Page Comparison

...

...

This section provides instructions on how to configure the SCIM 2.0 connector with WSO2 Identity Server for identity provisioning. 

...

Deploy SCIM 2.0 connector with IS

...

The below instructions provide a step-by-step approach to deploy SCIM 2.0 connector with WSO2 Identity Server:

1. Download the latest version of WSO2 Identity Server (IS) from here and extract it to a folder. Extracted folder will hereafter be referred to as <IS_HOME>.

2. Download the SCIM 2.0 connector artifacts for WSO2 Identity Server from here. 

   Expand
   title Expand to see what the SCIM 2.0 connector artifacts pack includes
   charon-config.xml claim-config-diff.txt org.wso2.carbon.identity.scim2.common-1.1.1.jar org.wso2.charon3.core-3.0.7.jar README scim2-schema-extension.config scim2.war

3. From the downloaded artifacts, place the org.wso2.charon.core-x.x.x.jar file in the <IS_HOME>/repository/components/lib folder.
4. Place the org.wso2.carbon.identity.scim2.common-x.x.x.jar file in the <IS_HOME>/repository/components/dropins folder.
5. Place the scim2.war in the <IS_HOME>/repository/deployment/server/webapps folder.
6. Place the charon-config.xml in the <IS_HOME>/repository/conf/identity folder.
7. Place the scim2-schema-extension.config file in the <IS_HOME>/repository/conf folder.

8. Append the following entries to the <ResourceAccessControl></ResourceAccessControl> element of the identity.xml file found in the <IS_HOME>/repository/conf/identity folder.

   Code Block

   <Resource context="(.*)/scim2/Users" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions> </Resource> <Resource context="(.*)/scim2/Users" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/usermgt/list</Permissions> </Resource> <Resource context="(.*)/scim2/Groups" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions> </Resource> <Resource context="(.*)/scim2/Groups" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT"> <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH"> <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET"> <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT"> <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH"> <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions> </Resource> <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="GET"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE"> <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="PUT"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH"> <Permissions>/permission/admin/login</Permissions> </Resource> <Resource context="(.*)/scim2/Me" secured="true" http-method="POST"> <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions> </Resource> <Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all"> <Permissions></Permissions> </Resource> <Resource context="/scim2/ResourceType" secured="false" http-method="all"> <Permissions></Permissions> </Resource> <Resource context="/scim2/Bulk" secured="true" http-method="all"> <Permissions>/permission/admin/manage/identity/usermgt</Permissions> </Resource> <Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all"> <Permissions>/permission/admin/manage/identity/applicationmgt</Permissions> </Resource>

9. Disable the SCIM listener with the orderId=90 parameter by setting the enable parameter to false in the identity.xml file found in the <IS_HOME>/repository/conf/identity folder. 
   Then, add the SCIM2 listener with the orderid=93 parameter to the identity.xml file and ensure that the enable parameter is set to true.

   Code Block

   <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" enable="false" /> <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. --> <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener" orderId="93" enable="true" />

10. If you will be using the tenant endpoint, add the following property within the <TenantContextsToRewrite> <WebApp> tag of the identity.xml file found in the <IS_HOME>/repository/conf/identity folder.

    Code Block
    <Context>/scim2</Context>

11. Ensure that the following property is set to true to enable SCIM for the relevant userstore in the user-mgt.xml file found in the  <IS_HOME>/repository/conf/ folder.

    Code Block
    <Property name="SCIMEnabled">true</Property>

...