Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Download the latest version of WSO2 Identity Server (IS) from here and extract it to a folder. Extracted folder will hereafter be referred to as <IS_HOME>.
  2. Download the SCIM 2.0 connector artifacts for WSO2 Identity Server from here

    Expand
    titleExpand to see what the SCIM 2.0 connector artifacts pack includes
    • charon-config.xml

    • claim-config-diff.txt

    • org.wso2.carbon.identity.scim2.common-1.1.1.jar

    • org.wso2.charon3.core-3.0.7.jar

    • README

    • scim2-schema-extension.config

    • scim2.war

  3. From the downloaded artifacts, place the org.wso2.charon.core-3x.0x.7x.jar file in the <IS_HOME>/repository/components/lib folder.
  4. Place the org.wso2.carbon.identity.scim2.common-1x.1x.1x.jar file in the <IS_HOME>/repository/components/dropins folder.
  5. Place the scim2.war in the <IS_HOME>/repository/deployment/server/webapps folder.
  6. Place the charon-config.xml in the <IS_HOME>/repository/conf/identity folder.
  7. Place the scim2-schema-extension.config file in the <IS_HOME>/repository/conf folder.
  8. Append the following entries to the <ResourceAccessControl></ResourceAccessControl> element of the identity.xml file found in the <IS_HOME>/repository/conf/identity folder.

    Code Block
    <Resource context="(.*)/scim2/Users" secured="true" http-method="POST">
        <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Users" secured="true" http-method="GET">
        <Permissions>/permission/admin/manage/identity/usermgt/list</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">
        <Permissions>/permission/admin/manage/identity/rolemgt/create</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Groups" secured="true" http-method="GET">
        <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="GET">
        <Permissions>/permission/admin/manage/identity/usermgt/view</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PUT">
        <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="PATCH">
        <Permissions>/permission/admin/manage/identity/usermgt/update</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Users/(.*)" secured="true" http-method="DELETE">
        <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="GET">
        <Permissions>/permission/admin/manage/identity/rolemgt/view</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PUT">
        <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="PATCH">
        <Permissions>/permission/admin/manage/identity/rolemgt/update</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Groups/(.*)" secured="true" http-method="DELETE">
        <Permissions>/permission/admin/manage/identity/rolemgt/delete</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Me" secured="true" http-method="GET">
        <Permissions>/permission/admin/login</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Me" secured="true" http-method="DELETE">
        <Permissions>/permission/admin/manage/identity/usermgt/delete</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Me" secured="true" http-method="PUT">
        <Permissions>/permission/admin/login</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Me" secured="true" http-method="PATCH">
        <Permissions>/permission/admin/login</Permissions>
    </Resource>
    <Resource context="(.*)/scim2/Me" secured="true" http-method="POST">
        <Permissions>/permission/admin/manage/identity/usermgt/create</Permissions>
    </Resource>
    <Resource context="/scim2/ServiceProviderConfig" secured="false" http-method="all">
        <Permissions></Permissions>
    </Resource>
    <Resource context="/scim2/ResourceType" secured="false" http-method="all">
        <Permissions></Permissions>
    </Resource>
    <Resource context="/scim2/Bulk" secured="true" http-method="all">
        <Permissions>/permission/admin/manage/identity/usermgt</Permissions>
    </Resource>
    <Resource context="(.*)/api/identity/oauth2/dcr/(.*)" secured="true" http-method="all">
        <Permissions>/permission/admin/manage/identity/applicationmgt</Permissions>
    </Resource>
  9. Disable the SCIM listener with the orderId=90 parameter by setting the enable parameter to false in the identity.xml file found in the <IS_HOME>/repository/conf/identity folder. 
    Then, add the SCIM2 listener with the orderid=93 parameter to the identity.xml file and ensure that the enable parameter is set to true.

    Code Block
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" enable="false" />
    
    <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
    
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener" orderId="93" enable="true" />
  10. If you will be using the tenant endpoint, add the following property within the <TenantContextsToRewrite> <WebApp> tag of the identity.xml file found in the <IS_HOME>/repository/conf/identity folder.

    Code Block
    <Context>/scim2</Context>
  11. Ensure that the following property is set to true to enable SCIM for the relevant userstore in the user-mgt.xml file found in the  <IS_HOME>/repository/conf/ folder.

    Code Block
    <Property name="SCIMEnabled">true</Property>

...