Versions Compared

Old Version 5

changes.mady.by.user Keith Hazelton (wisc.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Keith Hazelton (wisc.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

4.1.2. Multi-Valued Attributes

 

Attributes Specific to SCIM Groups (RFC 7643)

4.2. "Group" Resource Schema

 

testbed.tier.internet2.edu/secure as System of Record

"uid":   "userName":"bjensen",                                               givenName,
 
 
Jim  
 
 
 
 

 

  | “Right now we capture: givenName, surname, initials (which I label as “middle name”, mail, cn, uid, eppn, and displayName.” 
 
Here’s the mapping from your attributes to their SCIM User Schema representation:
givenName,  surname, initials (middleName), displayName (formatted name), uid, and eppn:

 

"uid":   "userName":"bjensen",                                               
"name": {"formatted":"Ms. Barbara J Jensen III"       
"familyName":"Jensen",       
"givenName":"Barbara"       
"middleName": "Jane"       
"displayName": "Babs Jensen"     },         
mail:  "emails":[       
  {"value":"bjensen@example.com"}  
eppn:  "externalId":"bjensen",       
                        
So, the JSON-formatted body of the POST would look like this:
    
{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],     
"userName":"bjensen",     
"externalId":"bjensen",     
"name": {
  "formatted":"Ms. Barbara J Jensen III"       
  "familyName":"Jensen",       
  "givenName":"Barbara",       
  "middleName": "Jane",       
  "displayName": "Babs Jensen"},      
"emails":[       
  {"value":"bjensen@example.com"}    
}
        --Keith 
 
From: Jim Jokl <jaj@virginia.edu>
 Date: Friday, July 1, 2016 at 15:49 
 To: Keith Hazelton <keith.hazelton@wisc.edu>
 Subject: RE: API Call
 
Looks simple enough.
Right now we capture: givenName, surname, initials (which I label as “middle name”, mail, cn, uid, eppn, and displayName. 
I overload “description” and use it to hold the creator’s real home institution eppn 
– so you can’t have that – but I’m happy to add whatever else might be useful.  
I use the home site EPPN for access control (i.e., you can only edit your own records)
I also have a password available or you can simply use Kerberos.  
I don’t store passwords in LDAP but could do that if you need it for some reason.
 Jim
 

 
From: Keith Hazelton [mailto:keith.hazelton@wisc.edu
Sent: Friday, July 1, 2016 4:40 PM
To: Jokl, James A. (Jim) (jaj) <jaj@virginia.edu>
Subject: Re: API Call
Let’s start with this example straight out of the SCIM Protocol RFC.
Remind me what attributes you will have to pass along and I’ll add elements to the request body to represent them
Let me know if you have any questions.      –Keith

 

 
RFC 7644               SCIM Protocol Specification        September 2015
 
...
   When the service provider successfully creates the new resource, an
   HTTP response SHALL be returned with HTTP status code 201 (Created).
   The response body SHOULD contain the service provider's
   representation of the newly created resource.  The URI of the created
   resource SHALL include, in the HTTP "Location" header and the HTTP
   body, a JSON representation [RFC7159] with the attribute
   "meta.location".  Since the server is free to alter and/or ignore
   POSTed content, returning the full representation can be useful to
   the client, enabling it to correlate the client's and server's views
   of the new resource.
 
   In the following example, a client sends a POST request containing a
   "User" to the "/Users" endpoint.
 
   POST /Users  HTTP/1.1
   Host: example.com
   Accept: application/scim+json
   Content-Type: application/scim+json
   Authorization: Bearer h480djs93hd8
   Content-Length: ...
 
   {
     "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
     "userName":"bjensen",
     "externalId":"bjensen",
     "name":{
       "formatted":"Ms. Barbara J Jensen III",
       "familyName":"Jensen",
       "givenName":"Barbara"
     }
   }
 
 
   In response to the example request above, the server signals a
   successful creation with an HTTP status code 201 (Created) and
   returns a representation of the resource created:
 
   HTTP/1.1 201 Created
   Content-Type: application/scim+json
   Location:
    https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646
   ETag: W/"e180ee84f0671b1"
 
   {
     "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],
     "id":"2819c223-7f76-453a-919d-413861904646",
     "externalId":"bjensen",
     "meta":{
       "resourceType":"User",
       "created":"2011-08-01T21:32:44.882Z",
       "lastModified":"2011-08-01T21:32:44.882Z",
       "location":
   "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646",
       "version":"W\/\"e180ee84f0671b1\""
     },
     "name":{
       "formatted":"Ms. Barbara J Jensen III",
       "familyName":"Jensen",
       "givenName":"Barbara"
     },
     "userName":"bjensen"
   }

 

  
  
 
 
 
 
...