Draft
Conversation
This commit adds a comprehensive utility to diagnose and fix stale SCIM group mappings that cause Okta Push Groups to fail with externalId errors. Key features: - Diagnostic mode to safely inspect groups and identify stale mappings - Cleanup mode to delete and recreate groups, clearing SCIM mappings - Automatic member backup and restoration - Standalone executable script for easy use - Comprehensive documentation and resolution guide The utility specifically addresses the issue with grpAtlanProdWorkflowAdmin on apex.atlan.com failing with: 'Unable to update group with externalId: 2ea7c8f7-7506-4b71-a53c-f307aedb647d' Changes: - Added new package: samples/packages/scim-group-cleanup/ - Main utility: ScimGroupCleanup.kt with diagnostic and cleanup modes - Configuration: ScimGroupCleanupCfg.kt for flexible operation - Standalone script: cleanup-apex-group.sh for direct execution - Documentation: README.md, GOVFOUN-188-RESOLUTION.md, SOLUTION_SUMMARY.md - Tests: ScimGroupCleanupTest.kt - Updated settings.gradle.kts to include new package The solution works by deleting the group (which removes all SCIM mappings in Keycloak), then recreating it with the same name and members. This allows Okta to create a fresh mapping with a new externalId.
Author
|
Cursor Agent can help with this pull request. Just |
Fixed ScimGroupCleanupTest.kt to properly extend PackageTest: - Pass required 'tag' parameter to PackageTest constructor - Override logger with Utils.getLogger instead of KotlinLogging - Use client property from PackageTest instead of Atlan.getDefaultClient() - Pass configuration object to runCustomPackage instead of JSON string - Properly reference ScimGroupCleanup::main method These changes align with the package testing framework used by other packages in the samples directory.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a SCIM Group Cleanup utility to resolve stale
externalIdmappings causing Okta Push Group failures (GOVFOUN-188).This utility addresses the root cause of Okta Push Group failures by providing a mechanism to delete and recreate groups. This action clears orphaned SCIM
externalIdmappings in the Keycloak backend, allowing Okta to establish a fresh, valid mapping for the group.