This section provides instructions on how to configure the SCIM 2.0 connector with WSO2 Identity Server for identity provisioning.
...
Deploy SCIM 2.0 connector with IS
Tip |
---|
Note: SCIM 2.0 is supported by default in WSO2 Identity Server version 5.5.0. If you are using WSO2 Identity Server 5.5.0 or a later version, see SCIM 2.0 REST APIs for instructions on how to use SCIM 2.0 OOTB. |
The below instructions provide a step-by-step approach to deploy SCIM 2.0 connector with WSO2 Identity Server:
- Download the latest version of WSO2 Identity Server (IS) from here and extract it to a folder. Extracted folder will hereafter be referred to as <IS_HOME>.
Download the SCIM 2.0 connector artifacts for WSO2 Identity Server from here.
Expand title Expand to see what the SCIM 2.0 connector artifacts pack includes charon-config.xml
claim-config-diff.txt
org.wso2.carbon.identity.scim2.common-1.1.1.jar
org.wso2.charon3.core-3.0.7.jar
README
scim2-schema-extension.config
scim2.war
- From the downloaded artifacts, place the
org.wso2.charon.core-3.0.7.jar
file in the<IS_HOME>/repository/components/lib
folder. - Place the
org.wso2.carbon.identity.scim2.common-1.1.1.jar
file in the<IS_HOME>/repository/components/dropins
folder. - Place the
scim2.war
in the<IS_HOME>/repository/deployment/server/webapps
folder. - Place the
charon-config.xml
in the<IS_HOME>/repository/conf/identity
folder. - Place the
scim2-schema-extension.config
file in the<IS_HOME>/repository/conf
folder. Append the following entries to the
<ResourceAccessControl></ResourceAccessControl>
element of theidentity.xml
file found in the<IS_HOME>/repository/conf/identity
folder.Code Block <Resource context="(.*)/scim2/Users" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions> </Resource> <Resource context="(.*)/scim2/Users" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/usermgt/list</Permissions> </Resource> <Resource context="(.*)/scim2/Groups" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions> </Resource> <Resource context="(.*)/scim2/Groups" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT"> <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH"> <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT"> <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH"> <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="GET"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="PUT"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions> </Resource> <Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all"> <Permissions></Permissions> </Resource> <Resource context="/scim2/ResourceType" secured="false" http-method="all"> <Permissions></Permissions> </Resource> <Resource context="/scim2/Bulk" secured="true" http-method="all"> <Permissions>/permission/admin/manage/identity/usermgt</Permissions> </Resource> <Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all"> <Permissions>/permission/admin/manage/identity/applicationmgt</Permissions> </Resource>
Disable the SCIM listener with the
orderId=90
parameter by setting the enable parameter to false in theidentity.xml
file found in the<IS_HOME>/repository/conf/identity
folder.
Then, add the SCIM2 listener with theorderid=93
parameter to theidentity.xml
file and ensure that the enable parameter is set to true.Code Block <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" enable="false" /> <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. --> <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener" orderId="93" enable="true" />
If you will be using the tenant endpoint, add the following property within the
<TenantContextsToRewrite> <WebApp>
tag of theidentity.xml
file found in the<IS_HOME>/repository/conf/identity
folder.Code Block <Context>/scim2</Context>
Ensure that the following property is set to true to enable SCIM for the relevant userstore in the
user-mgt.xml
file found in the<IS_HOME>/repository/conf/
folder.Code Block <Property name="SCIMEnabled">true</Property>
...