Confluence Account
Overview
Account resource in IDHub maps to User in Confluence. If the User Account is a member of a Group, the corresponding Group is shown in the Groups array along with the details of the User Account when the corresponding REST API is called. To fetch the different spaces that the user can view, all spaces in Confluence Cloud domain needs to be fetched and the space which has “read space” permission for the user is accessible by the User Account.
After creating a directory in the Confluence Admin account for a specific domain, the provisioning APIs for the User Resource can be called using the directoryId.
Account Resource Schema Configuration
Resource Type
The Resource Type for Account is :
{
"schemas" : [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id" : "Account",
"name" : "Account",
"description" : "This resource creates/modifies/deletes accounts in Confluence and returns your query to you in some form depending on the normal format of the endpoint (Resource or ListResponse).",
"endpoint" : "Accounts",
"schema" : "urn:sath:params:scim:api:confluence:1.0:Account"
}
User Schema
To fetch User resource schema from SCIM provider, call https://api.atlassian.com/scim/directory/{directoryId}/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
API with Authorization and Accept request header. The response of the API is shown under the heading Confluence User Schema. The schema of the IDHub Account is as shown :
Note : All resource body for the User Provisioning APIs should be in the format of Confluence User Schema to avoid BadRequestException
Confluence User Schema | IDHub Account Schema |
---|---|
CODE
|
CODE
|
Sample User
A sample User created in Confluence is given below
{
"schemas": [
"urn:scim:schemas:extension:atlassian-external:1.0",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:scim:schemas:extension:atlassian-external:1.0": {
"atlassianAccountId": "607d3d5ef74b3f006a03a61g"
},
"id": "ff2862db-864d-48db-93a4-162e2427ee7b",
"userName": "Jerome",
"name": {
"formatted": "Jerome A.",
"familyName": "Andrews",
"givenName": "Jerome"
},
"displayName": "Jerome",
"active": true,
"emails": [
{
"type": "WORK",
"value": "jerome@example.com",
"primary": true
}
],
"groups": [
{
"display": "Developers Group",
"type": "Group",
"value": "d84adcec-0818-4852-aad3-cbe79a614e1c",
"$ref": "https://api.atlassian.com/scim/directory/{groupId}/Groups/{directoryId}"
}
],
"meta": {
"created": "2021-06-14T13:54:45.689667Z",
"location": "https://api.atlassian.com/scim/directory/{directoryId}/Users/{userId}",
"lastModified": "2021-06-14T13:54:45.689667Z",
"resourceType": "User"
}
}
Group Membership Schema
The schema of a GroupMembership object to add accounts as group members is shown :
"Operations":[
{
"op":"add",
"path":"members",
"value":[
{
"value":"c6993c94-dbda-40f1-b6f0-18c855522ade",
"display":"dave.meyer@demotime.authteam.com"
},
{
"value":"f0ae48f7-1466-445e-85ea-e83ef754aefd",
"display":"lingbo.lu@demotime.authteam.com"
},
{
"value":"432d6f10-2e28-454e-be99-0f8c732a046f",
"display":"joanna@demotime.authteam.com"
}
]
}
]
Space Permission Schema
The following combinations of operation.key
and operation.target
values are valid for the operation
object:
'create': 'page', 'blogpost', 'comment', 'attachment'
'read': 'space'
'delete': 'page', 'blogpost', 'comment', 'attachment', 'space'
'export': 'space'
'administer': 'space'
'archive': 'page'
'restrict_content': 'space'
The schema of a SpacePermission object to add spaces with permissions to an account is shown :
{
"subject": {
"type": "user",
"identifier": "<accountId>"
},
"operation": {
"key": "read",
"target": "space"
}
}
Implementation
The following methods of the target system connector interface defined in the connector SPI needs to be implemented for Account resource.
Get Schema
CODE
|
Get Resource Type
CODE
|
Get SCIM Resource Service Information
CODE
|
Get Health
CODE
|
Create Resource
CODE
|
Get Resource
CODE
|
Replace Resource
Note : The observations made while performing update operation are :
If no primary email is sent in the request body, Bad Request exception is thrown.
If the same primary email is sent in the request body, no change is reflected.
If different primary email is sent in the request body, all changes are reflected.
The alternative approach is :
If primary email of the payload is same as current primary email of the user account, then call
patchResource(String, PatchOp)
method with appropriate parameters desired in the final accountIf primary email of the payload is different from the current primary email of the user account, then call the update API with the given payload.
CODE
|
Update Resource
CODE
|
Delete Resource
CODE
|
Search Resource
CODE
|