On Sat, Nov 4, 2017 at 12:27 PM, Sashika Wijesinghe <sash...@wso2.com>
wrote:
> Hi Sathya,
>
> Thanks for the configuration requirements provided above. It helps to
> resolve the issue.
>
> According to the current implementation, since we are mapping the claims
> for SCIM extension isn't it better to have the claim configurations mapped
> in the scim-schema-extension.config itself when we bundle the pack rather
> than asking the user to add these configurations manually?
>
+1. I think we have discussed this several other mail threads as well;
can't seem to find them now. Basically we need to have default mappings for
all the identity claims we use in IS such as ask password, email
verification, etc., including for OOTB connectors, and have OOTB mappings
to these identity claims in OIDC, SCIM and other standard dialects we use
in the inbound side (we can omit the Identity Provider dialects like
Facebook, LinkedIn, etc. which is only used in outbound side).
[1] "[IAM] Pre-configure "Identity Claim" mappings for widely used Local
Authenticators"
Regards,
Johann.
>
> Thanks
> Sashika
>
>
>
> On Fri, Nov 3, 2017 at 9:37 PM, Sathya Bandara <sat...@wso2.com> wrote:
>
>> Hi Sashika,
>>
>> I guess the documentation is missing some configuration details. The
>> askPassword and verifyEmail extension attributes should be configured in
>> $SERVER_HOME/repository/conf/scim-schema-extension.config file in
>> addition to the other extension attributes which are already defined there,
>> as follows.
>>
>> {
>> "attributeURI":"urn:scim:schemas:extension:wso2:1.0:wso2Exte
>> nsion.askPassword",
>> "attributeName":"askPassword",
>> "dataType":"boolean",
>> "multiValued":"false",
>> "multiValuedAttributeChildName":"null",
>> "description":"The User's manager",
>> "schemaURI":"urn:scim:schemas:extension:wso2:1.0",
>> "readOnly":"false",
>> "required":"false",
>> "caseExact":"false",
>> "subAttributes":"null"
>> },
>>
>>
>> {
>> "attributeURI":"urn:scim:schemas:extension:wso2:1.0:wso2Exte
>> nsion.verifyEmail",
>> "attributeName":"verifyEmail",
>> "dataType":"boolean",
>> "multiValued":"false",
>> "multiValuedAttributeChildName":"null",
>> "description":"The User's manager",
>> "schemaURI":"urn:scim:schemas:extension:wso2:1.0",
>> "readOnly":"false",
>> "required":"false",
>> "caseExact":"false",
>> "subAttributes":"null"
>> },
>>
>> These two attributes should be added to the list of subAttributes of the
>> urn:scim:schemas:extension:wso2:1.0 entry which can be find at the end
>> of the scim-schema-extension.config file as shown below.
>>
>> {
>> "attributeURI":"urn:scim:schemas:extension:wso2:1.0",
>> "attributeName":"wso2Extension",
>> "dataType":"null",
>> "multiValued":"false",
>> "multiValuedAttributeChildName":"null",
>> "description":"SCIM wso2 User Schema Extension",
>> "schemaURI":"urn:scim:schemas:extension:wso2:1.0",
>> "readOnly":"false",
>> "required":"false",
>> "caseExact":"false",
>> "subAttributes":"employeeNumber costCenter organization division
>> department manager askPassword verifyEmail"
>> }
>>
>>
>> Also The correct approach to create claim mappings for SCIM extension
>> attributes is by configuring external claims for the default SCIM dialect
>> (scim:schemas:core:1.0) and not by creating a separate dialect for the
>> extension schema (scim:schemas:extension:wso2:1.0:wso2Extension). This
>> is already identified in [1] and the relevant documents has been updated.
>> Please refer Claim Mapping section in [2]. Also I will create a Doc JIRA to
>> improve the documentation with necessary configuration details in [3].
>>
>>
>> [1] https://wso2.org/jira/browse/DOCUMENTATION-4647
>> [2] https://docs.wso2.com/display/IS530/Extensible+SCIM+User+Sch
>> emas+With+WSO2+Identity+Server
>> [3] https://docs.wso2.com/display/IS530/Creating+Users+using+the
>> +Ask+Password+Option
>>
>> Thanks,
>> Sathya
>>
>>
>>
>> On Fri, Nov 3, 2017 at 2:46 PM, Sashika Wijesinghe <sash...@wso2.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> I want to create users with ask password option using SCIM 1.1. I have
>>> configured the server as documented in [1].
>>>
>>> The below curl command is used to create the user. After executing the
>>> curl command, the user created successfully but did not receive any email
>>> notification for the given email address. This works when I created a user
>>> from the management console and SOAP admin service.
>>>
>>> Do we need any further configurations to get this done with SCIM 1.1?
>>>
>>> curl -v -k --user admin:admin --data "{"schemas":[],"userName":"nee
>>> ls","password":"password","wso2Extension":{"askPassword":"tr
>>> ue"},"emails":"sash...@wso2.com"}" --header
>>> "Content-Type:application/json" https://localhost:9444/wso2/scim/Users
>>>
>>> [1] https://docs.wso2.com/display/IS530/Creating+Users+using
>>> +the+Ask+Password+Option
>>>
>>> Thanks
>>> Sashika
>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Sashika WijesingheSoftware Engineer - QA Team*
>>> Mobile : +94 (0) 774537487
>>> sash...@wso2.com
>>>
>>
>>
>>
>> --
>> Sathya Bandara
>> Software Engineer
>> WSO2 Inc. http://wso2.com
>> Mobile: (+94) 715 360 421 <+94%2071%20411%205032>
>>
>> <+94%2071%20411%205032>
>>
>
>
>
> --
>
> *Sashika WijesingheSoftware Engineer - QA Team*
> Mobile : +94 (0) 774537487
> sash...@wso2.com
>
--
Thanks & Regards,
*Johann Dilantha Nallathamby*
Senior Lead Solutions Engineer
WSO2, Inc.
lean.enterprise.middleware
Mobile - *+94777776950*
Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
