Overview
The SCIM protocol is a HTTP-based protocol for provisioning and managing identity data specified through SCIM schemas. You can use Casdoor as a SCIM service provider.
Use Casdoor as SCIM service provider
Currently Casdoor only support User Resource Schema, you can manage users through SCIM User operations.
You can interact with the Casdoor through the following endpoints:
| Endpoint | Method | Description |
|---|---|---|
| /scim/ServiceProviderConfig | GET | Provide details about the features of the SCIM standard that are supported, for example, the resources that are supported. |
| /scim/Schemas | GET | Provide details about the service provider schemas. |
| /scim/ResourceTypes | GET | Specifie metadata about each resource. |
| /scim/Users/:id | GET | Retrieve a user with resource identifier id. |
| /scim/Users | GET | Query users with query parameters (currently only support startIndex and count). |
| /scim/Users | POST | Create a user. |
| /scim/Users/:id | PUT | Update a user with resource identifier id. |
| /scim/Users/:id | PATCH | Modify a user with resource identifier id by PATCH operation. |
| /scim/Users/:id | DEL | Delete a user with resource identifier id. |
For more details, please refer to rfc7644.
User Resource
Casdoor implements the mapping between User Resource Schema (SCIM) and User (Casdoor).
The mapping relationship between attributes is as follows:
| User Resource Schema (SCIM) | User (Casdoor) |
|---|---|
| id | Id |
| meta.created | CreatedTime |
| meta.lastModified | UpdatedTime |
| meta.version | UpdatedTime |
| externalId | ExternalId |
| userName | Name |
| password | Password |
| displayName | DisplayName |
| profileUrl | Homepage |
| userType | Type |
| name.givenName | FirstName |
| name.familyName | LastName |
| emails[0].value | |
| phoneNumbers[0].value | Phone |
| photos[0].value | Avatar |
| addresses[0].locality | Location |
| addresses[0].region | Region |
| addresses[0].country | CountryCode |
Since Casdoor use Organization to manage User, where each User belongs to a specific Organization, the organization attribute should be passed in Enterprise User Schema Extension (identified by the schema URI urn:ietf:params:scim:schemas:extension:enterprise:2.0:User). Here is a User Resource Schema SCIM representation in JSON format:
{
"active": true,
"addresses": [
{
"country": "CN",
"locality": "Shanghai",
"region": "CN"
}
],
"displayName": "Bob~",
"emails": [
{
"value": "test1@casdoor.com"
}
],
"externalId": "1234123543234234",
"id": "ceacbcb6-40d0-48f1-af23-0990232d570a",
"meta": {
"resourceType": "User",
"created": "2023-10-08T23:51:55+08:00",
"lastModified": "2023-10-12T20:38:49+08:00",
"location": "Users/ceacbcb6-40d0-48f1-af23-0990232d570a",
"version": "2023-10-12T20:38:49+08:00"
},
"name": {
"familyName": "bob",
"formatted": "alice bob",
"givenName": "alice"
},
"nickName": "Bob~",
"phoneNumbers": [
{
"value": "18700006475"
}
],
"photos": [
{
"value": "https://cdn.casbin.org/img/casbin.svg"
}
],
"profileUrl": "https://test.com/profile/built-in/scim_test_user2",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { // The enterprise User extension is identified using this schema URI
"organization": "built-in" // This attribute MUST be passed
},
"userName": "scim_test_user2",
"userType": "normal-user"
}