SCIM 2.0 REST Web Service

DirX Access provides the user management capabilities via the SCIM 2.0 protocol. For more information about the SCIM 2.0 implementation, please, see the User Data Management via SCIM 2.0 and the Application Repository Service section.

Description

The SCIM 2.0 REST Web Service is described by the OpenAPI 3.0 document which can be found at {scim_rest_web_application_location}/openapi.json
or {scim_rest_web_application_location}/openapi.yaml.

Public OpenAPI tools can autogenerate documentation and clients for a given document. The readers are recommended to use such tools e.g., Swagger , or OpenAPI.Tools - an Open Source list of great tools for OpenAPI, mainly for the generation of a documentation file in a user-friendly format.

Deployment

The SCIM 2.0 REST Web Service functionality is provided based on the SCIM 2.0 REST web application. The application has to have its configuration and be deployed on the DirX Access Server. Multiple SCIM 2.0 REST applications can coexist on DirX Access Server, therefore configuration includes PortAssignment and context path.

The {scim_rest_web_application_location} of the SCIM 2.0 REST web application is constructed from the hostname of the DirX Access Server or Cluster, the port of the assigned PortAssignment configuration object and the web application context path.

The deployment can be done via Direct Application of System Actions and Configuration or SysActions REST Web Service.

Authorization

Considering the capabilities of the SCIM 2.0 REST Web Service, the interface should be protected and at least as secure as DirX Access Credential Manager. The DirX Access Credential Manager requires the interface to be deployed and running.

Each request can be processed according to the DirX Access internal authorization which means the granularity of decisioning can be performed at the attribute level. The internal authorization has to enabled on the PEP that handles the authentication. For more information please see one of:

Examples

Read all OtpCallback credentials with filter = nbOfLoginFailures greater than "0"

Request

GET {scim_rest_web_application_location}/OtpCallbacks?filter=nbOfLoginFailures gt %220%22

Read {user_login_name}’s OtpCallback credentials for {method_id} authentication method

Request

GET {scim_rest_web_application_location}/OtpCallbacks/{user_login_name}/{method_id}

Read all Rfc6238 credentials with filter = timeDrift equal "5"

Request

GET {scim_rest_web_application_location}/Rfc6238s?filter=timeDrift eq %225%22

Read all Rfc6238 credentials with filter = timeDrift not equal "5"

Request

GET {scim_rest_web_application_location}/Rfc6238s?filter=timeDrift ne %225%22

Read all {user_login_name}’s Rfc6238 credentials

Request

GET {scim_rest_web_application_location}/Rfc6238s/{user_login_name}

Create {user_login_name}’s OtpCallback credentials for {method_id} authentication method

Request

POST {scim_rest_web_application_location}/OtpCallbacks
{
    "schemas": [
        "urn:net:atos:dirx:access:scim:schemas:core:2.0:Entity:Otp:OtpCallback"
    ],
    "id": "{method_id}",
    "communicationAddress": "{user_communication_address}",
    "nbOfLoginFailures": "{number_of_login_failures}",
    "entityId": "{user_login_name}"
}

Modify {user_login_name}’s OtpCallback credentials for {method_id} authentication method

Request

PATCH {scim_rest_web_application_location}/OtpCallbacks
{
    "schemas": [
        "urn:net:atos:dirx:access:scim:schemas:core:2.0:Entity:Otp:OtpCallback"
    ],
    "id": "{method_id}",
    "nbOfLoginFailures": 0,
    "entityId": "{user_login_name}"
}

Remove {user_login_name}’s OtpCallback credentials for {method_id} authentication method

Request

DELETE {scim_rest_web_application_location}/OtpCallbacks/{user_login_name}/{method_id}

Remove all {user_login_name}’s OtpCallback credentials

Request

DELETE {scim_rest_web_application_location}/OtpCallbacks/{user_login_name}

Read all Entities with filter = id starts with "G"

Request

GET {scim_rest_web_application_location}/Entities?filter=id sw %22G%22

Read {user_login_name}’s Entity

Request

GET {scim_rest_web_application_location}/Entities/{user_login_name}

Read Me Entity

Request

GET {scim_rest_web_application_location}/Me

Remove {user_login_name}’s Entity

Request

DELETE {scim_rest_web_application_location}/Entities/{user_login_name}