Design
- This is a pure SCIM API with extensions and new Resource Types
- PennState implemented a generic SCIM server in their github. Grouper is using that as a third party library. None of our work (except perhaps pull requests) is stored there
- The Grouper SCIM adapter is a grouper component in Grouper's Internet Github repo
Steps to run SCIM server locally. First four steps are to install docker on Mac.
- Download Docker Toolbox from https://www.docker.com/products/docker-toolbox and install it. It's a simple few steps wizard. By default, it will be installed in /usr/local/bin.
- Launch Docker Quick Start Terminal (First time when you open this application, it will create a "default" machine under ~/.docker)
- Towards the bottom of the terminal, there will be a message something like: docker is configured to use the default machine with IP 192.168.99.100
- Set the environment variables below. Chane the DOCKER_CERT_PATH value. DOCKER_HOST is the same as mentioned in step 3.export DOCKER_TLS_VERIFY="1"export DOCKER_HOST="tcp://192.168.99.100:2376"export DOCKER_CERT_PATH="/Users/vsachdeva/.docker/machine/machines/default"export DOCKER_MACHINE_NAME="default"
- Run command: "docker run hello-world" from the terminal. I run it just to make sure that the installation was correct.
- Checkout scim project by running: "git clone https://github.com/PennState/SCIMple-Identity.git" (It should automatically be on develop branch. Switch if already not)
- Checkout tier project by running: "git clone https://github.com/PennState/tier.git" (It should automatically be on develop branch. Switch if already not)
- Checkout commons-jaxrsby running: "git clone https://github.com/PennState/commons-jaxrs.git" (It should automatically be on develop branch. Switch if already not)
- Run "mvn clean install" from common-jaxrs project
- Run "mvn clean install" from SCIMple-Identity project
- Run "mvn clean install -Pdocker" from tier project (It might take a few minutes the first time since it has to download the jboss/widlflyimage from internet). If it fails saying: Failed to execute
goal io.fabric8:docker-maven-plugin:0.14.2:build (build) on projecteduperson-scim-web: Unable to build image [eduperson-scim-server]: Unknown instruction: --SILENT. In the eduperson-scim-web/pom.xml, put --silent in the same line as the command. It's around line # 108. - Run "docker run --rm -it -p 8080:8080 -p 9990:9990 eduperson-scim-server"
- Hit this URL http://192.168.99.100:8080/tier/v2/Schemas to verify that server is up and running (You might have to change the IP. It would be same as in step # 3 above)
- You can access the management console of wildfly server by going to http://192.168.99.100:9990/
Grouper TIER SCIM on demo server
- Grouper TIER SCIM is on demo server
- It runs in 2.3 under tomcat_h
- The URL is on the demo server which is: https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/
tomcat_h has:
[appadmin@i2midev1 grouper-ws-scim_v2_3]$ more /etc/init.d/tomcat_h export CATALINA_BASE="/opt/tomcats/tomcat_h" export JAVA_HOME="/opt/javas/java_h" export TOMCAT_HOME="/opt/tomee7base" [appadmin@i2midev1 grouper-ws-scim_v2_3]$ ls -latr /opt/tomee7base lrwxrwxrwx 1 appadmin users 29 Jul 22 12:42 /opt/tomee7base -> apache-tomee-webprofile-7.0.1 [appadmin@i2midev1 grouper-ws-scim_v2_3]$ ls -latr /opt/javas/java_h lrwxrwxrwx 1 appadmin users 8 Jul 22 18:35 /opt/javas/java_h -> ../java8 [appadmin@i2midev1 grouper-ws-scim_v2_3]$
- Java8
- TomEE (7.0.1)
Warfile/webapp
[appadmin@i2midev1 grouper-ws-scim_v2_3]$ ls /opt/tomcats/tomcat_h/webapps/ grouper-ws-scim_v2_3 grouper-ws-scim_v2_3.war
Control the server
[appadmin@i2midev1 grouper-ws-scim_v2_3]$ /sbin/service tomcat_h status|stop|start|restart
- Note: the demo server uses Apache basic auth, not tomcat tomcat-users.xml
Sample Group GET
You can get a group by UUID, systemName or idIndex. systemName and idIndex are prefixes and must be provided in the path if looking up a group by system name or id Index.
https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups/b32e826380ea42c69dbf59cc262584f8
or: https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups/systemName:chris:testGroup
or: https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups/idIndex:10342
Response
{
"meta": {
"version": "vGTxTe/oj21b6+dweSG7Kbn1mZh394Tiv33IkJrOCcg="
},
"id": "b32e826380ea42c69dbf59cc262584f8",
"displayName": "chris:testGroup",
"members": [
{
"value": "87e53b36915c4fc9ac454a06ffa65da5",
"$ref": "../Users/0b5949edd3bf4b65a0ab7e9ce97a4cf9",
"type": "DIRECT"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:grouper:params:scim:schemas:extension:TierGroupExtension",
"urn:tier:params:scim:schemas:extension:TierMetaExtension"
],
"urn:tier:params:scim:schemas:extension:TierMetaExtension": {
"resultCode": "SUCCESS",
"responseDurationMillis": 23659
},
"urn:grouper:params:scim:schemas:extension:TierGroupExtension": {
"description": "description updated using grouper-ws-scim PUT request",
"idIndex": 10342,
"systemName": "chris:testGroup"
}
}
Sample Group Find By Exact Field
Valid fields names are: name, uuid, idIndex, displayName, extension, displayExtension and description.
Examples are:
https://grouperdemo.internet2.edu/grouper-ws-scim_v2_3/v2/Groups?filter=idIndex%20eq%20%2211157%22
Response
{
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"meta": {
"version": "jvge2T4+dEay9n49YDBM6gF2BS3bLG/ifUlfN5Zg6qY="
},
"id": "f50afe0442ab452bb0dbeae4bb1faefa",
"displayName": "test:groupTest1",
"members": [
{
"value": "87e53b36915c4fc9ac454a06ffa65da5",
"$ref": "../Users/0b5949edd3bf4b65a0ab7e9ce97a4cf9",
"type": "DIRECT"
},
{
"value": "da1b779fbfce448d91fc7926ecb693ba",
"$ref": "../Users/237dd8909c20481eb143fa3ae32df998",
"type": "DIRECT"
},
{
"value": "c6927b11dd74411d9881f7c528766b7b",
"$ref": "../Users/39f0db14af5a412e81e2108856188cab",
"type": "DIRECT"
},
{
"value": "02ac936fe85c42aead3973558ee3cc3b",
"$ref": "../Users/02d6d01291bb43f09e3b5e387ef0bab2",
"type": "DIRECT"
},
{
"value": "8648fddf0345448a9bea21f953116f83",
"$ref": "../Users/aa04aec5f93b4e1b80e45bf592dc2770",
"type": "DIRECT"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:grouper:params:scim:schemas:extension:TierGroupExtension"
],
"urn:grouper:params:scim:schemas:extension:TierGroupExtension": {
"description": "group description updated",
"idIndex": 11157,
"systemName": "test:groupTest1"
}
}
]
}
Sample Group Find By Approximate Field
Valid field names are: displayName, extension, displayExtension and description
Response
{
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 2,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"meta": {
"version": "LGPfv7vSj+TjclWZxGRTMAM0Bq5v6hl+6QRgmIz4I+0="
},
"id": "cf6a3e71e5e545609f5b04b6a26c9ec7",
"displayName": "users:penn:mageerc:test:rickGroupTest",
"members": [
{
"value": "87e53b36915c4fc9ac454a06ffa65da5",
"$ref": "../Users/0b5949edd3bf4b65a0ab7e9ce97a4cf9",
"type": "INDIRECT"
},
{
"value": "f06d86631b4b45118d4a18540c04f48e",
"$ref": "../Users/58be116e1cae4e18b2e3d40b9777f99b",
"type": "DIRECT"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:grouper:params:scim:schemas:extension:TierGroupExtension"
],
"urn:grouper:params:scim:schemas:extension:TierGroupExtension": {
"description": "",
"idIndex": 10260,
"systemName": "users:penn:mageerc:rcm:rgt"
}
},
{
"meta": {
"version": "jvge2T4+dEay9n49YDBM6gF2BS3bLG/ifUlfN5Zg6qY="
},
"id": "f50afe0442ab452bb0dbeae4bb1faefa",
"displayName": "test:groupTest1",
"members": [
{
"value": "87e53b36915c4fc9ac454a06ffa65da5",
"$ref": "../Users/0b5949edd3bf4b65a0ab7e9ce97a4cf9",
"type": "DIRECT"
},
{
"value": "da1b779fbfce448d91fc7926ecb693ba",
"$ref": "../Users/237dd8909c20481eb143fa3ae32df998",
"type": "DIRECT"
},
{
"value": "c6927b11dd74411d9881f7c528766b7b",
"$ref": "../Users/39f0db14af5a412e81e2108856188cab",
"type": "DIRECT"
},
{
"value": "02ac936fe85c42aead3973558ee3cc3b",
"$ref": "../Users/02d6d01291bb43f09e3b5e387ef0bab2",
"type": "DIRECT"
},
{
"value": "8648fddf0345448a9bea21f953116f83",
"$ref": "../Users/aa04aec5f93b4e1b80e45bf592dc2770",
"type": "DIRECT"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:grouper:params:scim:schemas:extension:TierGroupExtension"
],
"urn:grouper:params:scim:schemas:extension:TierGroupExtension": {
"description": "group description updated",
"idIndex": 11157,
"systemName": "test:groupTest1"
}
}
]
}