This documentation is in progress and includes all updates released after Identity Server 5.4.1. For documentation specific to a version, see About This Release.
Page Comparison - SCIM 1.1 APIs (v.5 vs v.6) - WSO2 Identity Server 5.x.x - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Correction related to DOCUMENTATION-7665

...

  • Update User: Update the work and home email fields of the user "hasinitg" through the following cURL command:

    Note

    Note: You have to use the correct SCIM ID by taking it either from the "create user" response or from the "list user" response.

    Code Block
    titleRequest
    curl -v -k --user {IS_USERNAME}:{IS_PASSWORD}  -X PUT -d '{"schemas":[],"name":{"familyName":"{LAST_NAME}","givenName":"{FIRST_NAME"},"userName":"{USERNAME","emails": "{EMAIL"}' --header "Content-Type:application/json" https://{IS_IP}:{IS_PORT}/wso2/scim/Users/{SCIM_USER_ID}
    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin -X PUT -d '{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","emails":[{"value":"[email protected]","type":"work"},{"value":"[email protected]","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users/0032fd29-55a9-4fb9-be82-b1c97c073f02

    You receive a 200 OK response and a payload containing the updated user representation.

    Info

    Alternatively, you can use the Users/me SCIM endpoint to update the user profile of the currently logged-in user:


    Code Block
    curl -v -k --user hasinitg:hasinitg -X PUT -d '{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","emails":[{"value":"[email protected]","type":"work"},{"value":"[email protected]","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users/me

    For this command, the user credentials of the user created above (hasinitg)wasusedasanexample.

    Note
    titleUpdating a resource using PATCH request

    You can also update a resource using a PATCH request. Unlike the PUT request (which completely replaces or overwrites the attributes), the PATCH modifies only the existing resource. The sample cURL command for a PATCH request is given below:

    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin -X PATCH -d '{"schemas": ["urn:scim:schemas:core:1.0"],"name":
    {"familyName": "Tester"},"userName": "hasinitg","meta": {"attributes": []}}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users/15722a71-3bd1-4864-8460-1e63a2dace65
    Code Block
    titleResponse
    200 OK
    {"emails":[
    {"type":"home","value":"hasini_home.com"},
    {"type":"work","value":"hasini_work.com"}],"meta":
    {"created":"2017-08-16T10:07:36","location":"https://localhost:9443/wso2/scim/Users/15722a71-3bd1-4864-8460-1e63a2dace65","lastModified":"2017-08-16T12:17:11"},"schemas":["urn:scim:schemas:core:1.0"],"name":
    {"familyName":"Tester","givenName":"hasinitg"},"id":"15722a71-3bd1-4864-8460-1e63a2dace65","userName":"hasinitg"}


  • Delete User: Delete the user with username 'pulasthim' that was created through the WSO2 Identity Server management console. 

    Code Block
    titleRequest
    curl -v -k --user {IS_USERNAME}:{IS_PASSWORD} -X DELETE https://{IS_IP}:{IS_PORT}/wso2/scim/Users/{SCIM_USER_ID} -H "Accept: application/json"
    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin -X DELETE https://localhost:9443/wso2/scim/Users/b228b59d-db19-4064-b637-d33c31209fae -H "Accept: application/json"

    You receive a response with status 200 OK and the user will be deleted from the user store. Similarly, you can manage groups by performing CRUD operations on the Group resource endpoint.


  • Filter User: Since CRUD operations have to be performed using SCIM ID which is unique to the service provider, the user REST endpoint also supports the filter operation. You can filter users based on their username, which is considered the unique user attribute in Carbon servers. You can use the following cURL command. WSO2 Identity Server currently supports only equal operation in filtering.

    Code Block
    titleRequest
    curl -v -k --user {IS_USERNAME}:{IS_PASSWORD} https://{IS_IP}:{IS_PORT}/wso2/scim/Users?filter={VALUE_TO_BE_CHECKED}+Eq+%22{VALUE_TO_BE_EQUAL}%22
    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users?filter=userName+Eq+%22hasinitg%22
    Code Block
    titleResponse
    {"schemas":["urn:scim:schemas:core:1.0"],"totalResults":1,"Resources":[{"id":"0032fd29-55a9-4fb9-be82-b1c97c073f02","userName":"hasinitg","meta":{"lastModified":"2016-01-26T18:26:04","created":"2016-01-26T16:46:53","location":"https://localhost:9443/wso2/scim/Users/0032fd29-55a9-4fb9-be82-b1c97c073f02"}}]}
  • Create Group: You can create groups either with or without members. The following command creates a group with a user.

    Note

    Note: When creating a group with users, you need to have that user already existing in the user store and provide its unique id. Create a new group named: 'engineer' with the user 'hasinitg' as a member. The attributes you have to include in the cURL command are the userID, username:password.

    Code Block
    titleRequest
    curl -v -k --user {IS_USERNAME}:{IS_PASSWORD} --data '{"displayName": {GROUP_NAME},"members": {MEMBERS_OF_THE_GROUP}}' --header "Content-Type:application/json" https://{IS_IP}:{IS_PORT}/wso2/scim/Groups
    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin --data '{"displayName": "engineer","members": [{"value":"316214c0-dd7e-4dc3-bed8-e91227d32597","hasinitgdisplay": "hasinitg"}]}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups

    You receive a response with the payload as indicated below and a response status 201 CREATED:

    Code Block
    titleResponse
    {"id":"b4f9bccf-4f79-4288-be21-78e0d4500714","schemas":["urn:scim:schemas:core:1.0"],"displayName":"PRIMARY/engineer","members":[{"value":"0032fd29-55a9-4fb9-be82-b1c97c073f02","display":"hasinitg"}],"meta":{"lastModified":"2016-01-26T18:31:57","created":"2016-01-26T18:31:57","location":"https://localhost:9443/wso2/scim/Groups/b4f9bccf-4f79-4288-be21-78e0d4500714"}}

    You can observe in the management console of IS, that the new group is listed under roles and user 'adam' is listed under users of that group.

  • List Groups: Now create another role through the Identity Server Management Console and list all the groups. Create a group named: 'manager' without any users added to it. The following command lists the groups. 

    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Groups

    When you list the groups, you can see both groups are listed.

    Code Block
    titleResponse
    {"schemas":["urn:scim:schemas:core:1.0"],"totalResults":2,"Resources":[{"id":"b4f9bccf-4f79-4288-be21-78e0d4500714","displayName":"PRIMARY/engineer","meta":{"lastModified":"2016-01-26T18:31:57","created":"2016-01-26T18:31:57","location":"https://localhost:9443/wso2/scim/Groups/b4f9bccf-4f79-4288-be21-78e0d4500714"}},{"id":"484cdc26-9136-427b-ad9e-96ea3082e1f5","displayName":"PRIMARY/manager","meta":{"lastModified":"2016-01-26T18:33:33","created":"2016-01-26T18:33:33","location":"https://localhost:9443/wso2/scim/Groups/484cdc26-9136-427b-ad9e-96ea3082e1f5"}}]}
  • Update Group: Rename the group "manager" to "executive":

    Code Block
    titleRequest
    curl -v -k --user {IS_USERNAME}:{IS_PASSWORD} -X PATCH -d '{"displayName": {GROUP_NAME}}' --header "Content-Type:application/json" https://{IS_IP}:{IS_PORT}/wso2/scim/Groups/{SCIM_GROUP_ID}
    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin -X PATCH -d '{"displayName": "executive"}' --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/484cdc26-9136-427b-ad9e-96ea3082e1f5

    You receive a response with 200 OK status and full JSON representation of the updated group.


  • Delete Group: You can delete the group using the unique SCIM Id of the group. The following command deletes the group: 'executive'.

    Code Block
    titleRequest
    curl -v -k --user {IS_USERNAME}:{IS_PASSWORD} -X DELETE https://{IS_IP}:{IS_PORT}/wso2/scim/Groups/{SCIM_GROUP_ID} -H "Accept: application/json"
    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin -X DELETE https://localhost:9443/wso2/scim/Groups/484cdc26-9136-427b-ad9e-96ea3082e1f5 -H "Accept: application/json"
  • Filter Group: You can filter groups with the group display name using one of the following commands. These commands filter the group with display name: 'engineer'.

    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Groups?filter=displayName+Eq+%22engineer%22

    OR

    Code Block
    titleRequest: Sample
    curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Groups?filter=displayNameEqengineer

    You will get the following response.

    Code Block
    titleResponse
    {"schemas":["urn:scim:schemas:core:1.0"],"totalResults":1,"Resources":[{"id":"b4f9bccf-4f79-4288-be21-78e0d4500714","displayName":"PRIMARY/engineer","meta":{"lastModified":"2016-01-26T18:31:57","created":"2016-01-26T18:31:57","location":"https://localhost:9443/wso2/scim/Groups/b4f9bccf-4f79-4288-be21-78e0d4500714"}}]}

    Now, you can use the above commands or similar in a sample scenario.

...