This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

SCIM Implementation with Charon

This topic expands on WSO2 Charon - one of the SCIM implementations that are made available under Apache 2.0 license. Charon includes libraries used by SCIM in the WSO2 Identity Server.

The following diagram provides an overview on the module breakdown of Charon along with purpose of each module and planned tasks of them.

The following includes a brief introduction on each of the modules.

  • Charon-Core: This is the API that exposes an implementation of the SCIM specification. It can be used by any SCIM service provider or client implementation to support SCIM operations/functionalities. In addition to that, it also allows room for extension points to be plugged in according to the particular server side/client side implementation, such as authentication handler, user storage, encoders/decoders etc.
  • Charon-Utils: This contains a set of default implementations of the extension points mentioned above. For example: Basic Auth, OAuth handlers, LDAP based user storage etc. A particular implementation that uses charon-core as SCIM API can use these default implementations as building blocks.
  • Charon-Deployment (Note: this is renamed as Charon-Impl): A reference implementation of SCIM service provider is shipped with this module. Currently it is a Apache Wink based web app that can be deployed in any application server - such as Tomcat, and enables the SCIM endpoints to be exposed. This is based on the above two modules: charon-core and charon-utils, and illustrates how any SCIM implementation can utilize the API and supporting module provided by Charon.
  • Charon-Samples: This contains samples illustrating the SCIM use cases. Samples mainly contain the SCIM client side implementations which can be run against a SCIM server, and hence can also be referenced to get to know how the API provided by Charon can be used to implement SCIM client side.

Charon-Deployment

Charon-Deployment is the reference implementation of SCIM service provider that is shipped with Charon. The following illustrates how any concrete implementation of a SCIM service provider can make use of Charon-Core (the SCIM API) with Charon-Utils (optional).

The SCIM service provider needs to be a RESTful web application. REST is an architectural style of building networked applications. There are several ways to implement REST style based applications - such as Servlets and JAX-RS based frameworks. In the reference implementation of Charon-SCIM service provider, the latter approach is selected since JAX-RS hides underlying HTTP handling and binds the servlets nicely to individual methods in the Java classes using annotations. Annotations can also dynamically extract information from HTTP requests and map application-generated exceptions to HTTP response codes. 

 Out of the JAX-RS implementations, Apache-Wink was selected since it better catered to the requirements. The Charon-Impl module creates an Apache-Wink based web application which can be deployed in an application server like Tomcat and which acts as a SCIM service provider.

The following is a deployment diagram of Charon-SCIM service provider (the web application provided by Charon-Impl module). It also gives a high level idea on how Charon-Core and Charon-Utils modules are utilized.

As this diagram of the reference implementation illustrates, a SCIM service provider can be developed using any REST implementation and SCIM-defined resources can be exposed utilizing the API provided by the Charon-Core. On the other hand, SCIM Consumers can also be implemented using the client API of Charon-Core.