@Test
  public void createUserInOtherZoneWithUaaAdminTokenFromNonDefaultZone() throws Exception {
    IdentityZone identityZone = getIdentityZone();

    String authorities = "uaa.admin";
    clientDetails =
        utils()
            .createClient(
                this.getMockMvc(),
                uaaAdminToken,
                "testClientId",
                "testClientSecret",
                null,
                null,
                Collections.singletonList("client_credentials"),
                authorities,
                null,
                identityZone);
    String uaaAdminTokenFromOtherZone =
        testClient.getClientCredentialsOAuthAccessToken(
            "testClientId", "testClientSecret", "uaa.admin", identityZone.getSubdomain());

    byte[] requestBody = JsonUtils.writeValueAsBytes(getScimUser());
    MockHttpServletRequestBuilder post =
        post("/Users")
            .header("Authorization", "Bearer " + uaaAdminTokenFromOtherZone)
            .contentType(APPLICATION_JSON)
            .content(requestBody);
    post.with(new SetServerNameRequestPostProcessor(identityZone.getSubdomain() + ".localhost"));
    post.header(IdentityZoneSwitchingFilter.HEADER, IdentityZone.getUaa().getId());

    getMockMvc().perform(post).andExpect(status().isForbidden());
  }
  private ResultActions createUserAndReturnResult(
      ScimUser user, String token, String subdomain, String switchZone) throws Exception {
    byte[] requestBody = JsonUtils.writeValueAsBytes(user);
    MockHttpServletRequestBuilder post =
        post("/Users")
            .header("Authorization", "Bearer " + token)
            .contentType(APPLICATION_JSON)
            .content(requestBody);
    if (subdomain != null && !subdomain.equals(""))
      post.with(new SetServerNameRequestPostProcessor(subdomain + ".localhost"));
    if (switchZone != null) post.header(IdentityZoneSwitchingFilter.HEADER, switchZone);

    return getMockMvc().perform(post);
  }