ConnIdSCIM

SCIM

Owned by Francesco Chicchiriccò
Last updated: Jul 04, 2023

Overview

The SCIM connector bundle is designed to manage provisioning through the SCIM 1.1 and 2.0 specifications.

Two different connectors are actually available within this bundle:

  1. net.tirasa.connid.bundles.scim.v11.SCIMv11Connector

  2. net.tirasa.connid.bundles.scim.v2.SCIMv2Connector

Supported operations

  • Create

  • Delete

  • Update

  • Search

  • Test

  • Schema

Configuration

Configuration Properties

The following table describes all of the properties that you can specify for the configuration:

Configuration Property

Type

Required

Description

Configuration Property

Type

Required

Description

baseAddress

String

X

Base address of the SCIM REST service.
E.g. https://mydomain.com/api/scim/v1/ for 1.1 version and https://mydomain.com/api/scim/v2/ for 2.0 version

username

String

 

Username for authentication to the target RESTful service

password

GuardedString

 

Password for authentication to the target RESTful service

accept

String

X

Value for the HTTP Accept header; defaults to application/json

contentType

String

X

Value for the HTTP Content-Type header; defaults to application/json

clientId

String

 

Client id for authentication to the target RESTful service

clientSecret

String

 

Client secret for authentication to the target RESTful service

accessTokenNodeId

String

 

Field id of the JSON object node, returned from target Access Token RESTful service, that contains token value; defaults to access_token

accessTokenBaseAddress

String

 

Base address of the target RESTful service used to obtain access token

accessTokenContentType

String

 

Value for the HTTP Content-Type header for the target Access Token RESTful service; defaults to application/x-www-form-urlencoded

customAttributesJSON

String

 

SCIM Resource Schema representation in JSON format, used to specify custom attributes. See here as reference

updateMethod

String

 

Method used for updates (PATCH or PUT); defaults to PATCH for 1.1 version. Must be set to PUT for 2.0 version until the PATCH will be implemented

 

A sample value for customAttributesJSON parameter that includes some custom attributes you want the Connector to handle:

{ "id": "urn:scim:schemas:core:1.0:User", "name": "User", "description": "Core User", "schema": "urn:scim:schemas:core:1.0", "endpoint": "/Users", "attributes": [ { "name": "myCustomName", "type": "string", "multiValued": false, "description": "", "schema": "urn:scim:schemas:core:1.0", "readOnly": false, "required": false, "caseExact": false } ] }

The following, instead, is a sample for 2.0 version:

{ "id": "urn:mem:params:scim:schemas:extension:LuckyNumberExtension", "name": "LuckyNumbers", "description": "Lucky Numbers", "endpoint": "/Users", "attributes": [ { "name": "luckyNumber", "type": "integer", "multiValued": false, "description": "", "required": true, "caseExact": false, "mutability": "readWrite", "returned": "default", "uniqueness": "server" } ] }

The important parts are:

  • attributes;

  • all the name and schema property of each attribute.

Indeed, the resulting schema representation will use the same name convention used for other complex attributes, e.g.:

  • name.familyName

  • addresses.other.formatted

  • emails.work.primary

  • phoneNumbers.work.value

so in this case it will be:

  • urn:scim:schemas:core:1.0.myCustomName for version 1.1.

  • urn:mem:params:scim:schemas:extension:LuckyNumberExtension.luckyNumber for version 2.0.

To manage version 2.0 Enterprise User attributes just use the following attributes:

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.costCenter

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.displayName

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.ref

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.value

To manage version 1.1 Enterprise User attributes just use the following attributes:

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.managerId

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.displayName