You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by lfinch <An...@CereCore.net> on 2019/12/11 18:29:03 UTC
Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Hello, I am using SCIM connectors to add/modify users and groups(roles). I
have the ConnID bundle for SCIM1.1 selected. I want to verify that, in
order to push group related data (such as user membership) from Syncope to
an external resource, I need to implement the SCIM 2.0 extension references
in the 2.1.4 Reference Guide. My external resource only supports SCIM 1.1
but all references I see to groups in any SCIM documentation versions the
group schema to SCIM 2.0.
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 22/01/20 16:56, lfinch wrote:
>>> as far as I can see from [1], it seems that the SCIM 1.1 bundle only supports the __ACCOUNT__ object class, e.g. only users.
> So with this, are you saying I can't even read the groups data? Even if I
> can't pass it back to my external resource, can I read it and save in
> Internal Storage if I use the schema extension?
>
> Or do I have to use a different connector altogether to extract group
> information? Thanks!
Hi,
my statement above just says that the given Connector Bundle is not capable to manage anything but users because the code for managing groups is simply missing.
I think you have few options available:
(1) find another compatible connector bundle supporting groups (even though I don't think it exists)
(2) implement the missing group support into the SCIM 1.1 connector bundle
(3) implement the needed operations via the Scripted REST connector bundle (and possibly contribute the code back to the original repository)
I would suggest to continue this discussion on the connid-users list, as not directly regarding Apache Syncope.
Regards.
[1] https://groups.google.com/forum/#!forum/connid-users
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Posted by lfinch <An...@CereCore.net>.
>>as far as I can see from [1], it seems that the SCIM 1.1 bundle only
supports the __ACCOUNT__ object class, e.g. only users.
So with this, are you saying I can't even read the groups data? Even if I
can't pass it back to my external resource, can I read it and save in
Internal Storage if I use the schema extension?
Or do I have to use a different connector altogether to extract group
information? Thanks!
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 13/12/19 08:49, Francesco Chicchiriccò wrote:
> On 12/12/19 17:53, lfinch wrote:
>> That's what I'm trying to determine. My target is a SCIM 1.1 provider and I
>> have to ConnID SCIM 1.1 connector implemented.
>>
>> How to I use Syncope to propagate a group to my SCIM 1.1 provider? Thanks!
> If your target is a SCIM 1.1 provider then all you need is to properly configure the ConnId SCIM 1.1 bundle.
>
> I don't think I ever configured that bundle for group provisioning, nor it seems there is reference about that (howtos, blog posts, ...); however, I am quite sure it should work, just keep trying :-)
Mmm actually no: as far as I can see from [1], it seems that the SCIM 1.1 bundle only supports the __ACCOUNT__ object class, e.g. only users.
Regards.
[1] https://github.com/Tirasa/ConnIdSCIMv11Bundle/blob/master/src/main/java/net/tirasa/connid/bundles/scimv11/utils/SCIMv11Attributes.java#L77
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 12/12/19 17:53, lfinch wrote:
> That's what I'm trying to determine. My target is a SCIM 1.1 provider and I
> have to ConnID SCIM 1.1 connector implemented.
>
> How to I use Syncope to propagate a group to my SCIM 1.1 provider? Thanks!
If your target is a SCIM 1.1 provider then all you need is to properly configure the ConnId SCIM 1.1 bundle.
I don't think I ever configured that bundle for group provisioning, nor it seems there is reference about that (howtos, blog posts, ...); however, I am quite sure it should work, just keep trying :-)
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Posted by lfinch <An...@CereCore.net>.
That's what I'm trying to determine. My target is a SCIM 1.1 provider and I
have to ConnID SCIM 1.1 connector implemented.
How to I use Syncope to propagate a group to my SCIM 1.1 provider? Thanks!
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Verification on SCIM 1.1 / SCIM 2.0 in Syncope
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 11/12/19 19:29, lfinch wrote:
> Hello, I am using SCIM connectors to add/modify users and groups(roles). I have the ConnID bundle for SCIM1.1 selected.
> I want to verify that, in order to push group related data (such as user membership) from Syncope to an external resource, I need to implement the SCIM 2.0 extension references in the 2.1.4 Reference Guide. My external resource only supports SCIM 1.1
> but all references I see to groups in any SCIM documentation versions the group schema to SCIM 2.0.
Hi,
I guess that you are referring to [1] when you say above "I need to implement the SCIM 2.0 extension references in the 2.1.4 Reference Guide".
Please notice that [1] is to allow Syncope to play the role of SCIM 2.0 provider, e.g. to serve identities according to the SCIM 2.0 protocol.
The ConnId SCIM 1.1. connector [2] instead, is a SCIM 1.1 client; when configured in Syncope, it allows Syncope to provision identities from / to a SCIM 1.1 provider.
Are you sure you need both?
Regards.
[1] https://syncope.apache.org/docs/2.1/reference-guide.html#scim
[2] https://github.com/Tirasa/ConnIdSCIMv11Bundle
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/