...
Parameter | Mandatory | Example | Description |
|---|---|---|---|
| ✅ | https://scim.webapp.com | The base url of the SCIM endpoint |
| ❌ | https://scim.webapp.com/login | The endpoint where the authentication for the SCIM endpoint has to be performed This URL gets called together with the Username and Password as HTTP Basic Authentication request and has to return a Bearer Token in the form of { Token: ““ } |
| ❌ | svc_cos | The user name to be used for authentication |
| ❌ | 🔑 * * * * * * * | The password of the user |
| ✅ | false | If the SSL handshake can not be performed because of invalid certificates. Be very cautions with this and only disable it if really necessary. |
| ✅ | Updates done via PATCH method | Defines with which HTTP method identity updates should be sent. Currently PATCH and PUT are supported |
| ✅ | Updates done via PATCH method | Defines with which HTTP method resource updates should be sent. Currently PATCH and PUT are supported |
| ✅ | false | If true, sets all the missing attributes on the entity sent back by the target system to the default values of their respective data types. Usually the target system sends back the whole entity with all attributes so this doesn’t need to be enabled. |
Context Assignment
The SCIM Connector supports the assignment context as described here. As this assignment context is not part of the standard definition in SCIM, we made use of SCIMs capability to extend the schema. Whenever an assignment is made with a context, first the assignment context transformations are applied and then they are provisioned in as the relations property.
This is done by calling the ressource endpoint with a PATCH request. The content of the patch is shown below. As you can see, an array of members will be passed to the relations path as well as to the members path. The difference is, that the array passed to the relations path, also contains the full context. In this case the user and the ressource, whereas the later identifies the context. In this example, we patch the taxes group and add the same user twice. Once in the context of BestRun Inc. (line 29) and once in the context of ITSENSE AG (Line 34).
| Code Block |
|---|
curl --request PATCH \
--url http://your.scimapplication.com/groups/taxes\
--header 'Content-Type: application/json' \
--data '{
"Schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp",
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"Operations": [
{
"Path": "members",
"Op": "Add",
"Value": [
{
"Value": "1233443"
},
{
"Value": "1233443"
}
]
},
{
"Path": "relations",
"Op": "Add",
"Value": [
{
"User": "1233443",
"Type": "Any",
"Resource": "BestRun Inc."
},
{
"User": "1233443",
"Type": "Any",
"Resource": "ITSENSE AG"
}
]
}
]
}' |
| Info |
|---|
Note: We still pass the members path, even if the system supports the context. The regular members path should be ignored by the system. |