4bGivenName FamilyName",
    "familyName": "4e9b338c-b678-4fb7-98cc-477fdf616c4bFamilyName",
    "givenName": "4e9b338c-b678-4fb7-98cc-477fdf616c4bGivenName"
  },
  "emails": [
    {
      "primary": true,
      "type": "work",
      "value": "4e9b338c-b678-4fb7-98cc-477fdf616c4b.work\u0027[email protected]"
    },
    {
      "primary": false,
      "type": "home",
      "value": "4e9b338c-b678-4fb7-98cc-477fdf616c4b.home\u0027[email protected]"
    }
  ]
}

Results in error 500: "Sequence contains no matching element".

This was working fine in v2.0.25 where it wasn't throwing exception but returning 201 Created.
We discovered this issue while upgrading to v4.0.3.
Couldn't test the currently latest v4.0.7 because that version breaks even more things and couldn't get past all the other errors to test this issue.

[simpleidserver]

Hello,

To assist you in migrating from version 2.0.25 to 4.7, we have summarized the different steps:

1. Unfortunately, the dotnet ef migrations script cannot be applied to make changes at the database level. Therefore, the code context.Database.Migrate() must be commented out. Please ensure that all tables are properly updated:

ALTER TABLE [dbo].[SCIMRepresentationAttributeLst] ADD [ComputedValueIndex] NVARCHAR(MAX) NULL;  
ALTER TABLE [dbo].[SCIMRepresentationAttributeLst] ADD [IsComputed] BIT NOT NULL DEFAULT 0;

2. The table SCIMRepresentationIndirectReference has been removed and is no longer used. Before deleting it, make sure that all properties: members.value and groups.value are present in the table SCIMRepresentationAttributeLst.

DROP TABLE [dbo].[SCIMRepresentationIndirectReference]

3. Uncomment and execute the code MigrateFrom403To404EF. This function updates the properties IsComputed and ComputedValueIndex. These properties are used to enhance performance in searches.

Could you try migrating to version 4.0.7? We are considering migrating the entire SimpleIdServers solution to DOTNET8.0 soon, after the release of 4.0.8 :)
If you encounter any other issues with the migration or exceptions, please feel free to share them.

[LazaroOnline]

Hello, thanks a lot for the migration help!
About the 3rd step:

3. Uncomment and executethe code MigrateFrom403To404EF. ...

The MigrateFrom403To404EF function is not part of the "SimpleIdServer.Scim" nuget package, which is the only that I use.
I'm not even using "SimpleIdServer.Scim.SqlServerMigrations" nor "SimpleIdServer.Scim.MySQLMigrations" packages, which I think are more recent.
I have my own "startup" project for SCIM, so I hope it is fine with just copying the method alone into my own project. If the migration was expecting more things from the "SimpleIdServer.Scim.Startup" project other than that, please let me know.

So far I was able to test the "manager.value" issue and it seems to work in the latest v4.0.7 of SCIM, but then I got other 500 errors in other requests like PATCH and PUT /Users and POST /Bulk that I'm trying to find more details on.

[LazaroOnline]

After upgrading to v4.0.7 I get other errors like:
#720 and #721, but
the "manager.value" issue is solved, so it was fixed at some point between v4.0.3 and v4.0.7 already.

[LazaroOnline]

Since the error in the title and description seems solved in the latest v4.0.7, and the remaining stuff is something else,
I created a separate bug here:
#720
So we can close this issue.