This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server can be configured to behave as a SCIM service provider for the primary user store. See the topic on on Identity Server as a SCIM Provider for  for more information on how this can be achieved. This topic provides instructions on how the Identity Server can be configured as a SCIM Service Provider for a secondary user store.

When a user or a group is created with SCIM, there are set of specific values which needs to be saved along with the user or group. Some of these values are as follows.

Unless your user store is a JDBC user store or the embedded LDAP (which comes with IS), you need to map how these values are stored in your user store. This mapping can be done in the claim mapping setup in the Identity Server. You can do the claim mapping for any primary user store. This process is explained explained here.

Now lets assume you have an AD user store as the primary user store and you have done the claim mappings for the SCIM attributes. Then you need to add a secondary user store and this will be an OpenLDAP. In this scenario, claim mappings done for AD may not be suited for OpenLDAP attributes. Therefore it should be possible to map claim attributes to the secondary user store. For this you need to change the "Mapped Attribute" value as indicated below.

  1. Log into the WSO2 Identity Server and access the the management console.
  2. In the the Main menu  menu of the management console, click click List under  under Claims. See See here for  for more information on claim management.
  3. Click one of the available claims. You can alternatively alternatively Add a New Claim Dialect if the claim you wish to modify is not available.
  4. Click Click Edit and modify the Mapped Attribute field in the resulting page.
    {primary-attribute};{secondary user store domain}/{secondary-attribute}
    Image RemovedImage Added

Now you can perform SCIM operations to secondary user store as below.

...

Code Block
curl -v -k --user admin:admin --data "'{"schemas":[],"name":{"familyName":"kahawala","givenName":"venura"},"userName":'demo.com/venura',"password":"testPwd123"}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

...

Code Block
curl -v -k --user admin:admin -X PUT -d "'{"schemas":[],"name":{"familyName":"kahawala","givenName":"venura"},"userName":'demo.com/venura',"emails":[{"value":"[email protected]","type":"work"},{"value":"[email protected]","type":"home"}]}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users/334d988a-5e68-4594-8b96-356adeec29f1

...

Code Block
curl -v -k --user admin:admin --data "'{"displayName": 'demo.com/Engineer',"members": [{"value":"334d988a-5e68-4594-8b96-356adeec29f1","display": "venura"}]}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups

...

Code Block
curl -v -k --user admin:admin -X PUT -d "'{"displayName": 'demo.com/Engineer' ,"members": [{"value":"334d988a-5e68-4594-8b96-356adeec29f1","display": "venura"}, {"value":"p09okhyt-5e68-4594-8mkj-356ade12we34","display": "testUser"}]}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/c4f6c973-bae6-4a03-b09f-2ad8629f406c

...

Code Block
curl -v -k --user admin:admin -X PATCH -d "'{"displayName": 'US2/secEngineer',"members": [{"value":"4a0fcb2b-efff-4dc2-ad2d-a25f0a814bd3","display": 'US2/secUser1'}]}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/81d9bab2-d798-433d-af9e-b9d960cf358c

...

Code Block
curl -v -k --user admin:admin -X PATCH -d "'{"displayName": 'US2/secEngineer',"members": [{"value":"4a0fcb2b-efff-4dc2-ad2d-a25f0a814bd3","display": 'US2/secuser1',"operation":"delete"}]}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/81d9bab2-d798-433d-af9e-b9d960cf358c

...

Code Block
curl -v -k --user admin:admin -X PATCH -d "'{"displayName": 'US2/secEngineer'',"members": [{"value":"4a0fcb2b-efff-4dc2-ad2d-a25f0a814bd3","display": 'US2/secuser1'},{"value":"b2f5182d-ebfc-4b74-b0db-537e8dba38c3","display": 'US2/secuser5',"operation":"delete"}]}"' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/81d9bab2-d798-433d-af9e-b9d960cf358c