Overview

Configuration

The following documents are required with the specified configurations

Service Provider Configuration

This file contains a JSON schema that describes the SCIM SCIM Resource Operations Compliance, Authentication Methods, and data models available for a SCIM Service Provider.

Sample Service Provider Configuration

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
  ],
  "documentationUri": "https://www.sath.com/idhub/documentation",
  "patch": {
    "supported": false
  },
  "bulk": {
    "supported": false,
    "maxOperations": 0,
    "maxPayloadSize": 0
  },
  "filter": {
    "supported": false,
    "maxResults": 0
  },
  "changePassword": {
    "supported": false
  },
  "sort": {
    "supported": false
  },
  "etag": {
    "supported": false
  },
  "authenticationSchemes": [
    {
      "name": "OAuth Bearer Token",
      "description": "Authentication scheme using the OAuth Bearer Token Standard",
      "specUri": "http://www.rfc-editor.org/info/rfc6750",
      "documentationUri": "no documentation",
      "type": "oauthbearertoken",
      "primary": true
    },
    {
      "name": "HTTP Basic",
      "description": "Authentication scheme using the HTTP Basic Standard",
      "specUri": "http://www.rfc-editor.org/info/rfc2617",
      "documentationUri": "no documentation",
      "type": "httpbasic"
    }
  ],
  "meta": {
    "location": "scim/v2/ServiceProviderConfig",
    "resourceType": "ServiceProviderConfig",
    "created": "2019-09-03T00:00:00Z",
    "lastModified": "2019-09-03T00:00:00Z",
    "version": "W\/\"3694e05e9dff594\""
  }
}
JS

Resource Schema Configuration

This file contains the list of schemas corresponding to each of the resource types. In IDHUB, there are two types of resources - Account and Entitlement. The sample schema for account resource for a database connector is given below

Resource Schema Configuration

{
  "id": "urn:sath:params:scim:schemas:core:1.0:Account",
  "name": "Account",
  "description": "User Account",
  "attributes": [
    {
      "name": "Fname",
      "type": "string",
      "required": true
    },
    {
      "name": "Lname",
      "type": "string",
      "required": true
    },
    {
      "name": "username",
      "type": "string",
      "required": true
    },
    {
      "name": "displayName",
      "type": "string",
      "required": false
    },
    {
      "name": "emails",
      "type": "string",
      "required": true
    },
    {
      "name": "phones",
      "type": "string",
      "required": true
    }
  ],
  "meta": {
    "resourceType": "Schema",
    "location": "/v2/Schemas/urn:sath:params:scim:schemas:core:1.0:Account"
  },
  "schemas": "urn:sath:params:scim:schemas:core:1.0:Account",
  "matching-attributes": [
    "username",
    "email"
  ],
  "attribute-map": {
   "displayName": {
      "type": "string",
      "attribute": "displayName"
    },
    "name": {
      "type": "string",
      "attribute": "displayName"
    },
    "username": {
      "attribute": "username",
      "type": "string"
    },
    "email": {
      "type": "string",
      "query": ".emails"
    },
    "phone": {
      "attribute": "phones",
      "type": "string"
    },
    "title": {
      "attribute": "title",
      "type": "string"
    },
    "department": {
      "attribute": "department",
      "type": "string"
    },
    "userType": {
      "attribute": "userType",
      "type": "string"
    },
    "organization": {
      "attribute": "organization",
      "type": "string"
    },
    "employeeNumber": {
      "attribute": "employeeNumber",
      "type": "string"
    },
    "manager": {
      "attribute": "manager",
      "type": "string"
    }
  },
  "scripts": {
    "insert": ["INSERT INTO usr (phone,email,username) VALUES('${phone}','${email}','${username}') "],
    "update": ["UPDATE usr set phone='${phone}',email='${email}'"],
    "delete": ["DELETE FROM usr"],
    "select": ["SELECT * FROM usr"],
    "mappingToExistingToResponse": [
      {
        "id": "${username}",
        "externalId": "${username}",
        "username": "${username}",
        "givenName": "${username}",
        "displayName": "${username}",
        "name": "${username}",
        "email": "${email}",
        "userType": "${username}",
        "title": "${username}",
        "department": "${username}",
        "organization": "${username}",
        "phone": "${phone}",
        "employeeNumber": "${username}"
      }
    ]
  },
  "configs": {
    "tableName": "usr",
    "uniqueKey":"username"
  }
}
JS

Implementation

The following methods of the target system connector interface defined in the connector SPI needs to be implemented for Account and Entitlement resources

Create Resource

public String postResource(String resourceName, String resourceInstance) {
    connect to the database
    get the script for creating the account from the configuration files
    return the object created in the database after converting it to match with IDHub schema
}
JAVA


Update Resource

public String patchResource(String resourceName, String resourceInstance, String id){
	connect to the database by using the connection information from the configuration files
	retrieve the resource from the database with the id using the search script in the configuration files
	convert the JSON object in the request body to the target system schema using the configuration files
	update the JSON object retrieved from database with the JSON object in the reequest body - additional attributes must be added and existing attributes must be updated
	replace the resource in the database with the newly created JSON object with the update script from the configuration file
}
JAVA

Replace Resource

public String putResource(String resourceName, String resourceInstance, String id) {
	connect to the database by using the connection information from the configuration files
	replace the resource in the target system with the given id with the object in the request body by using the update script in the configuration files
}
JAVA

Delete Resource
 

public String deleteResource(String resourceName, String id) {
	connect to the database by using the connection information from the configuration files
	delete the resource in the target system with the given id by using the delete script in the configuration file
}
JAVA

Get Resource
 

public String getResourceById(String resourceName, String id) {
	connect to the database by using the connection information from the configuration files
	get the resource instance matching the resource name and id by using the search script
	return a JSON object conatining the resource instance
}
JAVA

Search Resource
 

public String searchResource(String resourceName, String filters) {
	if the filter parameter is empty
		return all the instances of the given resource types are returned
	return the list of resource objects matching the filter
}
JAVA

Get Schema
 

public String getSchema() {
	return a JSON object with the schema definition from the configration files
}
JAVA