Page tree
Skip to end of metadata
Go to start of metadata

Status

FunctionalityExperimental, limited
Support statusSupportable
Support provided byEvolveum
OriginEvolveum
Target systemsStandard SCIM servers

Description

A generic connector for exchange of identity information which implements the 1.1 version of the System for Cross-domain Identity Management (SCIM) standard. Please see the "Interoperability" section below.


Protocol

SCIM 1.1

Framework

ConnId 1.4.2.18

Bundle name

com.evolveum.polygon.scim

Connector name

connector-scim

Capabilities and Features


Provisioning

YES


Live Synchronization

NO

Will be implemented if a service is found (for test purposes) which complies to the  scim “polling protocol“ specification.

Password

YES


Activation

YES

Activation via the “active” attribute.

Paging support

YES


Native attribute names

YES


Scripting

NO


Versions


Version

Origin

Binary

Sources

Build Date

ConnId

Framework

Description

1.4.2.14

Polygon

download jar

GitHub

October 2016

1.4.2.16

Official release

1.4.3Polygondownload jarGitHubDecember 2016 1.4.2.18Official release
1.4.4Polygondownload jarGitHubMarch 2017 1.4.2.18Official release

Interoperability

SCIM Troubles

Due to the nature of SCIM protocol the usefulness of this connector is likely to be very limited. SCIM is a very vague standard and almost any practical deployments of SCIM are heavily customizing the protocol to suit their needs. As this connector implements only standard SCIM operations and schemas, it is unlikely that it can provide a complete functionality for any particular deployment. Basic operations may work, but there is no guarantee of completeness or even usefulness of this connector in any practical case.

The reason that this connector exists is mostly to allow efficient maintenance of service-specific connectors for SCIM-based services, such as SCIMv1 Salesforce Connector. Please have a look at those specific connectors or consider creating a service-specific connector in case you plan to connect to any practical SCIM server.

Support

Support for this connector is limited only to standard SCIM operations. Any non-standard SCIM operation is not supported. As SCIM is a very vague standard, any operation where the standard is not entirely clear is also not supported. Which makes practical applicability of this connector very limited. Therefore we strongly recommend to consider using a service-specific connectors, such as SCIMv1 Salesforce Connector or SCIM v1 Slack connector.

Licensing

The connector itself is available under the terms of Apache License 2.0. To our best knowledge there is no extra license needed to use this connector. (Additional  licensing terms and conditions may apply with services on which the connector is used).

Configuration

There are two methods of authentication supported by the connector represented by two flag values.

  • “Token”

  • “Password”

Choosing one or the other switches between sets of mandatory attributes.

Both methods of authentication have the following mandatory attributes in common:

  • Scim endpoint”: the scim endpoint (e.g. “/scim”)

  • Scim version”: the scim version (e.g. “/v1”)

  • Authentication”: the authentication method (e.g. “token”)

The “Token” authentication methods mandatory values:

  • Base URL”: url value used to query the SCIM endpoints (protocol + hostname)

  • Token”: token issued by the service provider

The “Password” authentication methods mandatory values:

  • Username”: username of the user registered in the service

  • Password”: password of the user registered in the service

  • Login url”: the login url to the service

  • Grant type”: the service grand type

  • Client ID”: the client id value issued by the service provider

  • Clientsecret”: the client secret value issued by the service provider

Setting up tests

The test suite consists of a bundle of test methods some of which execute a couple of times depending on the amount of tested resource endpoints. The test parameters ale provided by data providers which fetch their data from a test configuration property file. These property files are provided within the connector source bundle in the scimV1 git repository in the “testProperties” folder.


Before the test suite is initialized one has to provide a couple of mandatory values into the property file.
The property file consists of a couple of attribute name/value pairs which are mapped to the corresponding test method or utility method. The naming rule is that the word before the underscore character (“_”) corresponds to the name of the test method provider which will be populated by the provided values. The word after the underscore character is the property name or in some cases it describes a resource on which a test will be executed or a type of test.

Most likely and often changed are the attributes of the test method provider “configTestProvider” the first three attributes configure some basic properties used in the tests:

  • “testNumber”: The number which defines the order of the following test. The number is used as an ID value which is injected in some unique parameter values (e.q. userName). This is because some services do not delete their resource data (e.q. Account data) but they flag it as inactive or deactivated. The unique parameter value is then still used and can be in some cases referenced. This prohibits the usage of an equivalent value.

  • “pageSize”: This parameter describes the size of the returned list of resource representations.

  • “pageOffset”: Defines the offset used in listing resources. (e.q. I want to list 100 people but i want the list to start from the 15th entry).

The other attributes of the “configTestProvider” are equivalent to the configuration attributes needed to log into the service and can be seen described above in the “Configuration”  section.

The change of other test method provider attributes is not recommended and may result in unsuccessful tests.

The tests create one representation of each resource (e.g. user, group) and then they execute all basic methods which are defined in the scim specification. The tests also incorporate negative testing use cases for proper exception reporting. One of the test cases is intentionally commented out. To trip the “InvalidCredentialException” the test method makes an intentional error in the login credentials while executing an operation. For reasons of unintentional lock out of the service with the runn of this test this test is optional and you can uncomment it when you are sure no harm will be done.

Documentation

 ...

Resource Examples

See Also


  • No labels