...
4.1.2. Multi-Valued Attributes
Attributes Specific to SCIM Groups (RFC 7643)
4.2. "Group" Resource Schema
testbed.tier.internet2.edu/secure as System of Record
|
| ||||
---|---|---|---|---|---|
| “Right now we capture: givenName, surname, initials (which I label as “middle name”, mail, cn, uid, eppn, and displayName.” Here’s the mapping from your attributes to their SCIM User Schema representation: | "uid": "userName":"bjensen", givenName,givenName, surname, initials (middleName), displayName (formatted name), uid, and eppn:
"uid": "userName":"bjensen", "name": {"formatted":"Ms. Barbara J Jensen III" "familyName":"Jensen", "givenName":"Barbara" "middleName": "Jane" "displayName": "Babs Jensen" }, mail: "emails":[ {"value":"bjensen@example.com"} eppn: "externalId":"bjensen", So, the JSON-formatted body of the POST would look like this: {"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "userName":"bjensen", "externalId":"bjensen", "name": { "formatted":"Ms. Barbara J Jensen III" "familyName":"Jensen", "givenName":"Barbara", "middleName": "Jane", "displayName": "Babs Jensen"}, "emails":[ {"value":"bjensen@example.com"} } --Keith | ||||
From: Jim Jokl <jaj@virginia.edu> Looks simple enough. | Right now we capture: givenName, surname, initials (which I label as “middle name”, mail, cn, uid, eppn, and displayName. | I overload “description” and use it to hold the creator’s real home institution eppn – so you can’t have that – but I’m happy to add whatever else might be useful. I use the home site EPPN for access control (i.e., you can only edit your own records) | . I also have a password available or you can simply use Kerberos. I don’t store passwords in LDAP but could do that if you need it for some reason. Jim
| Jim||
From: Keith Hazelton [mailto:keith.hazelton@wisc.edu] Sent: Friday, July 1, 2016 4:40 PM To: Jokl, James A. (Jim) (jaj) <jaj@virginia.edu> Subject: Re: API Call | Let’s start with this example straight out of the SCIM Protocol RFC. | Remind me what attributes you will have to pass along and I’ll add elements to the request body to represent them | Let me know if you have any questions. –Keith
| ||
RFC 7644 SCIM Protocol Specification September 2015 ... When the service provider successfully creates the new resource, an HTTP response SHALL be returned with HTTP status code 201 (Created). The response body SHOULD contain the service provider's representation of the newly created resource. The URI of the created resource SHALL include, in the HTTP "Location" header and the HTTP body, a JSON representation [RFC7159] with the attribute "meta.location". Since the server is free to alter and/or ignore POSTed content, returning the full representation can be useful to the client, enabling it to correlate the client's and server's views of the new resource. In the following example, a client sends a POST request containing a "User" to the "/Users" endpoint. POST /Users HTTP/1.1 Host: example.com Accept: application/scim+json Content-Type: application/scim+json Authorization: Bearer h480djs93hd8 Content-Length: ... { "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "userName":"bjensen", "externalId":"bjensen", "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", "givenName":"Barbara" } } In response to the example request above, the server signals a successful creation with an HTTP status code 201 (Created) and returns a representation of the resource created: HTTP/1.1 201 Created Content-Type: application/scim+json Location: https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646 ETag: W/"e180ee84f0671b1" { "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"bjensen", "meta":{ "resourceType":"User", "created":"2011-08-01T21:32:44.882Z", "lastModified":"2011-08-01T21:32:44.882Z", "location": "https://example.com/v2/Users/2819c223-7f76-453a-919d-413861904646", "version":"W\/\"e180ee84f0671b1\"" }, "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", "givenName":"Barbara" }, "userName":"bjensen" } |
| ||||
...