| Tip |
|---|
Tip: Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS. |
This REST API implements the SCIM 2.0 Protocol according to the SCIM 2.0 specification.The following endpoints are supported with WSO2 Identity Server.
Users endpoint
This endpoint is used to create and manage users and their profile attributes.
| Info |
|---|
From WSO2 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain. If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change. For more information, see behavioral change #4 in the Migration Guide: Understanding What Has Changed topic.| Tip |
|---|
Tip: Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS. |
This REST API implements the SCIM 2.0 Protocol according to the SCIM 2.0 specification.The following endpoints are supported with WSO2 Identity Server.
Users endpoint
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
This endpoint is used to create and manage users and their profile attributes.
| Info |
|---|
From WSO2 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain. If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change. For more information, see /wiki/spaces/IS580/pages/41127141 topic. |
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Get User by IDGET https://localhost/t/{tenant-domain}/scim2/Users/{id}
This API is used to retrieve users by their user ID. It returns an HTTP 200 response if the user is not found. | Code Block |
|---|
| curl -v -k --user [username]:[password] https://localhost:9443/scim2/Users/[user ID] |
| | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd' |
| | Code Block |
|---|
| {"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd' |
| String | - | | Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.| Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName’ |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName’ |
| String | - |
Responses - HTTP 200 - Valid user is found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
|
| Panel |
|---|
| borderColor | #000080 |
|---|
| bgColor | White |
|---|
|
POST/ Create User POST https://localhost/t/{tenant-domain}/scim2/Users
This API creates a user and returns the user details along with the user's unique ID. It returns HTTP 201 if the user is successfully created. | Code Block |
|---|
| curl -v -k --user [username]:[password] --data '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"userName":[username],"password":[password],"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}--header "Content-Type:application/json" https://localhost:9443/scim2/Users |
| | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users |
| | Code Block |
|---|
| {"emails":[{"type":"home","value":"kim.jackson@gmail.com","primary":true},{"type":"work","value":"kim_j@wso2.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"name":{"familyName":"jackson","givenName":"kim"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users?attributes=userName,name.familyName |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users?excludedAttributes=userName,name.familyName |
| String | - | | Body | body (optional) | A JSON object that contains relevant values for creating a user. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users |
| String | - |
Responses - HTTP 201 - Valid user is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid user
| Tip |
|---|
Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"WSO2/kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users |
|
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
DELETE/ Delete User by IDDELETE https://localhost/t/{tenant-domain}/scim2/Users/{id}
This API deletes a user using the user's unique ID. It returns HTTP 204 if the user is successfully deleted.
| Code Block |
|---|
| curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Users/[user ID] -H "Accept: application/scim+json" |
| | Code Block |
|---|
| curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Users/b228b59d-db19-4064-b637-d33c31209fae -H "Accept: application/scim+json" |
| | Code Block |
|---|
| HTTP/1.1 204 No Content |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type. | String | - |
Responses - HTTP 204 - User has been succesfully deleted
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Get Users (User Listing/Filtering)GET https://localhost/t/{tenant-domain}/scim2/Users
This API returns users according to the filter, sort and pagination parameters. It returns an HTTP 404 response if the users are not found. Pagination is not supported across user stores and LDAP multi-attribute group filtering. However, filtering is supported across multiple user stores.
| Code Block |
|---|
| curl -v -k --user [username]:[password] 'https://localhost:9443/scim2/Users?startIndex=[value]&count=[value]&domain=[value]&filter=[query]&attributes=[attribute names]' |
| | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName' |
| | Code Block |
|---|
| {"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}]} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&attributes=userName,name.familyName' |
| Code Block |
|---|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName' |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request.
All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&excludedAttributes=userName,name.familyName' |
| Code Block |
|---|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&excludedAttributes=userName,name.familyName' |
| String | - | | Query | filter (optional) | A filter expression used to filter users. Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’. | Tip |
|---|
Note that operators are case-insensitive. |
| String | - | | Query | startIndex (optional) | The query results are listed from the position specified by the number given as the startIndex parameter value. For example, if there are 10 query results and the startIndex value is 5, the query results will be listed starting from the 5th query result onwards. | Integer | 1 | | Query | count (optional) | Specifies the desired maximum number of query results per page. | Tip |
|---|
This parameter is optional but it is recommended to include it in the request. When this parameter is not included in the request, the response returns all users from a given domain or across all user stores. When this parameter is set to 0 (zero) or is a negative value, no users are retrieved. |
| Integer | - | | Query | sortBy (optional) | Specifies the attribute whose value can be used to order the returned responses. | Warning |
|---|
This parameter is not supported for this version. |
| String | - | | Query | sortOrder (optional) | The order in which the "sortBy" parameter is applied. (e.g., ascending order) | Warning |
|---|
This parameter is not supported for this version. |
| String | - | | Query | domain (optional) | The name of the user store to which filtering needs to be applied. | String | - |
Responses - HTTP 200 - Valid users are found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
| Tip |
|---|
There are two ways to retrieve users from a particular user store: Using the domain query parameter
Filter or list users from a particular domain by setting the domain query parameter as shown in the example below. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=WSO2 |
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with “userName” and “groups” attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal. | Code Block |
|---|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&filter=userName+sw+WSO2/ki' |
|
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Get User by IDGET POST/ Search UsersPOST https://localhost/t/{tenant-domain}/scim2/Users/{id}.search
This API is used to retrieve users by their user IDreturns users according to the filter, sort and pagination parameters. It returns an an HTTP 200 response 404 response if the
user is users are not found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] |
|
| Code Block |
|---|
|
|
curl -vk -user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd'| Code Block |
|---|
|
{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"attributes": [attribute names],"filter": [filter query],"domain": [domain name],"startIndex": [value],"count": [value]}' --header "Content-Type:application/scim+json" 'https://localhost:9443/scim2/Users/ |
|
|
| Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim: |
|
"name.familyName", "userName"]," |
|
"userName sw ki and name.familyName co ack","domain":" |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
Path | id (required) | Unique ID of the resource type.
| Code Block |
|---|
|
curl -v -k --user admin:admin 10}' --header "Content-Type:application/scim+json" 'https://localhost:9443/scim2/Users/ |
|
Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.| Code Block |
|---|
|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/ | {"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"name":{"familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd |
|
String | - | Query | excludedAttributes| Type | Name | Description | Schema | Default Value |
|---|
| Body | body (optional) |
Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
| Code Block |
|---|
|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName’This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses
- HTTP 200 - Valid user is users are found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is users are not found
...
...
...
...
...
updates user details and returns the updated user details |
...
using a PATCH operation. It returns an HTTP |
...
404 response if the user is
|
...
not found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] - |
|
|
...
X PATCH -d '{"schemas":[],"Operations":[{"op":[operation],"value":{[attributeName]:[attribute value]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/[user ID] |
| | Code Block |
|---|
| curl -v -k --user admin:admin -X PATCH - |
|
|
...
d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"]," |
|
|
...
...
...
...
...
...
...
shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd |
| |
|
...
...
"work","value":"kim_j@wso2. |
|
|
...
...
...
...
...
...
created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users |
|
|
...
...
/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-16T14:46:07Z","resourceType":"User"},"nickName":"shaggy","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":" |
|
|
...
...
...
...
...
...
...
...
...
...
...
"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type.
| String | - | | Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim: |
|
|
...
...
...
...
...
...
...
...
...
}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd |
|
|
...
Parameters
...
?attributes=userName,name.familyName |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be |
|
...
excluded from the response. When this parameter is included in the request, the response returns |
|
...
all attributes except the |
|
...
excludedattributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PATCH - |
|
|
...
...
"urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{" |
|
|
...
...
...
...
...
...
...
shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users |
|
|
...
/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName |
| String | - |
|
...
...
...
| This is a JSON object that contains relevant values used to search for a user. |
|
|
Responses - HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
|
...
...
[username]:[password] -X PUT - |
|
|
...
d '{"schemas":[],"name":{"familyName": |
|
|
...
...
...
...
...
...
...
...
[email address 2],"type": |
|
|
...
...
]}]}' --header "Content-Type:application/json" https://localhost:9443/ |
|
|
...
body
(optional)
...
...
| curl -v -k --user admin:admin -X PUT - |
|
|
...
d '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim", |
|
|
...
...
...
...
...
...
...
jack@gmail.com","type":"home"} |
|
|
...
]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd |
| | Code Block |
|---|
| {"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":" |
|
|
...
...
,"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users |
|
|
...
Responses
- HTTP 201 - Valid user is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid user
| Tip |
|---|
Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"WSO2/kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users |
|
...
| borderColor | Black |
|---|
| bgColor | White |
|---|
DELETE/ Delete User by ID
DELETE https://localhost/t/{tenant-domain}/scim2/Users/{id}
This API deletes a user using the user's unique ID. It returns HTTP 204 if the user is successfully deleted.
...
...
/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-16T14:24:00Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type.
| String | - | | Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/ |
|
|
...
c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. |
|
...
| curl -v -k --user admin:admin -X |
|
|
...
PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/ |
|
|
...
...
...
...
| Code Block |
|---|
|
HTTP/1.1 204 No Content |
Parameters
...
id
(required)
...
a775-79b260e717bd?excludedAttributes=userName,name.familyName |
| String | - | | Body | body (optional) | This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses |
...
...
- successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid
|
...
Groups endpoint
This endpoint is used to create and manage groups and group members.
| Info |
|---|
From WSO2 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain. If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change. For more information, see /wiki/spaces/IS580/pages/41127141 topic. |
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Get Users (User Listing/Filtering)Group by IDGET https://localhost/t/{tenant-domain}/scim2/UsersGroups/{id}
This API returns users according to the filter, sort and pagination parametersthe group details of a particular group using its unique ID. It returns an HTTP 404200 response if the users are not found. Pagination is not supported across user stores and LDAP multi-attribute group filtering. However, filtering is supported across multiple user stores. | Code Block |
|---|
|
|
curl -v -k --user [username]:[password] 'group is found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] https://localhost:9443/scim2/Groups/[group ID] |
|
| Code Block |
|---|
| curl -v -k --user admin:admin https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36 |
|
| Code Block |
|---|
| {"displayName":"manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Users?startIndex=[value]&count=[value]&domain=[value]&filter=[query]&attributes=[attribute names]' |
|
| Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName' |
|
| Code Block |
|---|
| {"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"} |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type.
| String | - |
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/ |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
| Code Block |
|---|
title | Sample ae38-d2332ecc0f36?attributes=displayName’ |
| String | - |
| Query | excludedAttributes (optional) | Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName’ |
| String | - |
Responses
- HTTP 200 - Valid group is found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
POST/ Create GroupPOST https://localhost/t/{tenant-domain}/scim2/Groups
This API creates a group and returns the details of the created group including its unique ID. It returns an HTTP 201 response if the group is successfully created.
| Code Block |
|---|
| curl -v -k --user |
|
| Code Block |
|---|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName' |
| String | - | Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request.
All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.[username]:[password] --data '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName": [group name], "members": [{"value": [user ID],"$ref":[ref url],"display": [user name] }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups |
|
|
| curl -v -k --user admin:admin |
|
--data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups |
|
| Code Block |
|---|
| {"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/ |
|
| Code Block |
|---|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&excludedAttributes=userName,name.familyName' |
String | - |
| Query | filter (optional) | A filter expression used to filter users. Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’. | Tip |
|---|
Note that operators are case-insensitive. |
| String | - |
| Query | startIndex (optional) | The query results are listed from the position specified by the number given as the startIndex parameter value. For example, if there are 10 query results and the startIndex value is 5, the query results will be listed starting from the 5th query result onwards. | Integer | 1 |
Query | count (optional) | Specifies the desired maximum number of query results per page.
| Tip |
|---|
This parameter is optional but it is recommended to include it in the request.
When this parameter is not Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z","resourceType":"Group"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"} |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns |
all users from a given domain or across all user stores.When this parameter is set to 0 (zero) or is a negative value, no users are retrieved.
Integer | - | | Query | sortBy (optional) | Specifies the attribute whose value can be used to order the returned responses. | Warning |
|---|
This parameter is not supported for this version. |
| String | - |
Query | sortOrder (optional) | The order in which the "sortBy" parameter is applied. (e.g., ascending order)
| Warning |
|---|
This parameter is not supported for this version.only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName |
| String | - |
| Query |
domainexcludedAttributes (optional) |
The name of the user store to which filtering needs to be applied. | String | - | Responses
- HTTP 200 - Valid users are found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
| Tip |
|---|
There are two ways to retrieve users from a particular user store:
Using the domain query parameter
Filter or list users from a particular domain by setting the domain query parameter as shown in the example belowAttribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with “userName” and “groups” attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.
| Code Block |
|---|
excludedAttributes=displayName |
| String | - |
| Body | body (optional) | This is a JSON object that contains relevant values used to create a group. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
Responses
- HTTP 201 - Valid group is created
- HTTP 401 - Unauthorized
- HTTP 404 - Group is not found
...
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
POST/ Search UsersCreate GroupPOST https://localhost/t/{tenant-domain}/scim2/Users/.searchGroups
This API returns users according to the filter, sort and pagination parameterscreates a group and returns the details of the created group including its unique ID. It returns an HTTP 404201 response if the users are not foundgroup is successfully created.
| Code Block |
|---|
| curl -v -k --user [username]:[password] --data '{"schemas": ["urn:ietf:params:scim:apischemas:messagescore:2.0:SearchRequestGroup"],"attributesdisplayName": [attributegroup namesname], "filtermembers": [filter query],"domain{"value": [domainuser nameID],"startIndex$ref":[ref [valueurl],"countdisplay": [valueuser name] }]}' --header "Content-Type:application/scim+json" 'https://localhost:9443/scim2/Users/.search'Groups |
| | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"attributes": ["name.familyName", "userName"],"filter":"userName sw ki and name.familyName co ack","domain":"PRIMARY","startIndex": 1,"count": 10 --data '{"displayName":"manager"}' --header "Content-Type:application/scim+json" 'https://localhost:9443/scim2/Users/.search'Groups |
| | Code Block |
|---|
| {"totalResultsdisplayName":1,"startIndexPRIMARY/manager":1,"itemsPerPagemeta":1,{"schemascreated":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"name":{"familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}]2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z","resourceType":"Group"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
BodybodyThis is a JSON object that contains relevant values used to search for a user.String | - | Responses - HTTP 200 - Valid users are found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
|
...
| borderColor | Black |
|---|
| bgColor | White |
|---|
PATCH/ Update User
PATCH https://localhost/t/{tenant-domain}/scim2/Users/{id}
Attribute names of attributes that are to be included in the response.When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user |
|
|
...
...
...
...
...
"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
|
...
Groups?excludedAttributes=displayName |
| String | - | | Body | body (optional) | This is a JSON object that contains relevant values used to create a group. |
|
...
| curl -v -k --user admin:admin - |
|
|
...
...
...
...
"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
|
...
Responses - HTTP 201 - Valid group is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
| Tip |
|---|
Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name as shown in the example below. |
|
...
| curl -v -k --user admin:admin --data '{"displayName":"WSO2DOMAIN/manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
|
...
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
DELETE/ Delete Group By IDDELETE https://localhost/t/{tenant-domain}/scim2/Groups/{id}
This API deletes a particular group using its unique ID. It returns an HTTP 204 reponse if the group is successfully deleted.
| Code Block |
|---|
| curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Groups/[group ID] -H "Accept: application/json" |
| | Code Block |
|---|
| curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Groups/0d32c19e-7a74-4c22-b1ad-1d21317d5b04 -H "Accept:application/json" |
| | Code Block |
|---|
| HTTP/1.1 204 No Content |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type. | String | - |
|
...
attributes
(optional)
...
Responses - HTTP 204 - Valid group has been successfully deleted.
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Filter GroupsGET https://localhost/t/{tenant-domain}/scim2/Groups
This API returns groups according to the specified filter, sort and pagination parameters. It returns HTTP 404 if the groups are not found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] 'https://localhost:9443/scim2/Groups?startIndex=[value]&count=[value]&filter=[query]&attributes=[attribute names]' |
| |
|
...
| curl -v -k --user admin:admin |
|
|
...
'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager' |
| | Code Block |
|---|
| {"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0: |
|
|
...
...
...
...
...
...
...
2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/ |
|
|
...
Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}]} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be |
|
...
included in the response. When this parameter is included in the request, the response returns |
|
...
...
that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin |
|
|
...
...
https://localhost:9443/scim2/ |
|
|
...
Groups?filter=displayName+eq+manager&attributes=displayName' |
| String | - |
|
...
...
| borderColor | Black |
|---|
| bgColor | White |
|---|
PUT/ Update User
PUT https://localhost/t/{tenant-domain}/scim2/Users/{id}
...
excludedAttributes (optional) |
|
...
Responses
- HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user |
|
|
...
| Code Block |
|---|
|
curl -v -k --user admin:admin -X PUT -d '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","emails":[{"value":"kim_j@wso2.com","type":"work"},{"value":"kim.jack@gmail.com","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd |
...
...
admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager&excludedAttributes=displayName' |
| String | - | | Query | filter (optional) | A filter expression used to filter users. Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’. | Tip |
|---|
Note that operators are case-insensitive. |
| String | - | | Query | startIndex (optional) | The query results are listed from the position specified by the number given as the startIndex parameter value. For example, if there are 10 query results and the startIndex value is 5, the query results will be listed starting from the 5th query result onwards. | Warning |
|---|
Pagination is not supported. |
| Integer | 1 | | Query | count (optional) | Specifies the desired maximum number of query results per page. | Warning |
|---|
Pagination is not supported. |
| Tip |
|---|
Note: When this parameter is not included in the request, the response returns all groups from the given domain or across all user stores. When the count is zero or any value less than zero, no groups are returned. |
| Integer | - | | Query | sortBy (optional) | Specifies the attribute whose value can be used to order the returned responses. | Warning |
|---|
This parameter is not supported for this version. |
| String | - | | Query | sortOrder (optional) | The order in which the "sortBy" parameter is applied. (e.g., ascending order) | Warning |
|---|
This parameter is not supported for this version. |
| String | - | | Query | domain (optional) | The name of the user store to which filtering needs to be applied. | String | - |
Responses - HTTP 200 - Valid groups have been successfully returned.
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
| Tip |
|---|
There are two ways to retrieve users from a particular user store: Using the domain query parameter
Setting the domain parameter enables both filtering and listing groups in a specified user store. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/ |
|
|
...
Parameters
...
id
(required)
Unique ID of the resource type.
...
attributes
(optional)
Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
...
...
Groups?startIndex=3&count=20&domain=WSO2’ |
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with "displayName", "members.display" and "members.value" attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal. | Code Block |
|---|
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?startIndex=2&count=20&filter=displayName+eq+WSO2/manager' |
Optionally, you can also retrieve Internal/Application domain roles with the "Groups" endpoint using the "list" and "filter" operations.
Note that this is only applicable for the Groups endpoint. | Tip |
|---|
Note that this feature is available from WSO2 IS 5.8.0 5062 WUM update. You can apply the WUM update using the WSO2 Update Manager (WUM). To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide. |
| Code Block |
|---|
| title | Sample 'list' request |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/ |
|
|
...
excludedAttributes
(optional)
...
Groups?domain=Application' |
|
|
...
| 'filter' request with domain parameter |
| curl -v -k --user admin:admin |
|
|
...
...
...
https://localhost:9443/scim2/ |
|
|
...
body
(optional)
...
Responses
- HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
Groups endpoint
| Info |
|---|
From WSO2 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain. If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change. For more information, see behavioral change #4 in the Migration Guide: Understanding What Has Changed topic.Groups?filter=displayName+eq+myapp&domain=Application' |
| Code Block |
|---|
| title | Sample 'filter' request with domain prefix |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+sw+Application/my' |
|
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Group by IDGET POST/ Search GroupsPOST https://localhost/t/{tenant-domain}/scim2/Groups/{id}.search
This API returns the group details of a particular group using its unique IDgroups according to the specified filter, sort and pagination parameters. It returns an HTTP 200404 response if the group is groups are not found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] --data '{"schemas": [],"startIndex": [value], "filter": [query]}' --header "Content-Type:application/scim+json" https://localhost:9443//localhost:9443/scim2/Groups/[group ID] | | Code Block |
|---|
| curl -v -k --user admin:adminscim2/Groups/.search |
| | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"startIndex": 1, "filter": "displayName eq manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36.search |
| | Code Block |
|---|
| {"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group":42Z"},"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}]} |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
optional) | This is a JSON object that contains relevant values used to search for a group. | String | - |
|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName’ |
| String | - |
Query | excludedAttributes (optional) | Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification- HTTP 200 - Valid groups are found
- HTTP 401 - Unauthorized
- HTTP 404 - Groups are not found
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
PATCH/ Update UserPATCH https://localhost/t/{tenant-domain}/scim2/Groups/{id}
This API updates the group details and returns the updated group details using a PATCH operation. It returns an HTTP 404 response if the group is not found. Sample admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName’ | String | - | Responses
- HTTP 200 - Valid group is found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
POST/ Create GroupPOST https://localhost/t/{tenant-domain}/scim2/Groups
This API creates a group and returns the details of the created group including its unique ID. It returns an HTTP 201 response if the group is successfully created. | Code Block |
|---|
| title | Request[username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op": [operation],"value":{"members":[{"display": [name],"$ref": [ref],"value": [member user ID] }] } }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID] |
|---|
| | Code Block |
|---|
| curl -v -k --user [username]:[password]admin:admin -X PATCH -datad '{"schemas":["urn:ietf:params:scim:schemasapi:coremessages:2.0:GroupPatchOp"],"displayNameOperations": [group name], "members": [{[{"op":"add","value": [user ID],"$ref{"members":[ref url],{"display": [user name] }]}' --header "Content-Type:application/json" "Kris","$ref":"https://localhost:9443/scim2/Groups | | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36 |
| | Code Block |
|---|
| {"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:2751:42Z45Z"},"resourceTypeschemas":["urn:ietf:params:scim:schemas:core:2.0:Group"}],"schemasmembers":["urn:ietf:params:scim:schemas:core:2.0:Group"{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type.
| String | - | | Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": -v -k --user admin:admin --data '{"displayName":"manager""Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager" -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName |
| String | - | | Body | body (optional) | This is a JSON object that contains relevant values used to create search for a group.| Code Block |
|---|
| | curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groupsuser.String | - |
Responses - HTTP 201 - Valid group is created200 - Group has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Group Valid group is not found
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
POSTPUT/ Create GroupUpdate UserPOST PUT https://localhost/t/{tenant-domain}/scim2/Groups/{id}
This API creates a updates the group details and returns the details of the created group including its unique IDupdated group details using a PUT operation. It returns an HTTP 201 response 404 reponse if the group is successfully creatednot found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] -X PUT -datad '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName": [group name], "members": [{"value": [user ID],"$ref":[ref url],"display": [user's name] }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID] |
| | Code Block |
|---|
| curl -v -k --user admin:admin -X PUT -datad '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36 |
| | Code Block |
|---|
| {"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:2742:42Z","resourceType":"Group"56Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"core:2.0:Group"],"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"} |
|
Parameters | Type | Name | Description | Schema | Default Value | Query | attributes (optional) | Attribute names of attributes that are to be included in the response.When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName | Schema | Default Value | | Path | id (required) | Unique ID of the resource type.
| String | - | | Query | excludedAttributesattributes (optional) | Attribute names of attributes that are to be excluded from included in the response. When this parameter is included in the request, the response returns all attributes except only the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?excludedAttributes=displayName |
| String | - | Body | body (optional) | This is a JSON object that contains relevant values used to create a group0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PUT -datad '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName |
| String | - |
Responses - HTTP 201 - Valid group is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
| Tip |
|---|
Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name as shown in the example below| Query | excludedAttributes (optional) | Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PUT - |
|
manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" |
|
https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName |
| String | - | | Body | body (optional) | This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses - HTTP 200 - Group has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
|
Me Endpoint
This endpoint is used to create and manage the currently authenticated user.
| Panel |
|---|
| borderColor | Black#000080 |
|---|
| bgColor | White |
|---|
|
DELETE/ Delete Group By IDDELETE POST/ Create Me POST https://localhost/t/{tenant-domain}/scim2/Groups/{id}Me
This API deletes a particular group using its unique IDis used to register a user anonymously. It returns an HTTP 204 reponse 201 response if the
group is successfully deleteduser is successfully created. These endpoints are secured by default. Therefore, to invoke this API anonymously, set the secured property for the SCIM2 resource in the identity.xml file to false. For more information, see Authenticating and Authorizing REST APIs. user data '{"schemas":[],"name:{"familyName":[last name],"givenName":[name]},"userName":[username],"password":[password] |
|
|
| Code Block |
|---|
| curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Groups/0d32c19e-7a74-4c22-b1ad-1d21317d5b04 -H "Accept:application/json" |
|
| Code Block |
|---|
| HTTP/1.1 204 No Content |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type. | String | - |
Responses
- HTTP 204 - Valid group has been successfully deleted.
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Filter GroupsGET https://localhost/t/{tenant-domain}/scim2/Groups
This API deletes a particular group using its unique ID. It returns an HTTP 204 reponse if the group is successfully deleted. | Code Block |
|---|
| title | Request,"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":[employee ID],"manager":{"value":[manager's name]}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me |
|
|
| Code Block |
|---|
|---|
|
curl -v -k --user admin:admin 'data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"alex.j@gmail.com","type":"home"},{"value":"alex_j@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
"alex.j@gmail.com","primary":true},{"type":"work","value":"alex_j@wso2.com"}],"meta":{"created":"2018-08- |
|
29Z","location":"https://localhost:9443/scim2/ |
|
c03b5a1f4217","lastModified":"2018-08- |
|
17T10:34:29Z","resourceType":"User"}," |
|
"urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"name":{"familyName":"Johnson","givenName":"Alex"},"id":" |
|
87de-c03b5a1f4217","userName":"alex"} |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. |
String | - | Query | excludedAttributes (optional) | Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
| Code Block |
|---|
|
curl -v -k --user admin:admin 'data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"alex.j@gmail.com","type":"home"},{"value":"alex_j@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
attributes=userName,name.familyName |
| String | - |
| Query |
excludedAttributes (optional) |
A filter expression used to filter users. Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’. | Tip |
|---|
Note that operators are case-insensitive. |
| String | - | | Query | startIndex (optional) | The query results are listed from the position specified by the number given as the startIndex parameter value. For example, if there are 10 query results and the startIndex value is 5, the query results will be listed starting from the 5th query result onwards. | Warning |
|---|
Pagination is not supported. |
| Integer | 1 |
| Query | count (optional) | Specifies the desired maximum number of query results per page. | Warning |
|---|
Pagination is not supported. |
| Tip |
|---|
Note: When this parameter is not included in the request, the response returns all groups from the given domain or across all user stores. When the count is zero or any value less than zero, no groups are returned. |
| Integer | - |
| Query | sortBy (optional) | Specifies the attribute whose value can be used to order the returned responses. | Warning |
|---|
This parameter is not supported for this version. |
| String | - |
| Query | sortOrder (optional) | The order in which the "sortBy" parameter is applied. (e.g., ascending order) | Warning |
|---|
This parameter is not supported for this version. |
| String | - |
Query | domain (optional) | The name of the user store to which filtering needs to be appliedAttribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"alex.j@gmail.com","type":"home"},{"value":"alex_j@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me?excludedAttributes=userName,name.familyName |
| String | - |
| Body | body (optional) | A JSON object that contains relevant values for creating a user. | String | - |
Responses
- HTTP 204 201 - Valid group has been successfully deleted.user is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
| Tip |
|---|
There are two ways to retrieve users from a particular store:Using the domain query parameter
Setting the domain parameter enables both filtering and listing groups in a specified user store.
| Code Block |
|---|
|
curl -v -k --user admin:admin '
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
DELETE/ Delete MeDELETE https://localhost
:9443/
scim2/Groups?startIndex=3&count=20&domain=WSO2’Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with "displayName", "members.display" and "members.value" attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal. | Code Block |
|---|
t/{tenant-domain}/scim2/Me
This API is used to delete the currently authenticated user. It returns HTTP 204 if the user is successfully deleted.
| Code Block |
|---|
| curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Me |
| | Code Block |
|---|
| curl -v -k --user |
|
alex:alexwso2 -X DELETE https://localhost:9443/scim2 |
|
| | Code Block |
|---|
| HTTP/1.1 204 NOT IMPLEMENTED |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type. | String | - |
Responses - HTTP 204 - User has been succesfully deleted
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
POSTGET/ Search GroupsGet MePOST GET https://localhost/t/{tenant-domain}/scim2/Groups/.searchMe
This API returns groups according to the specified filter, sort and pagination parameters. It returns an HTTP 404 response if the groups are not found.the user details of the currently authenticated user. These endpoints are secured by default. Therefore, to invoke this API anonymously, set the secured property for the SCIM2 resource in the identity.xml file to false. For more information, see Authenticating and Authorizing REST APIs. -k --user [username]:[password]--data '{"schemas": [],"startIndex": [value], "filter": [query]}'header "Content-Type:application/scim+json"user [username]:[password] https://localhost:9443/scim2/ |
|
| | Code Block |
|---|
| curl -v -k --user |
|
kim:kimwso2 https://localhost:9443/scim2/ |
|
"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08- |
|
43Z","location":"https://localhost:9443/scim2/ |
|
c7ba95fb0fa9","lastModified":"2018-08- |
|
16T17:19:43Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"kim"," |
|
jackson"},"groups":[{"display":" |
|
Parameters |
| Type | Name | Description | Schema | Default Value |
|---|
Body | body (optional) | This is a JSON object that contains relevant values used to search for a group.f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"} |
|
Parameters
| Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.| Code Block |
|---|
| curl -v -k --user alex:alexwso2 https://localhost:9443/scim2/Me?attributes=userName,name.familyName’ |
| String | - |
| Query | excludedAttributes (optional) | Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user alex:alexwso2 https://localhost:9443/scim2/Me?excludedAttributes=userName,name.familyName’ |
| String | - |
Responses
- HTTP 200 - Valid groups are user is found
- HTTP 401 - Unauthorized
- HTTP 404 - Groups are Valid user is not found
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
PATCH/ Update UserPATCH MePATCH https://localhost/t/{tenant-domain}/scim2/Me
This API uses a PATCH operation to update user details Returns HTTP 404 if the user is not found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op":[operation],"value":{[attributeName]:[attribute value]}}]}' --header "Content-Type:application/json" https://localhost |
|
HTTP 404 response if the group is not found. | | Code Block |
|---|
| curl -v -k --user [username]:[password]kim:kimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[],"Operations{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me |
| | Code Block |
|---|
| {"emails":[{"optype": [operation]"work","value":"jackson_k@wso2.com"},{"memberstype":[{"display": [name"home","value":"jacksonk@gmail.com"}],"$refmeta": [ref],"value": [member user ID] }] } }]}' --header "Content-Type:application/json" {"created":"2018-08-16T17:19:43Z","location":"https://localhost:9443/scim2/Groups/[group ID] | | Code Block |
|---|
| curl -v -k --user admin:admin -X PATCH -d '{"schemas":[Users/f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","lastModified":"2018-08-17T11:43:34Z","resourceType":"User"},"nickName":"shaggy","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:apiextension:messagesenterprise:2.0:PatchOp"],"OperationsUser"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"roles":[{"optype":"adddefault","value":{"members"manager,Internal/everyone,admin"}],"name":[{"displaygivenName": "KrisKim","$reffamilyName":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1JacksonJohn"},"groups":[{"display":"manager","value": "81cbba1ba43fe003-c259d90d-485d43ca-8ba4ae38-79afb03e5bd1d2332ecc0f36"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36 | | Code Block |
|---|
| {"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:51:45Z"},","id":"f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"} |
|
| Type | Name | Description | Schema | Default Value |
|---|
| Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user kim:kimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim: |
|
shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/ |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Path | id (required) | Unique ID of the resource type.Me?attributes=userName,name.familyName |
| String | - | | Query | attributesexcludedAttributes (optional) | Attribute names of attributes that are to be included in excluded from the response. When this parameter is included in the request, the response returns only all attributes except the attributes excludedattributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user adminkim:adminkimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayNameMe?excludedAttributes=userName,name.familyName |
| String | - | | QueryBody | excludedAttributesbody (optional) | Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.This is a JSON object that contains relevant values used to search for a user. |
|
|
Responses - HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
|
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
PUT/ Update UserPUT https://localhost/t/{tenant-domain}/scim2/Me
This API uses a PUT operation to update user details. It returns HTTP 404 if the user is not found. Sample admin:adminPATCH"urn:ietf:params:scim:api:messages:2.0:PatchOp"Operations[op"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}[last name],"givenName":[name]},"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}' --header "Content-Type:application/json" |
|
| String | - | Body | body (optional) | This is a JSON object that contains relevant values used to search for a user.String | - | Responses
- HTTP 200 - Group has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
PUT/ Update UserPUT https://localhost/t/{tenant-domain}/scim2/Groups/{id}
This API updates the group details and returns the updated group details using a PUT operation. It returns an HTTP 404 reponse if the group is not found.https://localhost:9443/scim2/Me |
| | Code Block |
|---|
| curl -v -k --user[username]:[password] kim:kimwso2 -X PUT -d '{"schemas":[],"name":{"displayName":[group name],"members":["familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"primary":true,"value":"jacksonk@gmail.com","type":"home"},{"value":"jackson_k@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":[user ID],"display":[user's name]}]"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID]Me |
| | Code Block |
|---|
| curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members" | {"emails":[{"valuetype":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0work","displayvalue":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36 | | Code Block |
|---|
| {"displayName":"PRIMARY/manager"jackson_k@wso2.com"},{"type":"home","value":"jacksonk@gmail.com"}],"meta":{"created":"2018-08-16T1516T17:2719:42Z43Z","location":"https://localhost:9443/scim2/GroupsUsers/a43fe003f60e6ddd-d90d8d04-43ca411f-ae3892b9-d2332ecc0f36c7ba95fb0fa9","lastModified":"2018-08-16T15:42:56Z16T17:43:17Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:core:2.0:Group"],"members:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"Kim","familyName":"JacksonJohn"},"groups":[{"display":"kimmanager","value":"b3c07363a43fe003-f0edd90d-479843ca-97f9ae38-0cb26d9d79c0d2332ecc0f36"}],"id":"a43fe003f60e6ddd-d90d8d04-43ca411f-ae38-d2332ecc0f3692b9-c7ba95fb0fa9","userName":"kim"} |
|
Parameters | Type | Name | Description | Schema | Default Value | Path | id (required) |
|---|
Unique ID of the resource type. String | - | Query | attributes (optional) | Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}] kim:kimwso2 -X PUT -d '{"schemas":[],"name":{"familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"primary":true,"value":"jacksonk@gmail.com","type":"home"},{"value":"jackson_k@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayNameMeattributes=userName,name.familyName |
| String | - | | Query | excludedAttributes (optional) | Attribute names of attributes that are to be exclused excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. | Code Block |
|---|
| curl -v -k --user adminkim:adminkimwso2 -X PUT -d '{"schemas":[],"name":{"familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"displayName"primary":true,"value":"managerjacksonk@gmail.com","memberstype":["home"},{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0jackson_k@wso2.com","displaytype":"kimwork"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayNameMeexcludedAttributes=userName,name.familyName |
| String | - | | Body | body (optional) | This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses - HTTP 200 - Group User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is users are not found
|
Bulk Endpoint
This endpoint is used for bulk operations.
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
POST/ Create Users in BulkPOST https://localhost/t/{tenant-domain}/scim2/Bulk
This API is used to create multiple users at once. It returns an HTTP 201 response if the users are successfully created.
| Code Block |
|---|
| curl -v -k --user [username]:[password] --data '{"failOnErrors": [value],"schemas":[],"Operations":[{"method": [request type],"path": [end point],"bulkId": [bulk id] ,"data": [input user details] }] }' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Bulk |
| | Code Block |
|---|
| curl -v -k --user admin:admin --data '{"failOnErrors":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkRequest"],"Operations":[{"method": "POST","path": "/Users","bulkId": "qwerty","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName": "Kris","password":"krispass"}},{"method": "POST","path": "/Users","bulkId":"ytrewq","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"userName":"Jesse","password":"jessepass","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber": "11250","manager": {"value": "bulkId:qwerty"}}}}]}' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Bulk |
| | Code Block |
|---|
| {"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkResponse"],"Operations":[{"bulkId":"qwerty","method":"POST","location":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","status":{"code":201}},{"bulkId":"ytrewq","method":"POST","location":"https://localhost:9443/scim2/Users/b489dacc-fc89-449c-89f6-7acc37422031","status":{"code":201}}]} |
|
Parameters | Type | Name | Description | Schema | Default Value |
|---|
| Body | body (optional) | This is a JSON object that contains relevant values used to create the users. | String | - |
Responses - HTTP 200 - Valid users are created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid users
|
ResourceType Endpoint
This endpoint is used to retrieve meta data about the resource types.
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Get Resource TypesGET https://localhost/t/{tenant-domain}/scim2/ResourceType
This API lists and returns metadata about resource types. It returns an HTTP 200 response if the schema is found.
| Code Block |
|---|
| curl -v -k --user [username]:[password] https://localhost:9443/scim2/ResourceType |
| | Code Block |
|---|
| curl -v -k --user admin:admin https://localhost:9443/scim2/ResourceType |
| | Code Block |
|---|
| {"schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],"resourceType":[{"schema":"urn:ietf:params:scim:schemas:core:2.0:User","endpoint":"/Users","meta":{"location":"https://localhost:9443/scim2/ResourceType/User","resourceType":"ResourceType"},"name":"User","description":"User Account","schemaExtensions":{"schema":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User","required":false},"id":"User"},{"schema":"urn:ietf:params:scim:schemas:core:2.0:Group","endpoint":"/Groups","meta":{"location":"https://localhost:9443/scim2/ResourceType/Group","resourceType":"ResourceType"},"name":"Group","description":"Group","id":"Group"}]} |
|
Parameters Responses - HTTP 200 - Schema is found
- HTTP 401 - Unauthorized
- HTTP 404 - Schema is not found
|
ServiceProviderConfig Endpoint
This endpoint is used to retrieve the service provider's configuration details.
| Panel |
|---|
| borderColor | Black |
|---|
| bgColor | White |
|---|
|
GET/ Get Service Provider ConfigGET https://localhost/t/{tenant-domain}/scim2/ServiceProviderConfig
This API is used to create multiple users at once. It returns an HTTP 201 response if the users are successfully created.
| Code Block |
|---|
| curl -v -k --user [username]:[password] https://localhost:9443/scim2/ServiceProviderConfig |
| | Code Block |
|---|
| curl -v -k --user admin:admin https://localhost:9443/scim2/ServiceProviderConfig |
| | Code Block |
|---|
| {"patch":{"supported":true},"filter":{"maxResults":200,"supported":true},"documentationUri":"http://example.com/help/scim.html","authenticationSchemes":[{"name":"OAuth Bearer Token","description":"Authentication scheme using the OAuth Bearer Token Standard","specUri":"http://www.rfc-editor.org/info/rfc6750","type":"oauthbearertoken","primary":true},{"name":"HTTP Basic","description":"Authentication scheme using the HTTP Basic Standard","specUri":"http://www.rfc-editor.org/info/rfc2617","type":"httpbasic","primary":false}],"schemas":["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],"etag":{"supported":false},"sort":{"supported":false},"bulk":{"maxPayloadSize":1048576,"maxOperations":1000,"supported":true},"changePassword":{"supported":false}} |
|
Parameters Responses - HTTP 200 - Schema is found
- HTTP 401 - Unauthorized
- HTTP 404 - Schema is not found
|
...