This section provides instructions on how to configure the SCIM 2.0 connector with WSO2 Identity Server for identity provisioning.
...
| Tip |
|---|
Note: SCIM 2.0 is supported by default in WSO2 Identity Server version 5.4.0. If you are using WSO2 Identity Server 5.4.0 or a later version, see SCIM 2.0 REST APIs for instructions on how to use SCIM 2.0 OOTB. |
...
- Download the latest version of WSO2 Identity Server (IS) from here and extract it to a folder. Extracted folder will hereafter be referred to as <IS_HOME>.
Download the SCIM 2.0 connector artifacts for WSO2 Identity Server from here.
Expand title Expand to see what the SCIM 2.0 connector artifacts pack includes charon-config.xml
claim-config-diff.txt
org.wso2.carbon.identity.scim2.common-1.1.1.jar
org.wso2.charon3.core-3.0.7.jar
README
scim2-schema-extension.config
scim2.war
- From the downloaded artifacts, place the
org.wso2.charon.core-x.x.x.jarfile in the<IS_HOME>/repository/components/libfolder. - Place the
org.wso2.carbon.identity.scim2.common-x.x.x.jarfile in the<IS_HOME>/repository/components/dropinsfolder. - Place the
scim2.warin the<IS_HOME>/repository/deployment/server/webappsfolder. - Place the
charon-config.xmlin the<IS_HOME>/repository/conf/identityfolder. - Place the
scim2-schema-extension.configfile in the<IS_HOME>/repository/conffolder. Append the following entries to the
<ResourceAccessControl></ResourceAccessControl>element of theidentity.xmlfile found in the<IS_HOME>/repository/conf/identityfolder.Code Block <Resource context="(.*)/scim2/Users" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions> </Resource> <Resource context="(.*)/scim2/Users" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/usermgt/list</Permissions> </Resource> <Resource context="(.*)/scim2/Groups" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions> </Resource> <Resource context="(.*)/scim2/Groups" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT"> <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH"> <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT"> <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH"> <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="GET"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="PUT"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions> </Resource> <Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all"> <Permissions></Permissions> </Resource> <Resource context="/scim2/ResourceType" secured="false" http-method="all"> <Permissions></Permissions> </Resource> <Resource context="/scim2/Bulk" secured="true" http-method="all"> <Permissions>/permission/admin/manage/identity/usermgt</Permissions> </Resource> <Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all"> <Permissions>/permission/admin/manage/identity/applicationmgt</Permissions> </Resource>Disable the SCIM listener with the
orderId=90parameter by setting the enable parameter to false in theidentity.xmlfile found in the<IS_HOME>/repository/conf/identityfolder.
Then, add the SCIM2 listener with theorderid=93parameter to theidentity.xmlfile and ensure that the enable parameter is set to true.Code Block <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" enable="false" /> <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. --> <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener" orderId="93" enable="true" />
If you will be using the tenant endpoint, add the following property within the
<TenantContextsToRewrite> <WebApp>tag of theidentity.xmlfile found in the<IS_HOME>/repository/conf/identityfolder.Code Block <Context>/scim2</Context>
Ensure that the following property is set to true to enable SCIM for the relevant userstore in the
user-mgt.xmlfile found in the<IS_HOME>/repository/conf/folder.Code Block <Property name="SCIMEnabled">true</Property>
...