Yes.. one objective is - not to touch the schema of the existing user store
- but still do SCIM provisioning.. We need to maintain these out side the
user store.
Thanks & regards,
-Prabath
On Tue, Oct 22, 2013 at 6:54 PM, Venura Kahawala wrote:
> Yes,
>
> Making two calls doesn't work if the u
Yes.. one object is - not to touch the schema of the existing user store -
but still do SCIM provisioning.. We need to maintain these out side the
user store.
Thanks & regards,
-Prabath
On Tue, Oct 22, 2013 at 6:54 PM, Venura Kahawala wrote:
> Yes,
>
> Making two calls doesn't work if the user
Yes,
Making two calls doesn't work if the username of the provider has been
already changed without the knowledge of the consumer.
We could store provider SCIM IDs as a mapping against consumer SCIM ID. If
we need to keep the mapping with externalId, we need to implement the
functionality to gene
Why not we maintain all the ids from external CSP - against the externalid
? Then we do not need to worry about doing two calls..
Thanks & regards,
-Prabath
On Tue, Oct 22, 2013 at 6:43 PM, Venura Kahawala wrote:
> Yes :)
>
>
> On Tue, Oct 22, 2013 at 11:11 AM, Prabath Siriwardena wrote:
>
>>
Yes :)
On Tue, Oct 22, 2013 at 11:11 AM, Prabath Siriwardena wrote:
>
>
>
> On Tue, Oct 22, 2013 at 6:39 PM, Venura Kahawala wrote:
>
>> Hi,
>>
>> Sorry for the trouble, but we do a filtering request to the provider with
>> user name (filter=userNameEq) and get the SCIM id and do the provisioni
On Tue, Oct 22, 2013 at 6:39 PM, Venura Kahawala wrote:
> Hi,
>
> Sorry for the trouble, but we do a filtering request to the provider with
> user name (filter=userNameEq) and get the SCIM id and do the provisioning
> to the outbound CSP.
>
:-)
So we are back to the first question.. We do two c
Hi,
Sorry for the trouble, but we do a filtering request to the provider with
user name (filter=userNameEq) and get the SCIM id and do the provisioning
to the outbound CSP.
Regards,
Venura
On Tue, Oct 22, 2013 at 11:05 AM, Prabath Siriwardena wrote:
> But for outbound provisioning from IS we c
But for outbound provisioning from IS we cannot do the same now - as we do
not maintain the ids returned by the connected CSPs at the time we add the
user..?
Thanks & regards,
-Prabath
On Tue, Oct 22, 2013 at 6:21 PM, Venura Kahawala wrote:
> Hi,
>
> Yes, I was wrong regarding the endpoint. He
Hi,
Yes, I was wrong regarding the endpoint. Here is an example of PUT
operation on user resource.
curl -v -k --user admin:admin -X *PUT* -d
"{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","emails":[{"value":"
has...@wso2.com","type":"work"},{"value"
In that case its with an id - not a direct PUT to /Users. Its like /Users/id
To sort out any confusion here we need to look at
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.6
So - it looks like just doing a PUT on /Users is not quite correct - we
need to identify the resource in the
Hi,
On Tue, Oct 22, 2013 at 10:17 AM, Prabath Siriwardena wrote:
>
>
>
> On Tue, Oct 22, 2013 at 5:41 PM, Venura Kahawala wrote:
>
>> Hi,
>>
>> Also - how spec compliant - is it to do a PUT directly on Users ?
>>>
>>
>> Doing a PUT operation on user resource is acceptable but this operation
>
On Tue, Oct 22, 2013 at 5:41 PM, Venura Kahawala wrote:
> Hi,
>
> Also - how spec compliant - is it to do a PUT directly on Users ?
>>
>
> Doing a PUT operation on user resource is acceptable but this operation
> will replace the resource. We need to implement the PATCH operation in
> order to p
Hi,
On Tue, Oct 22, 2013 at 9:53 AM, Prabath Siriwardena wrote:
> What is the endpoint we are doing the PUT..? I guess its just /Users -
> with no id.
>
Yes we use the same endpoint to do the PUT operation
> In that case is it correct to assume that CSP will find the resource from
> the userN
What is the endpoint we are doing the PUT..? I guess its just /Users - with
no id.
In that case is it correct to assume that CSP will find the resource from
the userName in the request ? Also is it correct to assume that userName
does not get change in the connected systems ?
Also - how spec comp
Hi,
On Tue, Oct 22, 2013 at 12:55 AM, Ishara Karunarathna wrote:
> Hi Prabath,
>
> id (scimId attribute)
> Mandatory attribute, Random value generated by each Service Provider,
> Unique to each service provider, immutable
>
> exernalId
> Is not an mandatory attribute, Will be generated by consu
Hi,
We do not send two separate calls, Since user name is a unique attribute
SCIM providers handle the request by taking the user name and identifying
to which resource the operation should be applied.
Regards,
Venura
On Tue, Oct 22, 2013 at 9:15 AM, Prabath Siriwardena wrote:
>
> On Tue, Oct
On Tue, Oct 22, 2013 at 3:09 PM, Ishara Karunarathna wrote:
> No, We do not maintain a list, instead we get the scimId of the user being
> provisioned from the particular provider
> by filtering with user name.
>
So - for each outbound provisioning - there are two calls..? One to get the
id - and
No, We do not maintain a list, instead we get the scimId of the user being
provisioned from the particular provider
by filtering with user name.
In consumer side externaid is useful, but in the [2] case it would be
better if we need, keep returned scimId's mapping to
Consumer's scimId as it it uni
When IS provisions users to other connected systems - are we maintaining
the list of id's returned by each CSP...?
IMO externaid is also useful. A given externalid could map to multiple id's
returned by CSPs.
Thanks & regards,
-Prabath
On Tue, Oct 22, 2013 at 8:25 AM, Ishara Karunarathna wrote:
Hi Prabath,
id (scimId attribute)
Mandatory attribute, Random value generated by each Service Provider,
Unique to each service provider, immutable
exernalId
Is not an mandatory attribute, Will be generated by consumers, unique
across all Service Providers, not immutable
userName
Mandatory attrib
There are three use cases..
1. SCIM consumer sends a provisioning request to IS - which is the SCIM CSP.
2. [1] & Identity Server provisions the user to other CSPs
3. Adding user from the IS management console and provision the user to
other connected CSP.
How do we handle id/externalid/userName
21 matches
Mail list logo
