Skip to main content
Version: 8.2405.x.x RR

REST Endpoints

The purpose of this documentation is to provide an overview, examples and operational technical details of the SCIM REST endpoints.

All SCIM Data Transfer Objects and endpoints are documented in full detail in SCIM section of nevisIDM REST API Blueprint documentation.

Currently, User is the only supported entity resource in the implemented SCIM 2.0 compliant server.

List of Users

Using this endpoint you can query the users belonging to a client. Without filtering, the service returns all users that belong to the client.

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users?<parameters>
POST: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users/.search

Request Parameters of GET Method

When you are filtering a property with space in its name, replace the space character with %20 or + (RFC 1738).

When you are filtering an attribute with + in its value, replace the + character with %2B (RFC 3151).

NameDescriptionMandatoryExample
startIndexStart index for the listing.
The first element index: 1
Default value: 1.
No1
countMaximum number of elements in the result list.
Default value: 10.
No10
attributesComma separated list of attributes must be contained by the result. Empty value means that all available attributes are contained by the result. As the standard defines, there are always retained attributes, e.g id (see DTO descriptions).NouserName, name.familyName
excludedAttributesComma separated list of attributes must not be contained by the result. Empty value means that all available attributes are contained by the result. If attributes is present and not empty, the excludedAttributes parameter is ignored.NouserName, name.familyName
filterThe filter expression is used to restrict results to one or more specific resources. Empty filter means all possible resources are selected. Available operators and attributes are described later.
Related part of standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2
NouserName SW 'marketing' AND urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin GT '2022-04-01T00:00:00'
sortByThe name of an attribute or sub-attribute for sorting the result. Empty value means, that id is used as sorting attribute.Noname.familyName
sortOrderSort order of selected attribute (in sortBy parameter). Empty value means that the default ascending sorting order is used.
Allowed values: ascending, descending
Noascending

Request of POST Method

The parameters are the same, but in JSON structure. The SCIM 2.0 standard defines the request payload in the following chapter: http://datatracker.ietf.org/doc/html/rfc7644#section-3.4.3

Example POST search request

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:SearchRequest"
],
"attributes": [],
"excludedAttributes": [],
"filter": "userName SW 'Reporting' AND urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin GT '2022-04-01T00:00:00'",
"sortBy": "userName",
"sortOrder": "ascending",
"startIndex": 1,
"count": 10
}

Available Filter Operators

NameAlternativeDescriptionExample
EQ==Equals relational operator. The left operand can be an attribute path and the right operand can be string, date, boolean or number literal.userName EQ 'tesla'
NE!=Does not equal relational operator. The left operand can be an attribute path and the right operand can be string, date, boolean or number literal.name.familyName NE 'Tesla'
SW~*Start with relational operator. The attribute value must start with the literal operand. The left operand can be an attribute path and the right operand can only be string literal. This operator is processed as SQL like condition with % at the end.urn:nevis:idm:scim:schemas:v1:
extension:User.remarks SW 'Ordinary'
EW*~End with relational operator. The attribute value must end with the literal argument. The left operand can be an attribute path and the right operand can only be string literal. This operator is processed as SQL like condition with % as first character.urn:nevis:idm:scim:schemas:v1:
extension:User.remarks SW 'user.'
CO~Contains relational operator. The attribute value must contain the literal argument. The left operand can be an attribute path and the right operand can only be string literal. This operator is processed as SQL like condition with % as first and last character.urn:nevis:idm:scim:schemas:v1:
extension:User.remarks SW 'marketing'
GT>Greater than relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal.urn:nevis:idm:scim:schemas:v1:
extension:User.credentials.
credentialLoginInfo.lastLogin GT
'2022-04-01T00:00:00'
GE>=Greater than or equal relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal.id GE 100
LE<=Less than or equal relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal.id LE 100
LT<Less than relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal.urn:nevis:idm:scim:schemas:v1:
extension:User.credentials.
credentialLoginInfo.lastFailure LT
'2022-04-01T00:00:00'
PR*Presents relational operator. This operator accepts only The left operand that must be an attribute path. This operator is processed as SQL is not null condition.name.givenName PR
NOT!This logical operator negates the following expression. It can have only the right operand and that must be placed between brackets.NOT(name.familyName EQ 'Tesla' AND name.givenName EQ 'Nikola')
AND&&This logical operator combine two expressions with logical AND capsule.name.familyName EQ 'Tesla' AND name.givenName EQ 'Nikola' AND name.honorificPrefix EQ 'Mr.'
OR||This logical operator combine two expressions with logical OR capsule. It has lower precedence than the AND logical operator.name.familyName EQ 'Tesla' OR name.familyName EQ 'Edison'

Available Attribute Paths

The attributes of SCIM resources can be referred as JSON paths like attribute paths. The difference between JSON paths and attribute paths are in the collections. You can refer without using array or map indexes. For example, instead of $.urn:nevis:idm:scim:schemas:v1:extension:User.credentials[*].type the simpler urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type can be used.

When you refer an attribute you have to specify the data type conform literal value as the right operand in relational operators. For example urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastFailure LT '2022-04-01T00:00:00'.

When filtering for a property with space in the name, enclose the attribute path in apostrophes. For example: 'urn:nevis:idm:scim:schemas:v1:extension:User.properties.USER GLOBAL property clientP4' EQ 'first'

Available attribute paths for filtering and ordering:

  • id
  • externalId
  • userName
  • active
  • locale
  • name.familyName
  • name.givenName
  • name.honorificPrefix
  • emails.value
  • phoneNumbers.value
  • preferredLanguage
  • meta.lastModified
  • meta.created
  • urn:nevis:idm:scim:schemas:v1:extension:User.remarks
  • urn:nevis:idm:scim:schemas:v1:extension:User.sex
  • urn:nevis:idm:scim:schemas:v1:extension:User.street
  • urn:nevis:idm:scim:schemas:v1:extension:User.technical
  • urn:nevis:idm:scim:schemas:v1:extension:User.templateCollectionName
  • urn:nevis:idm:scim:schemas:v1:extension:User.validFrom
  • urn:nevis:idm:scim:schemas:v1:extension:User.validTo
  • urn:nevis:idm:scim:schemas:v1:extension:User.birthDate
  • urn:nevis:idm:scim:schemas:v1:extension:User.dwellingNumber
  • urn:nevis:idm:scim:schemas:v1:extension:User.houseNumber
  • urn:nevis:idm:scim:schemas:v1:extension:User.postOfficeBoxNumber
  • urn:nevis:idm:scim:schemas:v1:extension:User.postOfficeBoxText
  • urn:nevis:idm:scim:schemas:v1:extension:User.loginInfo.lastFailure
  • urn:nevis:idm:scim:schemas:v1:extension:User.loginInfo.lastLogin
  • urn:nevis:idm:scim:schemas:v1:extension:User.properties.<name of the property>
    • non-global and encrypted properties are not supported
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.extId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.name
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.state
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.validFrom
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.validTo
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.aaid
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.keyId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.deviceId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.signCounter
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticatorVersion
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.appId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.publicKeyAlgorithm
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.hashingAlgorithmId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.digits
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticationMethodId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.period
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.counter
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.isShared
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectNameId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectNameIdFormat
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameIdFormat
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectDN
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerDN
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.fingerprint
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectKeyIdentifier
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.serial
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.aaguid
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.attestationConveyancePreference
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticator
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticatorAttachment
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.rpId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.residentKeyRequirement
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.userAgent
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.userFriendlyName
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.userVerificationRequirement
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.identificator
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.msspIdentifier
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.signerCert
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.tokens.authMode
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.codes.usageDate
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.revealCount
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.successCount
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.failureCount
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.personalQuestionExtId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.kerberosId
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.generic
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.username
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.publicKey
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.msisdn
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.certificate
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.context
    • encrypted credential attributes are not supported
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastFailure
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials.properties.<name of the property>
    • non-global and encrypted properties are not supported
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.extId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.name
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.remarks
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.state
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.unitExtId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.validFrom
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.validTo
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.defaultProfile
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.deputedProfileExtId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.properties.<name of the property>
    • non-global and encrypted properties are not supported
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.extId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.roleExtId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.validFrom
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.validTo
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.extId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.roleExtId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.validFrom
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.validTo
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.properties.<name of the property>
    • non-global and encrypted properties are not supported
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.extId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.roleExtId
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.validFrom
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.validTo

All of the below attribute paths can be used for filtering and ordering. Available attribute paths for attributes and excludedAttributes parameters:

  • urn:nevis:idm:scim:schemas:v1:extension:User
  • urn:nevis:idm:scim:schemas:v1:extension:User.credentials
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations
  • urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations

Response

The list complex structure is ScimListResponse where the caller receives the count input parameter as itemsPerPage and the startIndex input parameter as startIndex. The totalResults contains the queried real total number of results. The real here means not calculated, interpolated or estimated. Finally, the results array contains the SCIM equivalent of each user identity, or in the case of a mapping error, a description of the error.

Example response of query list of users

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "99999150",
"externalId": "99999150",
"meta": {
"resourceType": "User",
"created": "2022-04-29T19:49:22.000",
"lastModified": "2022-04-29T19:49:22.000",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/99999150",
"version": "v1"
},
"userName": "root",
"name": {
"formatted": "Root ECORP",
"familyName": "ECORP",
"givenName": "Root"
},
"displayName": "Root ECORP",
"preferredLanguage": "de",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "99999150",
"type": "PASSWORD",
"state": "ACTIVE",
"validFrom": "2022-04-29T19:49:22",
"validTo": "2020-01-01T00:00:00",
"password": "{SSHA}tENdjFDD4+geO51SS6PeQg9JPPtlAtlaKNG2JFaq"
}
],
"profiles": [
{
"state": "ACTIVE",
"name": "Profile-root",
"remarks": "Automatically generated profile for root",
"extId": "99999150",
"defaultProfile": true,
"unitExtId": "99999151",
"idmAuthorizations": [
{
"extId": "99999151",
"roleExtId": "30",
"authorizedForAllClients": true,
"authorizedForAllUnits": true,
"authorizedForAllApplications": true,
"authorizedForAllEnterpriseRoles": true
},
{
"extId": "99999150",
"roleExtId": "1",
"authorizedForAllClients": false,
"authorizedForAllUnits": false,
"authorizedForAllApplications": false,
"authorizedForAllEnterpriseRoles": false
}
]
}
]
}
}
]
}

Get User

Use this endpoint to get all stored attributes of a User entity.

The referred user must belong to the referred client. Otherwise the endpoint replies HTTP 400, Bad request response.

If the user does not exist, the response is HTTP 404, Not found.

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users/<User internal identifier>

Note that the two URL parameters are different. To refer the client, use the client's external identifier and to refer the user, use the user's internal identifier.

Response

The response is the same as an element of the user list response.

Create User

Using this endpoint you can create a user identity.

Restriction

In the case of Security Question Credentials, user creation is only allowed if the policy parameter restrictModifyToOwner is set to "false".

URL

POST: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users

The user is created under the referred client.

Request

The payload is a complete User entity. See SCIM descriptions in APIB.

Example create request

{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"externalId": "nikolateslaU",
"userName": "nikolatesla",
"name": {
"formatted": "Nikola Tesla",
"familyName": "Tesla",
"givenName": "Nikola",
"honorificPrefix": "Dr."
},
"displayName": "Nikola Tesla",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "12340002",
"type": "telephone",
"primary": true
},
{
"value": "12340003",
"type": "telefax",
"primary": false
},
{
"value": "22340001",
"type": "mobile",
"primary": false
}
],
"addresses": [
{
"formatted": "Budapest 1101 hu",
"locality": "Budapest",
"postalCode": "1101",
"country": "hu",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "Example user: Nikola Tesla",
"birthDate": "1856-07-10",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "nikolateslaCP",
"type": "PASSWORD",
"state": "ACTIVE",
"validFrom": "2022-05-05T14:45:13",
"validTo": "2023-05-05T14:45:13",
"password": "{SSHA}MsVwg87xlhHa6UzlRFBzEnRcriEChDVXqpLDWXNe"
}
],
"profiles": [
{
"state": "ACTIVE",
"name": "Nikola Tesla's profile",
"remarks": "Test Profile for SCIM feature",
"extId": "nikolateslaPD",
"defaultProfile": true,
"unitExtId": "engineers",
"properties": {
"profile_global_string": "profilePropertyValue"
},
"idmAuthorizations": [
{
"extId": "nikolateslaIA32",
"roleExtId": "32",
"authorizedForAllClients": false,
"authorizedForAllUnits": false,
"authorizedForAllApplications": false,
"authorizedForAllEnterpriseRoles": false,
"authorizedClientExtIds": [
"100"
],
"authorizedApplicationExtIds": [
"extid230003001"
],
"authorizedUnitExtIdSetForClients": {
"100": [
"extid230002002",
"extid230002001"
]
}
}
],
"appAuthorizations": [
{
"extId": "nikolateslaAA6001",
"roleExtId": "extid230006001"
},
{
"extId": "nikolateslaAA6002",
"roleExtId": "extid230006002"
}
]
}
],
"properties": {
"User_Import_Property1": "userPropertyValue"
}
}
}

Response

If the user creation is successful, the response is the stored version of the SCIM user entity. This means that the id and meta attributes will appear.

Example create response

{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "230004002",
"externalId": "nikolateslaU",
"meta": {
"resourceType": "User",
"created": "2022-05-04T15:15:23.054",
"lastModified": "2022-05-04T15:15:23.054",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/230004002",
"version": "v1"
},
"userName": "nikolatesla",
...

Delete User

Using this endpoint you can delete a User entity.

The referred user must belong to the referred client. Otherwise the endpoint replies HTTP 400, Bad request response.

In case the user does not exist, the response is HTTP 404, No content.

After the successful delete the response is HTTP 204, No response.

URL

DELETE: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users/<User internal identifier>

Note that the two URL parameters are different. To refer the client, use the client's external identifier and to refer the user, use the user's internal identifier.

Bulk Request

With this endpoint, you can perform SCIM operations in batch. The requested operations are performed sequentially and in separated transactions in the background. This means that each operation is performed independently. The response of bulk execution is a list of responses for each performed or failed operation. The separated transactions mean that successful operations are committed, and failed operations are rolled back in the database level. If you need to keep the consistency of input operations data, you need to examine the response elements for failures.

The SCIM standard defines Circular Reference Processing and "bulkId" Temporary Identifiers, but currently the User is the only supported resource, therefore these features are not implemented for now.

You can define the limit in your request to stop the execution after the requested amount of failed operations. By default, the value of failOnErrors attribute is zero, which means the batch stops at the first failed operation. In this case, the response HTTP result code is 422 Unprocessable Entity, otherwise 200 Ok.

URL

POST: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Bulk

Supported Operations

According to the SCIM standard, bulk operations are addressed the same way as single operations are, with HTTP method and path combinations, with an additional data value for the create user operation. The following table shows the method, path and data values required for each operation.

Operationmethodpathdata
Create userPOST/UsersThe user descriptor with the schema: urn:nevis:idm:scim:schemas:v1:extension:User
Get userGET/Users/<user's internal identifier>
Delete userDELETE/Users/<user's internal identifier>
Get schemaGET/Schemas/<schema's URI>

Request

Each operations has to be prepared the same way as a single SCIM operation call.

Example bulk request

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:BulkRequest"
],
"Operations": [
{
"method": "GET",
"bulkId": "UserGet",
"path": "/Users/27000006"
},
{
"method": "POST",
"bulkId": "UserCreate",
"path": "/Users",
"data": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"externalId": "80100",
"userName": "user80100",
"name": {
"formatted": "user80100 TEST",
"familyName": "TEST",
"givenName": "user80100"
},
"displayName": "user80100 TEST",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "user80100 TEST",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "user80100",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-13T08:57:18.000Z",
"validTo": "2027-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "Profile-user80100",
"remarks": "user80100 TEST",
"extId": "80100",
"defaultProfile": true,
"unitExtId": "100",
"authorizations": [
{
"extId": "user80100",
"roleExtId": "1"
}
]
}
],
"properties": {
"user_global_test_status": "BLOCKED",
"user_global_test_ro": "1"
}
}
}
},
{
"method": "DELETE",
"bulkId": "UserDelete",
"path": "/Users/27000013"
},
{
"method": "GET",
"bulkId": "SchemaGet",
"path": "/Schemas/urn:nevis:idm:scim:schemas:v1:extension:User"
}
]
}

Response

As mentioned, the operations are performed sequentially and independently. The response contains the same number of operations and the content is mostly the same when you call the opration direcly. To help identify single oprations of the request, the response operations contain the bulkId reference.

Example bulk response

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:BulkResponse"
],
"Operations": [
{
"method": "GET",
"bulkId": "UserGet",
"path": "/Users",
"response": {
"headers": {},
"body": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "27000006",
"externalId": "27000006",
"meta": {
"resourceType": "User",
"created": "2021-12-13T08:57:18.000Z",
"lastModified": "2021-12-13T08:57:18.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/users/27000006",
"version": "v1"
},
"userName": "userGetPropertyCalassification",
"name": {
"formatted": "userGetPropertyCalassification userGetPropertyCalassification",
"familyName": "userGetPropertyCalassification",
"givenName": "userGetPropertyCalassification"
},
"displayName": "userGetPropertyCalassification userGetPropertyCalassification",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "userGetPropertyCalassification",
"birthDate": "1972-11-15",
"validFrom": "1999-12-31T23:00:00.000Z",
"validTo": "2029-12-31T23:00:00.000Z",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "27000300",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-13T08:57:18.000Z",
"validTo": "2027-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "Profile-userGetPropertyCalassification",
"remarks": "Automatically generated profile for userGetPropertyCalassification",
"extId": "27000006",
"defaultProfile": true,
"unitExtId": "100",
"authorizations": [
{
"extId": "27000006",
"roleExtId": "1"
}
]
}
],
"properties": {
"user_global_test_status": "BLOCKED",
"user_global_test_ro": "1"
}
}
},
"statusCode": "OK",
"statusCodeValue": 200
}
},
{
"method": "POST",
"bulkId": "UserCreate",
"path": "/Users",
"response": {
"headers": {},
"body": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "9999999344",
"externalId": "80500",
"meta": {
"resourceType": "User",
"created": "2021-12-14T11:56:24.000Z",
"lastModified": "2021-12-14T11:56:24.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/users/80500",
"version": "v1"
},
"userName": "user80500",
"name": {
"formatted": "user80500 TEST",
"familyName": "TEST",
"givenName": "user80500"
},
"displayName": "user80500 TEST",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "user80500 TEST",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "user80500",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-13T08:57:18.000Z",
"validTo": "2027-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "Profile-user80500",
"remarks": "user80500 TEST",
"extId": "80500",
"defaultProfile": true,
"unitExtId": "100",
"authorizations": [
{
"extId": "260002350",
"roleExtId": "1"
}
]
}
],
"properties": {
"user_global_test_status": "BLOCKED",
"user_global_test_ro": "1"
}
}
},
"statusCode": "OK",
"statusCodeValue": 200
}
},
{
"method": "DELETE",
"bulkId": "UserDelete",
"path": "/Users",
"response": {
"headers": {},
"body": null,
"statusCode": "NO_CONTENT",
"statusCodeValue": 204
}
},
{
"method": "GET",
"bulkId": "SchemaGet",
"response": {
"headers": {},
"body": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:nevis:idm:scim:schemas:v1:extension:User",
"name": "UserExtension",
"description": "SCIM User IDM extension for properties in IDM \"User\" that has not been covered by the ScimUser. Schema: \"urn:nevis:idm:scim:schemas:v1:extension:User\".",
"attributes": [
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "sex",
"type": "string",
"multiValued": false,
"description": "Gender of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "birthDate",
"type": "dateTime",
"multiValued": false,
"description": "Birthdate of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "technical",
"type": "boolean",
"multiValued": false,
"description": "Indicates if it the user is technical or not.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "street",
"type": "string",
"multiValued": false,
"description": "Street name of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "houseNumber",
"type": "string",
"multiValued": false,
"description": "House number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "dwellingNumber",
"type": "string",
"multiValued": false,
"description": "Property unit number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxText",
"type": "string",
"multiValued": false,
"description": "Post office box text of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxNumber",
"type": "integer",
"multiValued": false,
"description": "Post office box number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "templateCollectionName",
"type": "string",
"multiValued": false,
"description": "Name of template collection assigned to the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "credentials",
"type": "complex",
"subAttributes": [
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the credential. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "Type of the credential.",
"required": true,
"canonicalValues": [
"PASSWORD",
"GENERIC",
"FIDO2",
"TICKET"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name attribute for the credential.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "state",
"type": "string",
"multiValued": false,
"description": "Enumeration value indicating the credential's administrative status.",
"required": true,
"canonicalValues": [
"INITIAL",
"ACTIVE",
"TMP_LOCKED",
"FAIL_LOCKED",
"RESET_CODE",
"ADMIN_CHANGED",
"DISABLED",
"ARCHIVED"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "credentialLoginInfo",
"type": "complex",
"subAttributes": [
{
"name": "lastLogin",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginSuccessCount",
"type": "integer",
"multiValued": false,
"description": "Counter for successful login attempts.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "lastFailure",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login failure of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginFailureCount",
"type": "integer",
"multiValued": false,
"description": "Counter for failed login attempts.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "Login information about the credential.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of credential a assigned to the user.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "profiles",
"type": "complex",
"subAttributes": [
{
"name": "state",
"type": "string",
"multiValued": false,
"description": "An enumeration value indicating the profile's administrative status.",
"required": true,
"canonicalValues": [
"ACTIVE",
"DISABLED",
"ARCHIVED"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name of the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the profile. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "defaultProfile",
"type": "boolean",
"multiValued": false,
"description": "Indicates it is the default profile of user or not. One and only one must true.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "deputedProfileExtId",
"type": "string",
"multiValued": false,
"description": "External identifier of deputed profile if exists.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "unitExtId",
"type": "string",
"multiValued": false,
"description": "Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "idmAuthorizations",
"type": "complex",
"subAttributes": [
{
"name": "authorizedForAllClients",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all clients in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllUnits",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all units in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllApplications",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all applications in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllEnterpriseRoles",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all enterprise roles in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedClientExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected clients in case all clients flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedApplicationExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected applications in case all applications flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "IDM role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "appAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Application role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "enterpriseAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Enterprise role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of assigned profiles to the user. At least one is mandatory.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginInfo",
"type": "complex",
"subAttributes": [
{
"name": "lastLogin",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "lastFailure",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login failure of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "Login information about the user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
]
},
"statusCode": "OK",
"statusCodeValue": 200
},
"status": "OK"
}
]
}

List Schemas

Use this endpoint to get the list of supported SCIM schemas with details.

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas?<parameters>

Request Parameters

NameDescriptionMandatoryExample
startIndexStart index for the listing.
The first element index: 1
Default value: 1.
No1
countMaximum number of elements in the result list.
Default value: 10.
No10

Response

The structure is the same as in the list of users endpoint, but here the Resources are ScimSchema instances.

Example list of schemas

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 8,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User for the actual customer. This is mapped to the loginId property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "complex",
"subAttributes": [
{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or Last Name in most Western languages. This is mapped to name property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User. This is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "honorificPrefix",
"type": "string",
"multiValued": false,
"description": "The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "The components of the user’s name complex type. This is mapped to name, firstName, remarks... properties of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}, ...

Get Schema

Use this endpoint to get one of the supported SCIM schemas with attribute details.

This endpoint implements the required /Schemas enpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4.

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas/<SCIM Schema URI>

Example request

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas/urn%3Aietf%3Aparams%3Ascim%3Aschemas%3Acore%3A2.0%3AUser
Without URL encoding: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas/urn:ietf:params:scim:schemas:core:2.0:User

Response

A ScimSchema instance.

Example response of schema getting

{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User for the actual customer. This is mapped to the loginId property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "complex",
"subAttributes": [
{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or Last Name in most Western languages. This is mapped to name property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User. This is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "honorificPrefix",
"type": "string",
"multiValued": false,
"description": "The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "The components of the user’s name complex type. This is mapped to name, firstName, remarks... properties of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}, ...

List of Standard Resources

Use this endpoint to discover what kind of resources are supported in a SCIM 2.0 compliant server of IDM.

This endpoint implements the required /ResourceTypes endpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4.

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ResourceTypes?<paramters>

Request Parameters

NameDescriptionMandatoryExample
startIndexStart index for the listing.
The first element index: 1
Default value: 1.
No1
countMaximum number of elements in the result list.
Default value: 10.
No10

Response

A ScimSchema instance.

The structure is the same as in the list of users endpoint, but here the Resources are ScimResource instances.

Example list of supported resources

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"meta": {
"resourceType": "ResourceType",
"location": "http://localhost:8080/nevisidm/api/scim/v1/ResourceTypes/User"
},
"endpoint": "/Users",
"schemaExtensions": [
{
"required": true,
"schema": "urn:nevis:idm:scim:schemas:v1:extension:User"
}
],
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
}
]
}

Get a Standard Resource

Use this endpoint to examine one of the supported resources in a SCIM 2.0 compliant server of nevisIDM.

This endpoint implements the required /ResourceTypes endpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4.

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ResourceTypes/<Resource identifier>

Example request

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ResourceTypes/urn%3Aietf%3Aparams%3Ascim%3Aschemas%3Acore%3A2.0%3AUser
Without URL encoding: https://<hostname>:<port>/nevisidm/api/scim/v1ResourceTypes/urn:ietf:params:scim:schemas:core:2.0:User

Response

A ScimResource instance.

Example response of standard resource getting

{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"meta": {
"resourceType": "ResourceType",
"location": "http://localhost:8080/nevisidm/api/scim/v1/ResourceTypes/User"
},
"endpoint": "/Users",
"schemaExtensions": [
{
"required": true,
"schema": "urn:nevis:idm:scim:schemas:v1:extension:User"
}
],
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
}

Service Provider Config

Use this endpoint to check the available services in a SCIM 2.0 compliant server of IDM.

This endpoint implements the required /ServiceProviderConfig enpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4

URL

GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ServiceProviderConfiguration

Response

A ScimServiceProviderConfig instance.

Example response of service provider configuration getting

{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "http://example.com/help/scim.html",
"patch": {
"supported": true
},
"bulk": {
"supported": true,
"maxOperations": 1000,
"maxPayloadSize": 1048576
},
"filter": {
"supported": true,
"maxResults": 200
},
"changePassword": {
"supported": true
},
"sort": {
"supported": true
},
"etag": {
"supported": true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "http://example.com/help/oauth.html",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "http://example.com/help/httpBasic.html",
"type": "httpbasic"
}
],
"meta": {
"location": "https://example.com/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W/\"3694e05e9dff594\""
}
}