Versions Compared

Old Version 11

changes.mady.by.user Gomathy Kumarakuruparan

Saved on

compared with

New Version 12

changes.mady.by.user Gomathy Kumarakuruparan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip

Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

For information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs.

The default permissions required to access each resource in SCIM 2.0 are given below. 

EndpointHTTP MethodPermission
/scim2/Users
          POST
        
          /permission/admin/manage/identity/usermgt/create
        
          /scim2/Users
        
          GET
        
          /permission/admin/manage/identity/usermgt/list
        
          /scim2/Groups
        
          POST
        
          /permission/admin/manage/identity/rolemgt/create
        
          /scim2/Groups
        
          GET
        
          /permission/admin/manage/identity/rolemgt/view
        
          /scim2/Users/(.*)
        
          GET
        
          /permission/admin/manage/identity/usermgt/view
        
          /scim2/Users/(.*)
PUT
          /permission/admin/manage/identity/usermgt/update
        
          /scim2/Users/(.*)
PATCH
          /permission/admin/manage/identity/usermgt/update
        
          /scim2/Users/(.*)
DELETE
          /permission/admin/manage/identity/usermgt/delete
        
          /scim2/Groups/(.*)
        
          GET
        
          /permission/admin/manage/identity/rolemgt/view
        
          /scim2/Groups/(.*)
PUT
          /permission/admin/manage/identity/rolemgt/update
        
          /scim2/Groups/(.*)
PATCH
          /permission/admin/manage/identity/rolemgt/update
        
          /scim2/Groups/(.*)
DELETE
          /permission/admin/manage/identity/rolemgt/delete
        
          /scim2/Me
GET
          /permission/admin/login
        
          /scim2/Me
DELETE
          /permission/admin/login
        
          /scim2/Me
PUT
          /permission/admin/login
        
          /scim2/Me
PATCH
          /permission/admin/login
        
          /scim2/Me
POST
          /permission/admin/manage/identity/usermgt/create
        
          /scim2/ServiceProviderConfig
all-
          /scim2/ResourceType
all-
          /scim2/Bulk
all
          /permission/admin/manage/identity/usermgt
Note

The EnableFilteringEnhancements property is introduced to identity.xml in <IS_HOME>/repository/conf/identity in order to apply filtering enhancements for SCIM2 filter results. This property makes sure that Eq checks for the String match (in this case cross user store search will not be performed). It also enforces consistency in the filtered attribute formats in the response when filtering is done via different endpoints. For example, when this property is enabled, the two endpoints, Users and Groups will have the same format of response.

Code Block
<SCIM2><EnableFilteringEnhancements>true</EnableFilteringEnhancements></SCIM2>
Note

If the OverrideUsernameClaimFromInternalUsername property in user-mgt.xml in <IS_HOME>/repository/conf/identity is enabled, the Username claim is populated even when SCIM is not enabled.

Code Block
<OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>
Info

More information about how to secure the REST APIs and configure authorization level can be found from Authenticating and Authorizing REST APIs