Attributes Common Across All Three Resource Types
From SCIM Core Schema (RFC 7643)
id
A unique identifier for a SCIM resource as defined by the service provider. Each representation of the resource MUST include a non-empty "id" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non-reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the "id" attribute is always issued by the service provider and MUST NOT be specified by the client. The string "bulkId" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are "caseExact" as "true", a mutability of "readOnly", and a "returned" characteristic of "always". See Section 9 for additional considerations regarding privacy.
externalId
A String that is an identifier for the resource as defined by the provisioning client. The "externalId" may simplify identification of a resource between the provisioning client and the service provider by allowing the client to use a filter to locate the resource with an identifier from the provisioning domain, obviating the need to store a local mapping between the provisioning domain's identifier of the resource and the identifier used by the service provider. Each resource MAY include a non-empty "externalId" value. The value of the "externalId" attribute is always issued by the provisioning client and MUST NOT be specified by the service provider. The service provider MUST always interpret the externalId as scoped to the provisioning domain. While the server does not enforce uniqueness, it is assumed that the value's uniqueness is controlled by the client setting the value.
RFC 7644 SCIM Protocol: Section 3.4.2.5. Attributes
The following attributes control which attributes SHALL be returned with a returned resource. SCIM clients MAY use one of these two OPTIONAL parameters, which MUST be supported by SCIM service providers:
attributes
A multi-valued list of strings indicating the names of resource attributes to return in the response, overriding the set of attributes that would be returned by default. Attribute names MUST be in standard attribute notation (Section 3.10) form. See Section 3.9 for additional retrieval query parameters.
excludedAttributes
A multi-valued list of strings indicating the names of resource attributes to be removed from the default set of attributes to return. This parameter SHALL have no effect on attributes whose schema "returned" setting is "always" (see Sections 2.2 and 7 of [RFC7643]). Attribute names MUST be in standard attribute notation (Section 3.10) form. See Section 3.9 for additional retrieval query parameters.
Attributes Specific to SCIM Users (RFC 7643)
4.1.1. Singular Attributes
4.1.2. Multi-Valued Attributes
Attributes Specific to SCIM Groups (RFC 7643)
4.2. "Group" Resource Schema
testbed.tier.internet2.edu/secure as System of Record
| |
---|---|
| “Right now we capture: givenName, surname, initials (which I label as “middle name”, mail, cn, uid, eppn, and displayName.” Here’s the mapping from your attributes to their SCIM User Schema representation: givenName, surname, initials (middleName), displayName (formatted name), uid, and eppn:
"uid": "userName":"bjensen", "name": {"formatted":"Ms. Barbara J Jensen III" "familyName":"Jensen", "givenName":"Barbara" "middleName": "Jane" "displayName": "Babs Jensen" }, mail: "emails":[ {"value":"bjensen@example.com"} eppn: "externalId":"bjensen", So, the JSON-formatted body of the POST would look like this: {"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "userName":"bjensen", "externalId":"bjensen", "name": { "formatted":"Ms. Barbara J Jensen III" "familyName":"Jensen", "givenName":"Barbara", "middleName": "Jane", "displayName": "Babs Jensen"}, "emails":[ {"value":"bjensen@example.com"} } --Keith | |
From: Jim Jokl <jaj@virginia.edu> Looks simple enough. Right now we capture: givenName, surname, initials (which I label as “middle name”, mail, cn, uid, eppn, and displayName. I overload “description” and use it to hold the creator’s real home institution eppn – so you can’t have that – but I’m happy to add whatever else might be useful. I use the home site EPPN for access control (i.e., you can only edit your own records) I also have a password available or you can simply use Kerberos. I don’t store passwords in LDAP but could do that if you need it for some reason. Jim
| |
From: Keith Hazelton [mailto:keith.hazelton@wisc.edu] Sent: Friday, July 1, 2016 4:40 PM To: Jokl, James A. (Jim) (jaj) <jaj@virginia.edu> Subject: Re: API Call Let’s start with this example straight out of the SCIM Protocol RFC. Remind me what attributes you will have to pass along and I’ll add elements to the request body to represent them Let me know if you have any questions. –Keith
| |
RFC 7644 SCIM Protocol Specification September 2015 ... When the service provider successfully creates the new resource, an HTTP response SHALL be returned with HTTP status code 201 (Created). The response body SHOULD contain the service provider's representation of the newly created resource. The URI of the created resource SHALL include, in the HTTP "Location" header and the HTTP body, a JSON representation [RFC7159] with the attribute "meta.location". Since the server is free to alter and/or ignore POSTed content, returning the full representation can be useful to the client, enabling it to correlate the client's and server's views of the new resource. In the following example, a client sends a POST request containing a "User" to the "/Users" endpoint. POST /Users HTTP/1.1 Host: example.com Accept: application/scim+json Content-Type: application/scim+json Authorization: Bearer h480djs93hd8 Content-Length: ... { "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "userName":"bjensen", "externalId":"bjensen", "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", "givenName":"Barbara" } } In response to the example request above, the server signals a successful creation with an HTTP status code 201 (Created) and returns a representation of the resource created: HTTP/1.1 201 Created Content-Type: application/scim+json Location: https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646 ETag: W/"e180ee84f0671b1" { "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"bjensen", "meta":{ "resourceType":"User", "created":"2011-08-01T21:32:44.882Z", "lastModified":"2011-08-01T21:32:44.882Z", "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646", "version":"W\/\"e180ee84f0671b1\"" }, "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", "givenName":"Barbara" }, "userName":"bjensen" } |