REST Endpoints
The purpose of this documentation is to provide an overview, examples and operational technical details of the SCIM REST endpoints.
All SCIM Data Transfer Objects and endpoints are documented in full detail in SCIM section of nevisIDM REST API Blueprint documentation.
Currently, User is the only supported entity resource in the implemented SCIM 2.0 compliant server.
List of Users
Using this endpoint you can query the users belonging to a client. Without filtering, the service returns all users that belong to the client.
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users?<parameters>
POST: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users/.search
Request Parameters of GET Method
When you are filtering a property with space in its name, replace the space character with %20
or +
(RFC 1738).
When you are filtering an attribute with +
in its value, replace the +
character with %2B
(RFC 3151).
Name | Description | Mandatory | Example |
---|---|---|---|
startIndex | Start index for the listing. The first element index: 1 Default value: 1. | No | 1 |
count | Maximum number of elements in the result list. Default value: 10. | No | 10 |
attributes | Comma separated list of attributes must be contained by the result. Empty value means that all available attributes are contained by the result. As the standard defines, there are always retained attributes, e.g id (see DTO descriptions). | No | userName, name.familyName |
excludedAttributes | Comma separated list of attributes must not be contained by the result. Empty value means that all available attributes are contained by the result. If attributes is present and not empty, the excludedAttributes parameter is ignored. | No | userName, name.familyName |
filter | The filter expression is used to restrict results to one or more specific resources. Empty filter means all possible resources are selected. Available operators and attributes are described later. Related part of standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2 | No | userName SW 'marketing' AND urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin GT '2022-04-01T00:00:00' |
sortBy | The name of an attribute or sub-attribute for sorting the result. Empty value means, that id is used as sorting attribute. | No | name.familyName |
sortOrder | Sort order of selected attribute (in sortBy parameter). Empty value means that the default ascending sorting order is used.Allowed values: ascending, descending | No | ascending |
Request of POST Method
The parameters are the same, but in JSON structure. The SCIM 2.0 standard defines the request payload in the following chapter: http://datatracker.ietf.org/doc/html/rfc7644#section-3.4.3
Example POST search request
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:SearchRequest"
],
"attributes": [],
"excludedAttributes": [],
"filter": "userName SW 'Reporting' AND urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin GT '2022-04-01T00:00:00'",
"sortBy": "userName",
"sortOrder": "ascending",
"startIndex": 1,
"count": 10
}
Available Filter Operators
Name | Alternative | Description | Example |
---|---|---|---|
EQ | == | Equals relational operator. The left operand can be an attribute path and the right operand can be string, date, boolean or number literal. | userName EQ 'tesla' |
NE | != | Does not equal relational operator. The left operand can be an attribute path and the right operand can be string, date, boolean or number literal. | name.familyName NE 'Tesla' |
SW | ~* | Start with relational operator. The attribute value must start with the literal operand. The left operand can be an attribute path and the right operand can only be string literal. This operator is processed as SQL like condition with % at the end. | urn:nevis:idm:scim:schemas:v1: extension:User.remarks SW 'Ordinary' |
EW | *~ | End with relational operator. The attribute value must end with the literal argument. The left operand can be an attribute path and the right operand can only be string literal. This operator is processed as SQL like condition with % as first character. | urn:nevis:idm:scim:schemas:v1: extension:User.remarks SW 'user.' |
CO | ~ | Contains relational operator. The attribute value must contain the literal argument. The left operand can be an attribute path and the right operand can only be string literal. This operator is processed as SQL like condition with % as first and last character. | urn:nevis:idm:scim:schemas:v1: extension:User.remarks SW 'marketing' |
GT | > | Greater than relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal. | urn:nevis:idm:scim:schemas:v1: extension:User.credentials. credentialLoginInfo.lastLogin GT '2022-04-01T00:00:00' |
GE | >= | Greater than or equal relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal. | id GE 100 |
LE | <= | Less than or equal relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal. | id LE 100 |
LT | < | Less than relational operator. The left operand can be an attribute path and the right operand can be a string, date, boolean or number literal. | urn:nevis:idm:scim:schemas:v1: extension:User.credentials. credentialLoginInfo.lastFailure LT '2022-04-01T00:00:00' |
PR | * | Presents relational operator. This operator accepts only The left operand that must be an attribute path. This operator is processed as SQL is not null condition. | name.givenName PR |
NOT | ! | This logical operator negates the following expression. It can have only the right operand and that must be placed between brackets. | NOT(name.familyName EQ 'Tesla' AND name.givenName EQ 'Nikola') |
AND | && | This logical operator combine two expressions with logical AND capsule. | name.familyName EQ 'Tesla' AND name.givenName EQ 'Nikola' AND name.honorificPrefix EQ 'Mr.' |
OR | || | This logical operator combine two expressions with logical OR capsule. It has lower precedence than the AND logical operator. | name.familyName EQ 'Tesla' OR name.familyName EQ 'Edison' |
Available Attribute Paths
The attributes of SCIM resources can be referred as JSON paths like attribute paths. The difference between JSON paths and attribute paths are in the collections. You can refer without using array or map indexes. For example, instead of $.urn:nevis:idm:scim:schemas:v1:extension:User.credentials[*].type
the simpler urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type
can be used.
When you refer an attribute you have to specify the data type conform literal value as the right operand in relational operators. For example urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastFailure LT '2022-04-01T00:00:00'
.
When filtering for a property with space in the name, enclose the attribute path in apostrophes. For example: 'urn:nevis:idm:scim:schemas:v1:extension:User.properties.USER GLOBAL property clientP4' EQ 'first'
Available attribute paths for filtering and ordering:
id
externalId
userName
active
locale
name.familyName
name.givenName
name.honorificPrefix
emails.value
phoneNumbers.value
preferredLanguage
meta.lastModified
meta.created
urn:nevis:idm:scim:schemas:v1:extension:User.remarks
urn:nevis:idm:scim:schemas:v1:extension:User.sex
urn:nevis:idm:scim:schemas:v1:extension:User.street
urn:nevis:idm:scim:schemas:v1:extension:User.technical
urn:nevis:idm:scim:schemas:v1:extension:User.templateCollectionName
urn:nevis:idm:scim:schemas:v1:extension:User.validFrom
urn:nevis:idm:scim:schemas:v1:extension:User.validTo
urn:nevis:idm:scim:schemas:v1:extension:User.birthDate
urn:nevis:idm:scim:schemas:v1:extension:User.dwellingNumber
urn:nevis:idm:scim:schemas:v1:extension:User.houseNumber
urn:nevis:idm:scim:schemas:v1:extension:User.postOfficeBoxNumber
urn:nevis:idm:scim:schemas:v1:extension:User.postOfficeBoxText
urn:nevis:idm:scim:schemas:v1:extension:User.loginInfo.lastFailure
urn:nevis:idm:scim:schemas:v1:extension:User.loginInfo.lastLogin
urn:nevis:idm:scim:schemas:v1:extension:User.properties.<name of the property>
- non-global and encrypted properties are not supported
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.extId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.name
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.state
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.validFrom
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.validTo
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.aaid
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.keyId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.deviceId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.signCounter
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticatorVersion
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.appId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.publicKeyAlgorithm
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.hashingAlgorithmId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.digits
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticationMethodId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.period
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.counter
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.isShared
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectNameId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectNameIdFormat
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameIdFormat
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectDN
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerDN
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.fingerprint
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectKeyIdentifier
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.serial
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.aaguid
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.attestationConveyancePreference
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticator
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.authenticatorAttachment
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.rpId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.residentKeyRequirement
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.userAgent
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.userFriendlyName
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.userVerificationRequirement
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.identificator
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.msspIdentifier
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.signerCert
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.tokens.authMode
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.codes.usageDate
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.revealCount
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.successCount
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.failureCount
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.personalAnswers.personalQuestionExtId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.kerberosId
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.generic
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.username
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.publicKey
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.msisdn
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.certificate
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.context
- encrypted credential attributes are not supported
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastFailure
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin
urn:nevis:idm:scim:schemas:v1:extension:User.credentials.properties.<name of the property>
- non-global and encrypted properties are not supported
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.extId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.name
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.remarks
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.state
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.unitExtId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.validFrom
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.validTo
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.defaultProfile
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.deputedProfileExtId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.properties.<name of the property>
- non-global and encrypted properties are not supported
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.extId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.roleExtId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.validFrom
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations.validTo
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.extId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.roleExtId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.validFrom
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.validTo
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations.properties.<name of the property>
- non-global and encrypted properties are not supported
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.extId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.roleExtId
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.validFrom
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations.validTo
All of the below attribute paths can be used for filtering and ordering. Available attribute paths for attributes
and excludedAttributes
parameters:
urn:nevis:idm:scim:schemas:v1:extension:User
urn:nevis:idm:scim:schemas:v1:extension:User.credentials
urn:nevis:idm:scim:schemas:v1:extension:User.profiles
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.idmAuthorizations
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.appAuthorizations
urn:nevis:idm:scim:schemas:v1:extension:User.profiles.enterpriseAuthorizations
Response
The list complex structure is ScimListResponse
where the caller receives the count
input parameter as itemsPerPage
and the startIndex
input parameter as startIndex
. The totalResults
contains the queried real total number of results. The real here means not calculated, interpolated or estimated. Finally, the results
array contains the SCIM equivalent of each user identity, or in the case of a mapping error, a description of the error.
Example response of query list of users
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "99999150",
"externalId": "99999150",
"meta": {
"resourceType": "User",
"created": "2022-04-29T19:49:22.000",
"lastModified": "2022-04-29T19:49:22.000",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/99999150",
"version": "v1"
},
"userName": "root",
"name": {
"formatted": "Root ECORP",
"familyName": "ECORP",
"givenName": "Root"
},
"displayName": "Root ECORP",
"preferredLanguage": "de",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "99999150",
"type": "PASSWORD",
"state": "ACTIVE",
"validFrom": "2022-04-29T19:49:22",
"validTo": "2020-01-01T00:00:00",
"password": "{SSHA}tENdjFDD4+geO51SS6PeQg9JPPtlAtlaKNG2JFaq"
}
],
"profiles": [
{
"state": "ACTIVE",
"name": "Profile-root",
"remarks": "Automatically generated profile for root",
"extId": "99999150",
"defaultProfile": true,
"unitExtId": "99999151",
"idmAuthorizations": [
{
"extId": "99999151",
"roleExtId": "30",
"authorizedForAllClients": true,
"authorizedForAllUnits": true,
"authorizedForAllApplications": true,
"authorizedForAllEnterpriseRoles": true
},
{
"extId": "99999150",
"roleExtId": "1",
"authorizedForAllClients": false,
"authorizedForAllUnits": false,
"authorizedForAllApplications": false,
"authorizedForAllEnterpriseRoles": false
}
]
}
]
}
}
]
}
Get User
Use this endpoint to get all stored attributes of a User entity.
The referred user must belong to the referred client. Otherwise the endpoint replies HTTP 400, Bad request
response.
If the user does not exist, the response is HTTP 404, Not found
.
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users/<User internal identifier>
Note that the two URL parameters are different. To refer the client, use the client's external identifier and to refer the user, use the user's internal identifier.
Response
The response is the same as an element of the user list response.
Create User
Using this endpoint you can create a user identity.
Restriction
In the case of Security Question Credentials, user creation is only allowed if the policy parameter restrictModifyToOwner
is set to "false".
URL
POST: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users
The user is created under the referred client.
Request
The payload is a complete User entity. See SCIM descriptions in APIB.
Example create request
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"externalId": "nikolateslaU",
"userName": "nikolatesla",
"name": {
"formatted": "Nikola Tesla",
"familyName": "Tesla",
"givenName": "Nikola",
"honorificPrefix": "Dr."
},
"displayName": "Nikola Tesla",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "12340002",
"type": "telephone",
"primary": true
},
{
"value": "12340003",
"type": "telefax",
"primary": false
},
{
"value": "22340001",
"type": "mobile",
"primary": false
}
],
"addresses": [
{
"formatted": "Budapest 1101 hu",
"locality": "Budapest",
"postalCode": "1101",
"country": "hu",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "Example user: Nikola Tesla",
"birthDate": "1856-07-10",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "nikolateslaCP",
"type": "PASSWORD",
"state": "ACTIVE",
"validFrom": "2022-05-05T14:45:13",
"validTo": "2023-05-05T14:45:13",
"password": "{SSHA}MsVwg87xlhHa6UzlRFBzEnRcriEChDVXqpLDWXNe"
}
],
"profiles": [
{
"state": "ACTIVE",
"name": "Nikola Tesla's profile",
"remarks": "Test Profile for SCIM feature",
"extId": "nikolateslaPD",
"defaultProfile": true,
"unitExtId": "engineers",
"properties": {
"profile_global_string": "profilePropertyValue"
},
"idmAuthorizations": [
{
"extId": "nikolateslaIA32",
"roleExtId": "32",
"authorizedForAllClients": false,
"authorizedForAllUnits": false,
"authorizedForAllApplications": false,
"authorizedForAllEnterpriseRoles": false,
"authorizedClientExtIds": [
"100"
],
"authorizedApplicationExtIds": [
"extid230003001"
],
"authorizedUnitExtIdSetForClients": {
"100": [
"extid230002002",
"extid230002001"
]
}
}
],
"appAuthorizations": [
{
"extId": "nikolateslaAA6001",
"roleExtId": "extid230006001"
},
{
"extId": "nikolateslaAA6002",
"roleExtId": "extid230006002"
}
]
}
],
"properties": {
"User_Import_Property1": "userPropertyValue"
}
}
}
Response
If the user creation is successful, the response is the stored version of the SCIM user entity. This means that the id
and meta
attributes will appear.
Example create response
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "230004002",
"externalId": "nikolateslaU",
"meta": {
"resourceType": "User",
"created": "2022-05-04T15:15:23.054",
"lastModified": "2022-05-04T15:15:23.054",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/230004002",
"version": "v1"
},
"userName": "nikolatesla",
...
Delete User
Using this endpoint you can delete a User entity.
The referred user must belong to the referred client. Otherwise the endpoint replies HTTP 400, Bad request
response.
In case the user does not exist, the response is HTTP 404, No content
.
After the successful delete the response is HTTP 204, No response
.
URL
DELETE: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Users/<User internal identifier>
Note that the two URL parameters are different. To refer the client, use the client's external identifier and to refer the user, use the user's internal identifier.
Bulk Request
With this endpoint, you can perform SCIM operations in batch. The requested operations are performed sequentially and in separated transactions in the background. This means that each operation is performed independently. The response of bulk execution is a list of responses for each performed or failed operation. The separated transactions mean that successful operations are committed, and failed operations are rolled back in the database level. If you need to keep the consistency of input operations data, you need to examine the response elements for failures.
The SCIM standard defines Circular Reference Processing and "bulkId" Temporary Identifiers, but currently the User is the only supported resource, therefore these features are not implemented for now.
You can define the limit in your request to stop the execution after the requested amount of failed operations. By default, the value of failOnErrors
attribute is zero, which means the batch stops at the first failed operation. In this case, the response HTTP result code is 422 Unprocessable Entity
, otherwise 200 Ok
.
URL
POST: https://<hostname>:<port>/nevisidm/api/scim/v1/<Client external identifier>/Bulk
Supported Operations
According to the SCIM standard, bulk operations are addressed the same way as single operations are, with HTTP method
and path
combinations, with an additional data value for the create user operation. The following table shows the method
, path
and data
values required for each operation.
Operation | method | path | data |
---|---|---|---|
Create user | POST | /Users | The user descriptor with the schema: urn:nevis:idm:scim:schemas:v1:extension:User |
Get user | GET | /Users/<user's internal identifier> | |
Delete user | DELETE | /Users/<user's internal identifier> | |
Get schema | GET | /Schemas/<schema's URI> |
Request
Each operations has to be prepared the same way as a single SCIM operation call.
Example bulk request
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:BulkRequest"
],
"Operations": [
{
"method": "GET",
"bulkId": "UserGet",
"path": "/Users/27000006"
},
{
"method": "POST",
"bulkId": "UserCreate",
"path": "/Users",
"data": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"externalId": "80100",
"userName": "user80100",
"name": {
"formatted": "user80100 TEST",
"familyName": "TEST",
"givenName": "user80100"
},
"displayName": "user80100 TEST",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "user80100 TEST",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "user80100",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-13T08:57:18.000Z",
"validTo": "2027-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "Profile-user80100",
"remarks": "user80100 TEST",
"extId": "80100",
"defaultProfile": true,
"unitExtId": "100",
"authorizations": [
{
"extId": "user80100",
"roleExtId": "1"
}
]
}
],
"properties": {
"user_global_test_status": "BLOCKED",
"user_global_test_ro": "1"
}
}
}
},
{
"method": "DELETE",
"bulkId": "UserDelete",
"path": "/Users/27000013"
},
{
"method": "GET",
"bulkId": "SchemaGet",
"path": "/Schemas/urn:nevis:idm:scim:schemas:v1:extension:User"
}
]
}
Response
As mentioned, the operations are performed sequentially and independently. The response contains the same number of operations and the content is mostly the same when you call the opration direcly. To help identify single oprations of the request, the response operations contain the bulkId
reference.
Example bulk response
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:BulkResponse"
],
"Operations": [
{
"method": "GET",
"bulkId": "UserGet",
"path": "/Users",
"response": {
"headers": {},
"body": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "27000006",
"externalId": "27000006",
"meta": {
"resourceType": "User",
"created": "2021-12-13T08:57:18.000Z",
"lastModified": "2021-12-13T08:57:18.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/users/27000006",
"version": "v1"
},
"userName": "userGetPropertyCalassification",
"name": {
"formatted": "userGetPropertyCalassification userGetPropertyCalassification",
"familyName": "userGetPropertyCalassification",
"givenName": "userGetPropertyCalassification"
},
"displayName": "userGetPropertyCalassification userGetPropertyCalassification",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "userGetPropertyCalassification",
"birthDate": "1972-11-15",
"validFrom": "1999-12-31T23:00:00.000Z",
"validTo": "2029-12-31T23:00:00.000Z",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "27000300",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-13T08:57:18.000Z",
"validTo": "2027-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "Profile-userGetPropertyCalassification",
"remarks": "Automatically generated profile for userGetPropertyCalassification",
"extId": "27000006",
"defaultProfile": true,
"unitExtId": "100",
"authorizations": [
{
"extId": "27000006",
"roleExtId": "1"
}
]
}
],
"properties": {
"user_global_test_status": "BLOCKED",
"user_global_test_ro": "1"
}
}
},
"statusCode": "OK",
"statusCodeValue": 200
}
},
{
"method": "POST",
"bulkId": "UserCreate",
"path": "/Users",
"response": {
"headers": {},
"body": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "9999999344",
"externalId": "80500",
"meta": {
"resourceType": "User",
"created": "2021-12-14T11:56:24.000Z",
"lastModified": "2021-12-14T11:56:24.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/users/80500",
"version": "v1"
},
"userName": "user80500",
"name": {
"formatted": "user80500 TEST",
"familyName": "TEST",
"givenName": "user80500"
},
"displayName": "user80500 TEST",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "user80500 TEST",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "user80500",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-13T08:57:18.000Z",
"validTo": "2027-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "Profile-user80500",
"remarks": "user80500 TEST",
"extId": "80500",
"defaultProfile": true,
"unitExtId": "100",
"authorizations": [
{
"extId": "260002350",
"roleExtId": "1"
}
]
}
],
"properties": {
"user_global_test_status": "BLOCKED",
"user_global_test_ro": "1"
}
}
},
"statusCode": "OK",
"statusCodeValue": 200
}
},
{
"method": "DELETE",
"bulkId": "UserDelete",
"path": "/Users",
"response": {
"headers": {},
"body": null,
"statusCode": "NO_CONTENT",
"statusCodeValue": 204
}
},
{
"method": "GET",
"bulkId": "SchemaGet",
"response": {
"headers": {},
"body": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:nevis:idm:scim:schemas:v1:extension:User",
"name": "UserExtension",
"description": "SCIM User IDM extension for properties in IDM \"User\" that has not been covered by the ScimUser. Schema: \"urn:nevis:idm:scim:schemas:v1:extension:User\".",
"attributes": [
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "sex",
"type": "string",
"multiValued": false,
"description": "Gender of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "birthDate",
"type": "dateTime",
"multiValued": false,
"description": "Birthdate of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "technical",
"type": "boolean",
"multiValued": false,
"description": "Indicates if it the user is technical or not.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "street",
"type": "string",
"multiValued": false,
"description": "Street name of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "houseNumber",
"type": "string",
"multiValued": false,
"description": "House number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "dwellingNumber",
"type": "string",
"multiValued": false,
"description": "Property unit number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxText",
"type": "string",
"multiValued": false,
"description": "Post office box text of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxNumber",
"type": "integer",
"multiValued": false,
"description": "Post office box number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "templateCollectionName",
"type": "string",
"multiValued": false,
"description": "Name of template collection assigned to the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "credentials",
"type": "complex",
"subAttributes": [
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the credential. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "Type of the credential.",
"required": true,
"canonicalValues": [
"PASSWORD",
"GENERIC",
"FIDO2",
"TICKET"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name attribute for the credential.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "state",
"type": "string",
"multiValued": false,
"description": "Enumeration value indicating the credential's administrative status.",
"required": true,
"canonicalValues": [
"INITIAL",
"ACTIVE",
"TMP_LOCKED",
"FAIL_LOCKED",
"RESET_CODE",
"ADMIN_CHANGED",
"DISABLED",
"ARCHIVED"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "credentialLoginInfo",
"type": "complex",
"subAttributes": [
{
"name": "lastLogin",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginSuccessCount",
"type": "integer",
"multiValued": false,
"description": "Counter for successful login attempts.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "lastFailure",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login failure of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginFailureCount",
"type": "integer",
"multiValued": false,
"description": "Counter for failed login attempts.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "Login information about the credential.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of credential a assigned to the user.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "profiles",
"type": "complex",
"subAttributes": [
{
"name": "state",
"type": "string",
"multiValued": false,
"description": "An enumeration value indicating the profile's administrative status.",
"required": true,
"canonicalValues": [
"ACTIVE",
"DISABLED",
"ARCHIVED"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name of the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the profile. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "defaultProfile",
"type": "boolean",
"multiValued": false,
"description": "Indicates it is the default profile of user or not. One and only one must true.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "deputedProfileExtId",
"type": "string",
"multiValued": false,
"description": "External identifier of deputed profile if exists.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "unitExtId",
"type": "string",
"multiValued": false,
"description": "Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "idmAuthorizations",
"type": "complex",
"subAttributes": [
{
"name": "authorizedForAllClients",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all clients in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllUnits",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all units in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllApplications",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all applications in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllEnterpriseRoles",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all enterprise roles in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedClientExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected clients in case all clients flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedApplicationExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected applications in case all applications flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "IDM role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "appAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Application role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "enterpriseAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Enterprise role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of assigned profiles to the user. At least one is mandatory.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginInfo",
"type": "complex",
"subAttributes": [
{
"name": "lastLogin",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "lastFailure",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login failure of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "Login information about the user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
]
},
"statusCode": "OK",
"statusCodeValue": 200
},
"status": "OK"
}
]
}
List Schemas
Use this endpoint to get the list of supported SCIM schemas with details.
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas?<parameters>
Request Parameters
Name | Description | Mandatory | Example |
---|---|---|---|
startIndex | Start index for the listing. The first element index: 1 Default value: 1. | No | 1 |
count | Maximum number of elements in the result list. Default value: 10. | No | 10 |
Response
The structure is the same as in the list of users endpoint, but here the Resources
are ScimSchema
instances.
Example list of schemas
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 8,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User for the actual customer. This is mapped to the loginId property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "complex",
"subAttributes": [
{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or Last Name in most Western languages. This is mapped to name property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User. This is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "honorificPrefix",
"type": "string",
"multiValued": false,
"description": "The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "The components of the user’s name complex type. This is mapped to name, firstName, remarks... properties of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}, ...
Get Schema
Use this endpoint to get one of the supported SCIM schemas with attribute details.
This endpoint implements the required /Schemas
enpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4.
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas/<SCIM Schema URI>
Example request
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas/urn%3Aietf%3Aparams%3Ascim%3Aschemas%3Acore%3A2.0%3AUser
Without URL encoding: https://<hostname>:<port>/nevisidm/api/scim/v1/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
Response
A ScimSchema
instance.
Example response of schema getting
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User for the actual customer. This is mapped to the loginId property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "complex",
"subAttributes": [
{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or Last Name in most Western languages. This is mapped to name property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User. This is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "honorificPrefix",
"type": "string",
"multiValued": false,
"description": "The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "The components of the user’s name complex type. This is mapped to name, firstName, remarks... properties of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}, ...
List of Standard Resources
Use this endpoint to discover what kind of resources are supported in a SCIM 2.0 compliant server of IDM.
This endpoint implements the required /ResourceTypes
endpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4.
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ResourceTypes?<paramters>
Request Parameters
Name | Description | Mandatory | Example |
---|---|---|---|
startIndex | Start index for the listing. The first element index: 1 Default value: 1. | No | 1 |
count | Maximum number of elements in the result list. Default value: 10. | No | 10 |
Response
A ScimSchema instance.
The structure is the same as in the list of users endpoint, but here the Resources
are ScimResource
instances.
Example list of supported resources
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"meta": {
"resourceType": "ResourceType",
"location": "http://localhost:8080/nevisidm/api/scim/v1/ResourceTypes/User"
},
"endpoint": "/Users",
"schemaExtensions": [
{
"required": true,
"schema": "urn:nevis:idm:scim:schemas:v1:extension:User"
}
],
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
}
]
}
Get a Standard Resource
Use this endpoint to examine one of the supported resources in a SCIM 2.0 compliant server of nevisIDM.
This endpoint implements the required /ResourceTypes
endpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4.
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ResourceTypes/<Resource identifier>
Example request
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ResourceTypes/urn%3Aietf%3Aparams%3Ascim%3Aschemas%3Acore%3A2.0%3AUser
Without URL encoding: https://<hostname>:<port>/nevisidm/api/scim/v1ResourceTypes/urn:ietf:params:scim:schemas:core:2.0:User
Response
A ScimResource
instance.
Example response of standard resource getting
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"meta": {
"resourceType": "ResourceType",
"location": "http://localhost:8080/nevisidm/api/scim/v1/ResourceTypes/User"
},
"endpoint": "/Users",
"schemaExtensions": [
{
"required": true,
"schema": "urn:nevis:idm:scim:schemas:v1:extension:User"
}
],
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
}
Service Provider Config
Use this endpoint to check the available services in a SCIM 2.0 compliant server of IDM.
This endpoint implements the required /ServiceProviderConfig
enpoint defined by the SCIM 2.0 standard: `http://datatracker.ietf.org/doc/html/rfc7644#section-4
URL
GET: https://<hostname>:<port>/nevisidm/api/scim/v1/ServiceProviderConfiguration
Response
A ScimServiceProviderConfig
instance.
Example response of service provider configuration getting
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "http://example.com/help/scim.html",
"patch": {
"supported": true
},
"bulk": {
"supported": true,
"maxOperations": 1000,
"maxPayloadSize": 1048576
},
"filter": {
"supported": true,
"maxResults": 200
},
"changePassword": {
"supported": true
},
"sort": {
"supported": true
},
"etag": {
"supported": true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "http://example.com/help/oauth.html",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "http://example.com/help/httpBasic.html",
"type": "httpbasic"
}
],
"meta": {
"location": "https://example.com/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W/\"3694e05e9dff594\""
}
}