This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
  • Created by Former user, last modified by Former user on Aug 12, 2017
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

The SCIM (System for Cross-Domain Identity Management) specification defines a fixed set of default attributes for the user object. This set is defined to ensure the interoperability and it can cater to most of the industry's identity management requirements. Given below is a sample user object with the default attributes set. 

However the SCIM specification itself introduces the Enterprise User Extension to support extra attributes for the SCIM user object.

However the reality in the industry is that organizations have their own attributes defined for the users. These attributes are already there in their LDAP schemas. Therefore SCIM should be extensible enough to cope with these custom attributes of the users.

WSO2 Identity Server allows users to define their own user schema in a configuration file ([IS-HOME]/repository/conf/scim-schema-extension.config). Then these configured schema are used while creating, validating user objects. With this the users can pass their custom attributes of users over SCIM for Identity Management requirements. The implementation is adhering to the Schema Extension Model. Given below is a sample extended user object with the default schema configuration.

Enable Extension

The following steps explain how to enable extensions for extended attributes in SCIM 2.0. 

  1. Locate the provisioning-config.xml file in the path [IS-HOME]/repository/conf/identity/provisioning-config.xml.

  2. Open the file and locate the "user-schema-extension-enabled" property and set it to true.

    <Property name=”user-schema-extension-enabled”>true</Property>

  3. Locate the scim-schema-extension.config in the path [IS-HOME]/repository/conf/identity/ and add "somefield" attribute. 

    {
"attributeURI":"urn:scim:schemas:extension:wso2:1.0:wso2Extension.somefield",
"attributeName":"somefield",
"dataType":"string",
"multiValued":"false",
"multiValuedAttributeChildName":"null",
"description":"The uid of the user",
"schemaURI":"urn:scim:schemas:extension:wso2:1.0",
"readOnly":"false",
"required":"false",
"caseExact":"false",
"subAttributes":"null"
},

    Make sure that the 'somefield' attribute is added as the penultimate one, that is just before "wso2extension" attribute.

  4. Add "somefield" as a sub attribute of "wso2extension".

    "subAttributes":"employeeNumber costCenter organization division department manager somefield"
  5. Save the file and restart the server.

Now you can configure the claim mappings in order to map the SCIM user attributes to the LDAP user attributes.


Claims Mapping

  1. Log into the Management Console.
  2. Under Main tab, click Add under Claims
  3. Click Add External Claim.
  4. Select urn:scim:schemas:core:1.0 as the Dialect URI, give urn:scim:schemas:extension:wso2:1.0:wso2Extension.somefield as External Claim URI and select http://wso2.org/claims/organization for Mapped Local Claim and click Add.


    Now added claim mapping will be visible under Available Claims for urn:scim:schemas:core:1.0 section.

Similarly, map a claim for another attribute. Now the server is up and running with the new extended user schema. The claim mappings can map the SCIM user attributes to the LDAP user attributes.

CURL Commands

The following is the cURL command to add a user:

curl -v -k --user admin:admin --data '{"schemas":[],"userName":"ShirazAzad","password":"Wso2@1234","wso2Extension":{"somefield":"wso2Org","employeeNumber":"01234"}}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

The above command provides the following result:

{"wso2Extension":{"somefield":"wso2Org","employeeNumber":"01234"},"meta":{"created":"2017-08-12T12:16:40","location":"https://localhost:9443/wso2/scim/Users/7b391e38-c50d-41a4-904a-d6611d3196b0","lastModified":"2017-08-12T12:16:40"},"schemas":["urn:scim:schemas:core:1.0","urn:scim:schemas:extension:wso2:1.0"],"id":"7b391e38-c50d-41a4-904a-d6611d3196b0","userName":"ShirazAzad"}

Give the following cURL to get the details of the created user:

curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users/7b391e38-c50d-41a4-904a-d6611d3196b0

The above command provides the following result:

{"meta":{"created":"2017-08-12T12:16:40","location":"https://localhost:9443/wso2/scim/Users/7b391e38-c50d-41a4-904a-d6611d3196b0","lastModified":"2017-08-12T12:16:40"},"wso2Extension":{"somefield":"wso2Org","employeeNumber":"01234"},"schemas":["urn:scim:schemas:core:1.0","urn:scim:schemas:extension:wso2:1.0"],"name":{"familyName":"ShirazAzad"},"id":"7b391e38-c50d-41a4-904a-d6611d3196b0","userName":"ShirazAzad"}
  • No labels