Design
- This is a pure SCIM API with extensions and new Resource Types
- PennState implemented a generic SCIM server in their github. Grouper is using that as a third party library. None of our work (except perhaps pull requests) is stored there
- The Grouper SCIM adapter is a grouper component in Grouper's Internet Github repo
Steps to run SCIM server locally. First four steps are to install docker on Mac.
- Download Docker Toolbox from https://www.docker.com/products/docker-toolbox and install it. It's a simple few steps wizard. By default, it will be installed in /usr/local/bin.
- Launch Docker Quick Start Terminal (First time when you open this application, it will create a "default" machine under ~/.docker)
- Towards the bottom of the terminal, there will be a message something like: docker is configured to use the default machine with IP 192.168.99.100
- Set the environment variables below. Chane the DOCKER_CERT_PATH value. DOCKER_HOST is the same as mentioned in step 3.export DOCKER_TLS_VERIFY="1"export DOCKER_HOST="tcp://192.168.99.100:2376"export DOCKER_CERT_PATH="/Users/vsachdeva/.docker/machine/machines/default"export DOCKER_MACHINE_NAME="default"
- Run command: "docker run hello-world" from the terminal. I run it just to make sure that the installation was correct.
- Checkout scim project by running: "git clone https://github.com/PennState/SCIMple-Identity.git" (It should automatically be on develop branch. Switch if already not)
- Checkout tier project by running: "git clone https://github.com/PennState/tier.git" (It should automatically be on develop branch. Switch if already not)
- Checkout commons-jaxrsby running: "git clone https://github.com/PennState/commons-jaxrs.git" (It should automatically be on develop branch. Switch if already not)
- Run "mvn clean install" from common-jaxrs project
- Run "mvn clean install" from SCIMple-Identity project
- Run "mvn clean install -Pdocker" from tier project (It might take a few minutes the first time since it has to download the jboss/widlflyimage from internet). If it fails saying: Failed to execute
goal io.fabric8:docker-maven-plugin:0.14.2:build (build) on projecteduperson-scim-web: Unable to build image [eduperson-scim-server]: Unknown instruction: --SILENT. In the eduperson-scim-web/pom.xml, put --silent in the same line as the command. It's around line # 108. - Run "docker run --rm -it -p 8080:8080 -p 9990:9990 eduperson-scim-server"
- Hit this URL http://192.168.99.100:8080/tier/v2/Schemas to verify that server is up and running (You might have to change the IP. It would be same as in step # 3 above)
- You can access the management console of wildfly server by going to http://192.168.99.100:9990/
Grouper TIER SCIM on demo server
- Grouper TIER SCIM is on demo server
- It runs in 2.3 under tomcat_h
- The URL is on the demo server which is: https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/
tomcat_h has:
[appadmin@i2midev1 grouper-ws-scim_v2_3]$ more /etc/init.d/tomcat_h export CATALINA_BASE="/opt/tomcats/tomcat_h" export JAVA_HOME="/opt/javas/java_h" export TOMCAT_HOME="/opt/tomee7base" [appadmin@i2midev1 grouper-ws-scim_v2_3]$ ls -latr /opt/tomee7base lrwxrwxrwx 1 appadmin users 29 Jul 22 12:42 /opt/tomee7base -> apache-tomee-webprofile-7.0.1 [appadmin@i2midev1 grouper-ws-scim_v2_3]$ ls -latr /opt/javas/java_h lrwxrwxrwx 1 appadmin users 8 Jul 22 18:35 /opt/javas/java_h -> ../java8 [appadmin@i2midev1 grouper-ws-scim_v2_3]$
- Java8
- TomEE (7.0.1)
Warfile/webapp
[appadmin@i2midev1 grouper-ws-scim_v2_3]$ ls /opt/tomcats/tomcat_h/webapps/ grouper-ws-scim_v2_3 grouper-ws-scim_v2_3.war
Control the server
[appadmin@i2midev1 grouper-ws-scim_v2_3]$ /sbin/service tomcat_h status|stop|start|restart
- Note: the demo server uses Apache basic auth, not tomcat tomcat-users.xml
Sample Group GET
https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups/b32e826380ea42c69dbf59cc262584f8
or: https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups/systemName:chris:testGroup
or: https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups/idIndex:10342
{ "meta": { "version": "vGTxTe/oj21b6+dweSG7Kbn1mZh394Tiv33IkJrOCcg=" }, "id": "b32e826380ea42c69dbf59cc262584f8", "displayName": "chris:testGroup", "members": [ { "value": "87e53b36915c4fc9ac454a06ffa65da5", "$ref": "../Users/0b5949edd3bf4b65a0ab7e9ce97a4cf9", "type": "DIRECT" } ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group", "urn:grouper:params:scim:schemas:extension:TierGroupExtension", "urn:tier:params:scim:schemas:extension:TierMetaExtension" ], "urn:tier:params:scim:schemas:extension:TierMetaExtension": { "resultCode": "SUCCESS", "responseDurationMillis": 23659 }, "urn:grouper:params:scim:schemas:extension:TierGroupExtension": { "description": "description updated using grouper-ws-scim PUT request", "idIndex": 10342, "systemName": "chris:testGroup" } }
Sample Group Find
{ "totalResults": 1, "startIndex": 1, "itemsPerPage": 1, "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "Resources": [ { "meta": { "version": "jvge2T4+dEay9n49YDBM6gF2BS3bLG/ifUlfN5Zg6qY=" }, "id": "f50afe0442ab452bb0dbeae4bb1faefa", "displayName": "test:groupTest1", "members": [ { "value": "87e53b36915c4fc9ac454a06ffa65da5", "$ref": "../Users/0b5949edd3bf4b65a0ab7e9ce97a4cf9", "type": "DIRECT" }, { "value": "da1b779fbfce448d91fc7926ecb693ba", "$ref": "../Users/237dd8909c20481eb143fa3ae32df998", "type": "DIRECT" }, { "value": "c6927b11dd74411d9881f7c528766b7b", "$ref": "../Users/39f0db14af5a412e81e2108856188cab", "type": "DIRECT" }, { "value": "02ac936fe85c42aead3973558ee3cc3b", "$ref": "../Users/02d6d01291bb43f09e3b5e387ef0bab2", "type": "DIRECT" }, { "value": "8648fddf0345448a9bea21f953116f83", "$ref": "../Users/aa04aec5f93b4e1b80e45bf592dc2770", "type": "DIRECT" } ], "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group", "urn:grouper:params:scim:schemas:extension:TierGroupExtension" ], "urn:grouper:params:scim:schemas:extension:TierGroupExtension": { "description": "group description updated", "idIndex": 11157, "systemName": "test:groupTest1" } } ] }