Versions Compared

Old Version 1

changes.mady.by.user Francesco Chicchiriccò

Saved on

compared with

New Version Current

changes.mady.by.user Andrea Patricelli

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following table describes all of the properties that you can specify for the configuration:

Configuration Property

Type

Required

Description

Code Block
baseAddress

String

X

Base address of the SCIM REST service.
E.g. https://mydomain.com/api/scim/v1/ for 1.1 version and https://mydomain.com/api/scim/v2/ for 2.0 version

Code Block
username

String

Username for authentication to the target RESTful service

Code Block
password

GuardedString

Password for authentication to the target RESTful service

Code Block
accept

String

X

Value for the HTTP Accept header; defaults to application/json

Code Block
contentType

String

X

Value for the HTTP Content-Type header; defaults to application/json

Code Block
clientId

String

Client id for authentication to the target RESTful service

Code Block
clientSecret

String

Client secret for authentication to the target RESTful service

Code Block
bearerToken

String

Bearer Token for authentication to the target SCIM service

Code Block
accessTokenNodeId

String

Field id of the JSON object node, returned from target Access Token RESTful service, that contains token value; defaults to access_token

Code Block
accessTokenAccept

String

Value for the HTTP Accept header for the Access Token request; defaults to application/json

Code Block
accessTokenBaseAddress

String

Base address of the target RESTful service used to obtain access token

Code Block
accessTokenContentType

String

Value for the HTTP Content-Type header for the target Access Token RESTful service; defaults to application/x-www-form-urlencoded

Code Block
customAttributesJSON

String

SCIM Resource Schema representation in JSON format, used to specify custom attributes. See here as reference

Code Block
updateMethod
updateUserMethod

String

Method used for updates on Users (PATCH or PUT); defaults to PUTexplicitGroupAddOnCreate.

Code Block
updateGroupMethod

String

Method used for updates on Groups (PATCH or PUT); defaults to PATCH

Code Block
scimProvider

String

Defines the SCIM server implementation to which the connector is connecting to. Default value is STANDARD.

Admitted values are: AWS, WSO2, SALESFORCE, STANDARD

This information is needed since some providers implementations like Salesforce or AWS differ a bit from the current SCIM standard exposed in RFC-7643 and RFC-7644

Code Block
manageComplexEntitlements

Boolean

Whether to manage entitlements other than the default one (SCIM v1.1 only supports the default entitlement)

Code Block
explicitGroupAddOnCreate

Boolean

Whether to perform an additional update on group after user create to add the user.

Code Block
genericComplexType

String

Some provider don't store information about the type of the complex attributes, is possible to define a default one

Code Block
addressesType

String

Some provider don't store information about the type of the addresses attribute, is possible to define a default one.

Code Block
replaceMembersOnUpdate

Boolean

Whether to replace all group members on update

Code Block
proxyServerType

String

Specifies the type of the proxy server to use (if any) to access to the SCIM server, allowed values are HTTP and SOCKS

Code Block
proxyServerHost

String

Specifies proxy host to connect to reach SCIM server

Code Block
proxyServerPort

Integer

Specifies proxy port to connect to reach SCIM server

Code Block
proxyServerUser

String

Specifies username to authenticate on proxy (optional, only Basic auth is supported)

Code Block
proxyServerPassword

String

Specifies password to authenticate on proxy

Code Block
followHttpRedirects

Boolean

Specifies whether the HTTP client should follow or not HTTP redirects like the “302 Found”

A sample value for customAttributesJSON parameter that includes some custom attributes you want the Connector to handle:

Code Block
languagejson
{
  "id": "urn:scim:schemas:core:1.0:User",
  "name": "User",
  "description": "Core User",
  "schema": "urn:scim:schemas:core:1.0",
  "endpoint": "/Users",
  "attributes": [
    {
      "name": "myCustomName",
      "type": "string",
      "multiValued": false,
      "description": "",
      "schema": "urn:scim:schemas:core:1.0",
      "readOnly": false,
      "required": false,
      "caseExact": false
    }
  ]
}

The following, instead, is a sample for 2.0 version:

Code Block
languagejson
{
  "id": "urn:mem:params:scim:schemas:extension:LuckyNumberExtension",
  "name": "LuckyNumbers",
  "description": "Lucky Numbers",
  "endpoint": "/Users",
  "attributes": [
    {
      "name": "luckyNumber",
      "type": "integer",
      "multiValued": false,
      "description": "",
      "required": true,
      "caseExact": false,
      "mutability": "readWrite",
      "returned": "default",
      "uniqueness": "server"
    }
  ]
}

The important parts are:

  • attributes;

  • all the name and schema property of each attribute.

Indeed, the resulting schema representation will use the same name convention used for other complex attributes, e.g.:

  • name.familyName

  • addresses.other.formatted

  • emails.work.primary

  • phoneNumbers.work.value

so in this case it will be:

  • urn:scim:schemas:core:1.0.myCustomName for version 1.1.

  • urn:mem:params:scim:schemas:extension:LuckyNumberExtension.luckyNumber for version 2.0.

To manage version 2.0 Enterprise User attributes just use the following attributes:

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.costCenter

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.displayName

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.ref

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.value

To manage version 1.1 Enterprise User attributes just use the following attributes:

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.managerId

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.displayName

Important notes

About AWS there are some limitations described here on SCIM v2 API: they affect the current behavior of the connector, especially these 2 features are not available:

  • Group removal on update. If user has grp1 and grp2 and you remove grp2 and add grp3, useris going to have grp1, grp2 and grp3, i.e. grp2 is not going to be removed.

  • Group synchronization is not possible.

This because groups are not returned in the user result and there is no way to get group ids by user.