Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Target System Parameters

Whenever you connect a SAP SCIM system to the CoreOne Suite you will need to specify the following parameters.

Parameter

Mandatory

Example

Description

API base url

https://scim.webapp.com

The base url of the SCIM endpoint

Login base url

https://scim.webapp.com/login

The endpoint where the authentication for the SCIM endpoint has to be performed

This URL gets called together with the Username and Password as HTTP Basic Authentication request and has to return a Bearer Token in the form of { Token: ““ }

Login username

svc_cos

The user name to be used for authentication

Login passowrdpassword

🔑 * * * * * * *

The password of the user

Disable SSL Handshake

false

If the SSL handshake can not be performed because of invalid certificates. Be very cautions with this and only disable it if really necessary.

Scim operation mode - identity

Updates done via PATCH method

Defines with which HTTP method identity updates should be sent. Currently PATCH and PUT are supported

Scim operation mode - resource

Updates done via PATCH method

Defines with which HTTP method resource updates should be sent. Currently PATCH and PUT are supported

Scim default missing values

false

If true, sets all the missing attributes on the entity sent back by the target system to the default values of their respective data types. Usually the target system sends back the whole entity with all attributes so this doesn’t need to be enabled.

Scim OAuth parameters

JSON-serizalized dictionary of parameters used when using OAuth authentication

SCIM Authentication

There are different ways to authenticate to SCIM. It depends on combination of 3 paramters Login base url, Login username, Login password, Scim OAuth parameters.

Authentication

Description

Parameters

Anonymous

No authentication header sent with the request to SCIM

All (Login base url, Login username, Login password, Scim OAuth parameters) should be empty

Basic

Basic authentication header is sent with username and password

Login base url is empty

Login username, Login password contains username and password

Scim OAuth parameters is empty

Token with Basic

Basic authentication header is sent with username and password to the Login base url

Obtained token will be send as Bearer token with request to SCIM

Login base url is contains authentication service

Login username, Login password contains username and password

Scim OAuth parameters is empty

Token with OAuth

Oauth request with parameters from Scim OAuth parameters is sent to Login base url

Obtained token is sent as Bearer token with request to SCIM

Note

As of writing this option was not used by customers so it may contain bugs - use with caution

Login base url is contains authentication service

Login username, Login password are empty

Scim OAuth parameters contains JSON-serialized dictionary of parameters that will be sent to authentication service

Context Assignment

The SCIM Connector supports the assignment context as described here. As this assignment context is not part of the standard definition in SCIM, we made use of SCIMs capability to extend the schema. Whenever an assignment is made with a context, first the assignment context transformations are applied and then they are provisioned in as the relations property.

...

The following identity functions are supported:

Function (task feature)

Supported

create/delete identities

provisioning identities 

update identities          

provisioning identity updates   

deprovision identities  

cleanup of inactive identities active

-

check password changed active

-

...

The following resource functions are supported:

Function (task feature)

Supported

create/delete resources

provision resources     

update resources         

provisioning resource changes 

deprovisioning resources         

provisioning resource allocations         

deprovisioning resource allocations     

provisioning resources-resource allocations     

-

Deprovisioning resource resource allocations   

-

...

The following cleanup functions are supported:

Function (task feature)

Supported

Is available in the expected/actual comparison log          

Clean up expected/actualIn the should-actual Log available    

Should be - Actually is - cleanup

-

Read back user account properties

-

Resource identity assignments Target system cleanup  member target system clean up

-

Resource - resource assignments Target system cleanup member target system clean up

-