Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

SCIM is a standard interface to manage Users/Roles/Groups. It is based on REST. The interface is described in http://www.simplecloud.info/

CoreOne can connect to other systems using SCIM and provision there users and groups. The other system has to implement SCIM correctly - there are many small discrepencies between existing implementations. Please check below implementation details to see if your system supports SCIM.

Set up target system

Target system attribute

Description

SCIM base URL

Specification of the base URL of the SCIM API interface, incl. schema, domain and path (like https://localhost:44319/scim)

SCIM login URL

Specification of the URL for token endpoint (username and password is only supported authentication method for now).

CoreOne uses the token to authenticate in SCIM endpoint

SCIM login username

Username to be used for login

SCIM login password

Password to be used for login

Disable SSL handshake

Checkbox → if selected, the SSL certificate check is skipped, e.g. if no valid certificate is available. Should be avoided in principle

Operations

Below you can find what are exact requests that CoreOne will make to other SCIM system. Please check if your system supports them.

Let’s assume we provision some standard attributes:

  • userName,

  • name.givenName,

  • name.familyName,

  • emails.value

SCIM allows for multivalue attributes - like email but it is not supported by CoreOne for now.

Create user

URL

/scim/users

HTTP Verb

POST

Body

{
  "userName":"John Novak",
  "name":  {
    "givenName":"John",
    "familyName":"Novak"
    },
  "emails":[{
    "value":"john.novak@swiss.ch",
    "primary":true
  }]
}

Remarks

As you can see the primary subattribute was added. CoreOne does not support multivalue and will only work with primary values.

In response CoreOne should get the newly created user data. The only attribute that it needs is id that will be written in CoreOne database.

Update user

  • URL /scim/users/{id} PATCH

Select users

  • URL /scim/users GET

Select user

  • URL /scim/users/{id} GET

  • (filter and attributes needs to be supported)

Delete user

  • URL /scim/users/{id} DELETE

Create group

  • URL /scim/groups POST

Assign Member

  • URL /scim/groups/{id} PATCH

Remove Member

  • URL /scim/groups/{id} PATCH

(core one assumes there is .groups property)


  • No labels