SCIM module was added in CzechIdM 8.1.0.
The aim of this tutorial is to create a new group (~ IdM role), a user (~ IdM identity) with contract (~ IdM identity contract). Then assign him a group (~IdM identity role).
admin:admin
identity.Note: Swagger can be used in the example.
Only userName
attribute is required for creating a user:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' -d '{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "userName": "scimOne" }' 'http://localhost:8080/idm/api/v1/scim/Users'
Default contract is created automatically for new user (if default contract is enabled by configuration).
Created contracts for user can be found:
curl -X GET --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' 'http://localhost:8080/idm/api/v1/scim/Users/scimOne/Contracts'
But if we want to create new contract:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' -d '{ "schemas": [ "urn:ietf:params:scim:schemas:CzechIdM:8.1:Contract" ], "user": "scimOne", "position": "test" }' 'http://localhost:8080/idm/api/v1/scim/Contracts'
We will use returned contract id
attribute in next requests.
Now we have user and contract. Now we will create new role with this role assigned to user's contract. We can create and assing role with one request:
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' -d '{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group" ], "displayName": "roleScimOne", "members": [{ "$ref": "/Users/scimOne/Contracts/5ea857ff-2ec1-4c29-813b-c0d37fc23065" } ] }' 'http://localhost:8080/idm/api/v1/scim/Groups'