Projects‎ > ‎

SCIM Provider

Overview

Provide a "Server Tier" interface that would enable OpenPTK to become a Simple Cloud Identity Management (SCIM) 1.0 compliant Service Provider / Server.  This implementation of the SCIM 1.0 specification should implement the following OpenPTK Operations:
  • Create
  • Read
  • Update
  • Delete
  • Search

Reference

Projects

Issues


Requirements

Service Provider Information "well known" URL : "/ServiceProviderInfo"
This is the meta-data access point … clients discover server's capabilities
This appears to be a "root" url requirement.
Would probably have to develop a simple "class" to support this
Have it configured in "web.xml" to listen on /ServiceProviderInfo

resource end-point names: /Users and /{version)/Users
Use "alias" feature to map this pattern to a "contexts/{context}/subjects" url

mime type declaration via "suffix"

schemas: User and Group

Authentication
spec says … need to support "it" … recommend OAuth, will support Basic

SCIM 1.0 Specification

Data Types

The SCIM interface supports different ways to represent data.  A SCIM attribute can use sub-attribute to group together "like" attributes.  OpenPTK does not support this type of data format (complex attribute).  An attribute with sub-attributes will need to transformed to a single-level attribute.  The table below summarizes the different attribute types/formats

Supported Data Types:
  • String
  • Boolean
  • Decimal
  • Integer
  • DateTime
  • Binary
  • Complex

 Name Description JSON Example XML Example
 Single
Only one level and has zero or one value{
  "userName":"jdoe"
}
<userName>bjensen@example.com</userName> 
 MultiOnly one level with multiple values.  The values are elements of an array.

Elements of the array can be just values or other object types.
{
   "emails" : [ "jdoe@work.org", "john@work.net" ]
}
-or-
{
   "emails" : [
      { "value" : "jdoe@work.org"  },
      { "value" : "john#home.net" }
   ]
}
-or-
{

   "emails" : [
      { "value" : "jdoe@work.org", 
        "type" : "work",
        "primary" : true
      },

      { "value" : "john@home.net",
        "type" : "home"
      }

   ]
}
<emails>
   <email>jdoe@work.org</email>
   <email>john@work.net</email>
</emails>

-or-
<emails>
   <email>
      <value>
jdoe@work.org</value>
      <type>work</type>
      <primary>true</primary>
   </email>
   <email>
      <value>
john@home.net</value>
      <type>home</type>
   </email>
</emails>
 ComplexContains one or more sub-attributes.
The sub-attributes are typically Single types
"name": {
   "formatted": "Mr. John Doe Sr.",
   "familyName": "Doe",
   "givenName": "John",
   "middleName": "Henry",
   "honorificPrefix": "Mr.",
   "honorificSuffix": "Sr."
}
<name>
   <formatted>
Mr. John Doe Sr.</formatted>
   <familyName>Doe</familyName>
   <givenName>John</givenName>
   <middleName>Henry</middleName>
   <honorificPrefix>Mr.</honorificPrefix>
   <honorificSuffix>Sr.</honorificSuffix>
</name>


Schema::Core
SCIM Core schema: these attributes MUST be include with the other schemas

 Name: id
 Type: single 
 Description: Unique identifier for the SCIM Resource as defined by the Service Provider 
 JSON Example:{
   "id":"2819c223-7f76-453a-919d-413861904646"
} 
 XML Example:<id>2819c223-7f76-453a-919d-413861904646</id> 

 Name: externalId 
 Type: single 
 Description: Unique identifier for the Resource as defined by the Service Consumer
 JSON Example:{
   "exernalId" : "701984"
} 
 XML Example:<externalId>701984</externalId>

 Name: meta 
 Type: complex single 
 Description:A complex attribute containing resource metadata. All sub-attributes are OPTIONAL:
  • created
  • lastModified
  • location
  • version
  • attributes
 JSON Example:{
"meta" : {
  "created" : "2010-01-23T04:56:22Z",
  "lastModified" : "2011-05-13T04:42:34Z"
   }

}
 XML Example:<meta>
   <created>2010-01-23T04:56:22Z</created>
   <lastModified>2011-05-13T04:42:34Z</lastModified>
</meta>

Schema::User


 Name: userName
 Type: single
 Description:Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Often displayed to the user as their unique identifier within the system (as opposed to id or externalId, which are generally opaque and not user-friendly identifiers). Each User MUST include a non-empty userName value. This identifier MUST be unique across the Service Consumer's entire set of Users. It MUST be a stable ID that does not change when the same User is returned in subsequent requests. REQUIRED 
 JSON Example:{
   "userName":"jdoe"
}
 XML Example:<userName>jdoe</userName>


 Name: name
 Type: complex single 
 Description:The components of the User's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.
  • formatted
  • familyName
  • givenName
  • middleName
  • honorifixPrefix
  • honorifixSuffix
 JSON Example:{
"name": {
 "formatted": "Ms. Barbara J Jensen III",
 "familyName": "Jensen",
 "givenName": "Barbara",
 "middleName": "Jane",
 "honorificPrefix": "Ms.",
 "honorificSuffix": "III"
 }
}
 XML Example:<name>
 <formatted>Ms. Babs J Jensen III</formatted>
 <familyName>Jensen</familyName>
 <givenName>Barbara</givenName>
 <middleName>Jane</middleName>
 <honorificPrefix>Ms.</honorificPrefix>
 <honorificSuffix>III</honorificSuffix>
</name>

 Name: displayName
 Type: single 
 Description:The name of the User, suitable for display to end-users. Each User returned MAY include a non-empty displayName value. The name SHOULD be the full name of the User being described if known (e.g. Babs Jensen or Ms. Barbara J Jensen, III), but MAY be a username or handle, if that is all that is available (e.g. bjensen). The value provided SHOULD be the primary textual label by which this User is normally displayed by the Service Provider when presenting it to end-users.
 JSON Example:{
   "displayName" : "John R Doe"
}
 XML Example:<displayName>John R Doe</displayName>

 Name: nickName
 Type: single 
 Description:The casual way to address the user in real life, e.g. "Bob" or "Bobby" instead of "Robert". This attribute SHOULD NOT be used to represent a User's username (e.g. bjensen or mpepperidge).
 JSON Example:{
   "nickName" : "Johnny"
}
 XML Example:<nickName>Johnny</nickName>

 Name: profileUrl
 Type: single 
 Description:A fully qualified URL to a page representing the User's online profile.
 JSON Example:{
   "profileUrl" : "http://profiles.net/jdoe"
}
 XML Example:<profileUrl>http://profiles.net/jdoe</profileUrl>

 Name: title
 Type: single 
 Description:The user’s title, such as “Vice President.”
 JSON Example:{
   "title" : "Manager"
}
 XML Example:<title>Manager</title>

 Name: userType
 Type: single 
 Description:Used to identify the organization to user relationship. Typical values used might be "Contractor", "Employee", "Intern", "Temp", "External", and "Unknown" but any value may be used.
 JSON Example:{
   "userType" : "Employee"
}
 XML Example:<userType>Employee</userType>

 Name: preferredLanguage
 Type: single 
 Description:Indicates the User's preferred written or spoken language. Generally used for selecting a localized User interface. Valid values are concatenation of the ISO 639-1 two letter language code, an underscore, and the ISO 3166-1 2 letter country code; e.g., 'en_US' specifies the language English and country US.
 JSON Example:{ "preferredLanguage":"en_US" }
 XML Example:<preferredLanguage>en_US</preferredLanguage>

 Name: locale
 Type: single 
 Description:Used to indicate the User's default location for purposes of localizing items such as currency, date time format, numerical representations, etc. A locale value is a concatenation of theISO 639-1 two letter language code, an underscore, and the ISO 3166-1 2 letter country code; e.g., 'en_US' specifies the language English and country US.
 JSON Example:{
  "locale":"en_US"
}
 XML Example:<locale>en_US</locale>

 Name: timezone
 Type: single 
 Description:The User's time zone in the "Olson" timezone database format; e.g.,'America/Los_Angeles'.
 JSON Example:{
"timezone": "America/Chicago"
}
 XML Example:<timezone>America/Chicago</timezone>

 Name: active
 Type: single 
 Description:A Boolean value indicating the User's administrative status. The definitive meaning of this attribute is determined by the Service Provider though a value of true infers the User is, for example, able to login while a value of false implies the User's account has been suspended.
 JSON Example:{
"active":true
}
 XML Example:<active>true</active>

 Name: password
 Type: single 
 Description:The User's clear text password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. No accepted standards exist to convey password policies, hence Consumers should expect Service Providers to reject password values. This value MUST never be returned by a Service Provider in any form.
 JSON Example:{
"password":"t1meMa$heen"
}
 XML Example:<password>t1meMa$heen</password>


 Name: VALUE
 Type: single 
 Description:
 JSON Example:
 XML Example: