Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version 13

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

However the reality in the industry is that organizations have their own attributes defined for the users. These attributes are already there in their LDAP schemas. Therefore, SCIM should be extensible enough to cope with these custom attributes of the users.

WSO2 Identity Server allows users to define their own user schema in a configuration file ([IS-HOME]/repository/conf/scim-schema-extension.config). Then these configured schema are used while creating, validating user objects. With this, the users can pass their custom attributes of users over SCIM for Identity Management requirements. The implementation is adhering to the Schema Extension Model. Given below is a sample extended user object with the default schema configuration.

...

  1. Locate the provisioning-config.xml file in the path [IS-HOME]/repository/conf/identity/provisioning-config.xml.

  2. Open the file and locate the "user-schema-extension-enabled" property and set it to true.

    Code Block
    <Property name=”user-schema-extension-enabled”>true</Property>

  3. Locate the scim-schema-extension.config in the path [IS-HOME]/repository/conf/identity/ and add "'somefield" ' attribute. 

    Code Block
    {
"attributeURI":"urn:scim:schemas:extension:wso2:1.0:wso2Extension.somefield",
"attributeName":"somefield",
"dataType":"string",
"multiValued":"false",
"multiValuedAttributeChildName":"null",
"description":"The uid of the user",
"schemaURI":"urn:scim:schemas:extension:wso2:1.0",
"readOnly":"false",
"required":"false",
"caseExact":"false",
"subAttributes":"null"
},
    Note

    Make sure that the 'somefield' attribute is added as the penultimate one, that is just before "'wso2extension" ' attribute.

  4. Add "'somefield" as ' as a sub attribute of "'wso2extension"'.

    Code Block
    "subAttributes":"employeeNumber costCenter organization division department manager somefield"
  5. Save the file and restart the server.

...

  1. Log into the Management Console.
  2. Under Main tab, click Add under Claims
  3. Click Add External Claim.
  4. Select urn:scim:schemas:core:1.0 as the Dialect URI, give urn:scim:schemas:extension:wso2:1.0:wso2Extension.somefield as External Claim URI and select http://wso2.org/claims/organization for Mapped Local Claim and click Add.


    Now added claim mapping will be visible under Available Claims for urn:scim:schemas:core:1.0 section.

Similarly, map a claim for another attribute. Now the server is up and running with the new extended user schema. The claim mappings can map the SCIM user attributes to the LDAP user attributes.

...

The following is the cURL command to add a user with 'somefield' attribute:

Code Block
curl -v -k --user admin:admin --data '{"schemas":[],"userName":"ShirazAzad","password":"Wso2@1234","wso2Extension":{"somefield":"wso2Org","employeeNumber":"01234"}}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

...