Re: [Dev] Correct way to Add users and Roles via an API
Hi Ushani, Need your help to clarify the following: Do you feel there is a doc gap with regard to managing users/roles using REST APIs? If so we will move to update docs to avoid this. Looking forward to your reply. [1] https://docs.wso2.com/display/IS540/SCIM+APIs Thanks & Regards Shavindri Dissanayake Senior Technical Writer WSO2 Inc. lean.enterprise.middleware On Wed, Nov 1, 2017 at 8:26 PM, Ushani Balasooriya wrote: > Thanks Farsath and Isura for the clarification. > > On 1 Nov 2017 8:24 pm, "Isura Karunaratne" wrote: > >> >> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed >> wrote: >> >>> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya >>> wrote: >>> Hi IAM team, I am trying to implement a thirdparty web app to manage users and roles functionalities as explained in this blog post [1] Solution 26. According to the solution, it says, *"The WSO2 Identity Server exposes a set of REST endpoints as well as SOAP-based services for user management, the web app just need to talk to these endpoints, without having to deal directly with underlying user stores (LDAP, AD, JDBC)."* This [2] is the only document I can find as the available API for user role management. Please verify whether my below understandings are correct to proceed with this solution. 1. Since WSO2IS does not provide any REST API for user/role management, there will not be a particular API where I can use as endpoint in my third party application. Therefore my web app should use a class as explained in this [2] document. 2. We should not consider SCIM as REST endpoint to manage users since it is used to provision users to external system. Therefore I cannot treat SCIM as a REST endpoint which can use to add users and roles. >>> >> No. As Farasath explains, we do support both inbound and outbound SCIM >> provisioning. >> >> You can treat SCIM endpoint as a well defined standard way to manage >> users from a third party application. >> >> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as a >> connector) >> >> Thanks >> Isura. >> >> >> >>> IMO this is not entirely correct. >>> SCIM inbound connector is used to provision users *in to* Identity >>> Server and the SCIM outbound connector can be used provision user to >>> external systems as you explained. >>> >>> SCIM inbound connector exposes a REST endpoint through which you can do >>> CRUD operation on users/groups. This can be considered as a REST endpoint >>> to manage users. Both SCIM and our SOAP APIs talk to the same underlying >>> user-core impelementation to achieve CRUD on users (user stores). >>> >>> Moreover SCIM simply provides a RESTful layer over our usercore >>> funcionality. So I don't see why we should not consider SCIM as a REST API >>> to manage users. >>> Infact we have customers using SCIM to achieve user registration, user >>> profile update etc. >>> [1] https://medium.facilelogin.com/thirty-solution-patterns- with-the-wso2-identity-server-16f9fd0c0389 [2] https://docs.wso2.com/display/IS530/Managing+Users+and+ Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() Thanks, -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. -- >> >> *Isura Dilhara Karunaratne* >> Associate Technical Lead | WSO2 >> Email: is...@wso2.com >> Mob : +94 772 254 810 <+94%2077%20225%204810> >> Blog : http://isurad.blogspot.com/ >> >> >> >> > ___ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Correct way to Add users and Roles via an API
Hi Shavindri, Thanks for bringing this up. I was going to reply by reporting a doc jira asking to explain about SCIM APIs in terms of its use case since I couldn't find much information in docs. Better if we can explain SCIM inbound connector and SCIM outbound connector's use case as Farsath has explained in the mail thread. His explanation is clear enough to go in to docs. I have reported a jira [1] for your reference. [1] https://wso2.org/jira/browse/DOCUMENTATION-6342 Thanks, Ushani On Thu, Nov 2, 2017 at 5:49 PM, Shavindri Dissanayake wrote: > Hi Ushani, > > Need your help to clarify the following: > Do you feel there is a doc gap with regard to managing users/roles using > REST APIs? If so we will move to update docs to avoid this. Looking > forward to your reply. > > [1] https://docs.wso2.com/display/IS540/SCIM+APIs > > Thanks & Regards > Shavindri Dissanayake > Senior Technical Writer > > WSO2 Inc. > lean.enterprise.middleware > > On Wed, Nov 1, 2017 at 8:26 PM, Ushani Balasooriya > wrote: > >> Thanks Farsath and Isura for the clarification. >> >> On 1 Nov 2017 8:24 pm, "Isura Karunaratne" wrote: >> >>> >>> On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed >>> wrote: >>> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya wrote: > Hi IAM team, > > I am trying to implement a thirdparty web app to manage users and > roles functionalities as explained in this blog post [1] Solution 26. > > According to the solution, it says, > > *"The WSO2 Identity Server exposes a set of REST endpoints as well as > SOAP-based services for user management, the web app just need to talk to > these endpoints, without having to deal directly with underlying user > stores (LDAP, AD, JDBC)."* > > This [2] is the only document I can find as the available API for user > role management. > > Please verify whether my below understandings are correct to proceed > with this solution. > > 1. Since WSO2IS does not provide any REST API for user/role > management, there will not be a particular API where I can use as endpoint > in my third party application. > Therefore my web app should use a class as explained in this [2] > document. > > 2. We should not consider SCIM as REST endpoint to manage users since > it is used to provision users to external system. Therefore I cannot treat > SCIM as a REST endpoint which can use to add users and roles. > >>> No. As Farasath explains, we do support both inbound and outbound SCIM >>> provisioning. >>> >>> You can treat SCIM endpoint as a well defined standard way to manage >>> users from a third party application. >>> >>> IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as >>> a connector) >>> >>> Thanks >>> Isura. >>> >>> >>> IMO this is not entirely correct. SCIM inbound connector is used to provision users *in to* Identity Server and the SCIM outbound connector can be used provision user to external systems as you explained. SCIM inbound connector exposes a REST endpoint through which you can do CRUD operation on users/groups. This can be considered as a REST endpoint to manage users. Both SCIM and our SOAP APIs talk to the same underlying user-core impelementation to achieve CRUD on users (user stores). Moreover SCIM simply provides a RESTful layer over our usercore funcionality. So I don't see why we should not consider SCIM as a REST API to manage users. Infact we have customers using SCIM to achieve user registration, user profile update etc. > > > [1] https://medium.facilelogin.com/thirty-solution-patterns- > with-the-wso2-identity-server-16f9fd0c0389 > > [2] https://docs.wso2.com/display/IS530/Managing+Users+and+R > oles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() > > Thanks, > -- > *Ushani Balasooriya* > Associate Technical Lead - EE; > WSO2 Inc; http://www.wso2.com/. > > > -- >>> >>> *Isura Dilhara Karunaratne* >>> Associate Technical Lead | WSO2 >>> Email: is...@wso2.com >>> Mob : +94 772 254 810 <+94%2077%20225%204810> >>> Blog : http://isurad.blogspot.com/ >>> >>> >>> >>> >> ___ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] Correct way to Add users and Roles via an API
Hi IAM team, I am trying to implement a thirdparty web app to manage users and roles functionalities as explained in this blog post [1] Solution 26. According to the solution, it says, *"The WSO2 Identity Server exposes a set of REST endpoints as well as SOAP-based services for user management, the web app just need to talk to these endpoints, without having to deal directly with underlying user stores (LDAP, AD, JDBC)."* This [2] is the only document I can find as the available API for user role management. Please verify whether my below understandings are correct to proceed with this solution. 1. Since WSO2IS does not provide any REST API for user/role management, there will not be a particular API where I can use as endpoint in my third party application. Therefore my web app should use a class as explained in this [2] document. 2. We should not consider SCIM as REST endpoint to manage users since it is used to provision users to external system. Therefore I cannot treat SCIM as a REST endpoint which can use to add users and roles. [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389 [2] https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() Thanks, -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Correct way to Add users and Roles via an API
On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed wrote: > On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya > wrote: > >> Hi IAM team, >> >> I am trying to implement a thirdparty web app to manage users and roles >> functionalities as explained in this blog post [1] Solution 26. >> >> According to the solution, it says, >> >> *"The WSO2 Identity Server exposes a set of REST endpoints as well as >> SOAP-based services for user management, the web app just need to talk to >> these endpoints, without having to deal directly with underlying user >> stores (LDAP, AD, JDBC)."* >> >> This [2] is the only document I can find as the available API for user >> role management. >> >> Please verify whether my below understandings are correct to proceed with >> this solution. >> >> 1. Since WSO2IS does not provide any REST API for user/role management, >> there will not be a particular API where I can use as endpoint in my third >> party application. >> Therefore my web app should use a class as explained in this [2] >> document. >> >> 2. We should not consider SCIM as REST endpoint to manage users since it >> is used to provision users to external system. Therefore I cannot treat >> SCIM as a REST endpoint which can use to add users and roles. >> > No. As Farasath explains, we do support both inbound and outbound SCIM provisioning. You can treat SCIM endpoint as a well defined standard way to manage users from a third party application. IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as a connector) Thanks Isura. > IMO this is not entirely correct. > SCIM inbound connector is used to provision users *in to* Identity Server > and the SCIM outbound connector can be used provision user to external > systems as you explained. > > SCIM inbound connector exposes a REST endpoint through which you can do > CRUD operation on users/groups. This can be considered as a REST endpoint > to manage users. Both SCIM and our SOAP APIs talk to the same underlying > user-core impelementation to achieve CRUD on users (user stores). > > Moreover SCIM simply provides a RESTful layer over our usercore > funcionality. So I don't see why we should not consider SCIM as a REST API > to manage users. > Infact we have customers using SCIM to achieve user registration, user > profile update etc. > >> >> >> [1] >> https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-16f9fd0c0389 >> >> [2] >> https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() >> >> Thanks, >> -- >> *Ushani Balasooriya* >> Associate Technical Lead - EE; >> WSO2 Inc; http://www.wso2.com/. >> >> >> -- *Isura Dilhara Karunaratne* Associate Technical Lead | WSO2 Email: is...@wso2.com Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Correct way to Add users and Roles via an API
On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya wrote: > Hi IAM team, > > I am trying to implement a thirdparty web app to manage users and roles > functionalities as explained in this blog post [1] Solution 26. > > According to the solution, it says, > > *"The WSO2 Identity Server exposes a set of REST endpoints as well as > SOAP-based services for user management, the web app just need to talk to > these endpoints, without having to deal directly with underlying user > stores (LDAP, AD, JDBC)."* > > This [2] is the only document I can find as the available API for user > role management. > > Please verify whether my below understandings are correct to proceed with > this solution. > > 1. Since WSO2IS does not provide any REST API for user/role management, > there will not be a particular API where I can use as endpoint in my third > party application. > Therefore my web app should use a class as explained in this [2] document. > > 2. We should not consider SCIM as REST endpoint to manage users since it > is used to provision users to external system. Therefore I cannot treat > SCIM as a REST endpoint which can use to add users and roles. > IMO this is not entirely correct. SCIM inbound connector is used to provision users *in to* Identity Server and the SCIM outbound connector can be used provision user to external systems as you explained. SCIM inbound connector exposes a REST endpoint through which you can do CRUD operation on users/groups. This can be considered as a REST endpoint to manage users. Both SCIM and our SOAP APIs talk to the same underlying user-core impelementation to achieve CRUD on users (user stores). Moreover SCIM simply provides a RESTful layer over our usercore funcionality. So I don't see why we should not consider SCIM as a REST API to manage users. Infact we have customers using SCIM to achieve user registration, user profile update etc. > > > [1] https://medium.facilelogin.com/thirty-solution-patterns- > with-the-wso2-identity-server-16f9fd0c0389 > > [2] https://docs.wso2.com/display/IS530/Managing+Users+and+ > Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() > > Thanks, > -- > *Ushani Balasooriya* > Associate Technical Lead - EE; > WSO2 Inc; http://www.wso2.com/. > > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] Correct way to Add users and Roles via an API
Thanks Farsath and Isura for the clarification. On 1 Nov 2017 8:24 pm, "Isura Karunaratne" wrote: > > On Wed, Nov 1, 2017 at 8:01 PM Farasath Ahamed wrote: > >> On Wed, Nov 1, 2017 at 7:38 PM, Ushani Balasooriya >> wrote: >> >>> Hi IAM team, >>> >>> I am trying to implement a thirdparty web app to manage users and roles >>> functionalities as explained in this blog post [1] Solution 26. >>> >>> According to the solution, it says, >>> >>> *"The WSO2 Identity Server exposes a set of REST endpoints as well as >>> SOAP-based services for user management, the web app just need to talk to >>> these endpoints, without having to deal directly with underlying user >>> stores (LDAP, AD, JDBC)."* >>> >>> This [2] is the only document I can find as the available API for user >>> role management. >>> >>> Please verify whether my below understandings are correct to proceed >>> with this solution. >>> >>> 1. Since WSO2IS does not provide any REST API for user/role management, >>> there will not be a particular API where I can use as endpoint in my third >>> party application. >>> Therefore my web app should use a class as explained in this [2] >>> document. >>> >>> 2. We should not consider SCIM as REST endpoint to manage users since it >>> is used to provision users to external system. Therefore I cannot treat >>> SCIM as a REST endpoint which can use to add users and roles. >>> >> > No. As Farasath explains, we do support both inbound and outbound SCIM > provisioning. > > You can treat SCIM endpoint as a well defined standard way to manage users > from a third party application. > > IS 5.3.0 onwards identity server supports both SCIM 1.1 and SCIM2.0 (as a > connector) > > Thanks > Isura. > > > >> IMO this is not entirely correct. >> SCIM inbound connector is used to provision users *in to* Identity >> Server and the SCIM outbound connector can be used provision user to >> external systems as you explained. >> >> SCIM inbound connector exposes a REST endpoint through which you can do >> CRUD operation on users/groups. This can be considered as a REST endpoint >> to manage users. Both SCIM and our SOAP APIs talk to the same underlying >> user-core impelementation to achieve CRUD on users (user stores). >> >> Moreover SCIM simply provides a RESTful layer over our usercore >> funcionality. So I don't see why we should not consider SCIM as a REST API >> to manage users. >> Infact we have customers using SCIM to achieve user registration, user >> profile update etc. >> >>> >>> >>> [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the- >>> wso2-identity-server-16f9fd0c0389 >>> >>> [2] https://docs.wso2.com/display/IS530/Managing+Users+ >>> and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-addRole() >>> >>> Thanks, >>> -- >>> *Ushani Balasooriya* >>> Associate Technical Lead - EE; >>> WSO2 Inc; http://www.wso2.com/. >>> >>> >>> -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev