Hi Shavindri, Thanks for bringing this up. I was going to reply by reporting a doc jira asking to explain about SCIM APIs in terms of its use case since I couldn't find much information in docs. Better if we can explain SCIM inbound connector and SCIM outbound connector's use case as Farsath has explained in the mail thread. His explanation is clear enough to go in to docs.
I have reported a jira [1] for your reference. [1] https://wso2.org/jira/browse/DOCUMENTATION-6342 Thanks, Ushani On Thu, Nov 2, 2017 at 5:49 PM, Shavindri Dissanayake <[email protected]> wrote: > Hi Ushani, > > Need your help to clarify the following: > Do you feel there is a doc gap with regard to managing users/roles using > REST APIs? If so we will move to update docs to avoid this. Looking > forward to your reply. > > [1] https://docs.wso2.com/display/IS540/SCIM+APIs > > Thanks & Regards > Shavindri Dissanayake > Senior Technical Writer > > WSO2 Inc. > lean.enterprise.middleware > > On Wed, Nov 1, 2017 at 8:26 PM, Ushani Balasooriya <[email protected]> > wrote: > >> Thanks Farsath and Isura for the clarification. >> >> On 1 Nov 2017 8:24 pm, "Isura Karunaratne" <[email protected]> wrote: >> >>> >>> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed <[email protected]> >>> wrote: >>> >>>> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya <[email protected]> >>>> wrote: >>>> >>>>> Hi IAM team, >>>>> >>>>> I am trying to implement a thirdparty web app to manage users and >>>>> roles functionalities as explained in this blog post [1] Solution 26. >>>>> >>>>> According to the solution, it says, >>>>> >>>>> *"The WSO2 Identity Server exposes a set of REST endpoints as well as >>>>> SOAP-based services for user management, the web app just need to talk to >>>>> these endpoints, without having to deal directly with underlying user >>>>> stores (LDAP, AD, JDBC)."* >>>>> >>>>> This [2] is the only document I can find as the available API for user >>>>> role management. >>>>> >>>>> Please verify whether my below understandings are correct to proceed >>>>> with this solution. >>>>> >>>>> 1. Since WSO2IS does not provide any REST API for user/role >>>>> management, there will not be a particular API where I can use as endpoint >>>>> in my third party application. >>>>> Therefore my web app should use a class as explained in this [2] >>>>> document. >>>>> >>>>> 2. We should not consider SCIM as REST endpoint to manage users since >>>>> it is used to provision users to external system. Therefore I cannot treat >>>>> SCIM as a REST endpoint which can use to add users and roles. >>>>> >>>> >>> No. As Farasath explains, we do support both inbound and outbound SCIM >>> provisioning. >>> >>> You can treat SCIM endpoint as a well defined standard way to manage >>> users from a third party application. >>> >>> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as >>> a connector) >>> >>> Thanks >>> Isura. >>> >>> >>> >>>> IMO this is not entirely correct. >>>> SCIM inbound connector is used to provision users *in to* Identity >>>> Server and the SCIM outbound connector can be used provision user to >>>> external systems as you explained. >>>> >>>> SCIM inbound connector exposes a REST endpoint through which you can do >>>> CRUD operation on users/groups. This can be considered as a REST endpoint >>>> to manage users. Both SCIM and our SOAP APIs talk to the same underlying >>>> user-core impelementation to achieve CRUD on users (user stores). >>>> >>>> Moreover SCIM simply provides a RESTful layer over our usercore >>>> funcionality. So I don't see why we should not consider SCIM as a REST API >>>> to manage users. >>>> Infact we have customers using SCIM to achieve user registration, user >>>> profile update etc. >>>> >>>>> >>>>> >>>>> [1] https://medium.facilelogin.com/thirty-solution-patterns- >>>>> with-the-wso2-identity-server-16f9fd0c0389 >>>>> >>>>> [2] https://docs.wso2.com/display/IS530/Managing+Users+and+R >>>>> oles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() >>>>> >>>>> Thanks, >>>>> -- >>>>> *Ushani Balasooriya* >>>>> Associate Technical Lead - EE; >>>>> WSO2 Inc; http://www.wso2.com/. >>>>> >>>>> >>>>> -- >>> >>> *Isura Dilhara Karunaratne* >>> Associate Technical Lead | WSO2 >>> Email: [email protected] >>> Mob : +94 772 254 810 <+94%2077%20225%204810> >>> Blog : http://isurad.blogspot.com/ >>> >>> >>> >>> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
