Skip to main content

Overview

The SCIM protocol is a HTTP-based protocol for provisioning and managing identity data specified through SCIM schemas. You can use Casdoor as a SCIM service provider.

Use Casdoor as SCIM service provider

Currently Casdoor only support User Resource Schema, you can manage users through SCIM User operations. You can interact with the Casdoor through the following endpoints:

EndpointMethodDescription
/scim/ServiceProviderConfigGETProvide details about the features of the SCIM standard that are supported, for example, the resources that are supported.
/scim/SchemasGETProvide details about the service provider schemas.
/scim/ResourceTypesGETSpecifie metadata about each resource.
/scim/Users/:idGETRetrieve a user with resource identifier id.
/scim/UsersGETQuery users with query parameters (currently only support startIndex and count).
/scim/UsersPOSTCreate a user.
/scim/Users/:idPUTUpdate a user with resource identifier id.
/scim/Users/:idPATCHModify a user with resource identifier id by PATCH operation.
/scim/Users/:idDELDelete a user with resource identifier id.

For more details, please refer to rfc7644.

User Resource

Casdoor implements the mapping between User Resource Schema (SCIM) and User (Casdoor). The mapping relationship between attributes is as follows:

User Resource Schema (SCIM)User (Casdoor)
idId
meta.createdCreatedTime
meta.lastModifiedUpdatedTime
meta.versionUpdatedTime
externalIdExternalId
userNameName
passwordPassword
displayNameDisplayName
profileUrlHomepage
userTypeType
name.givenNameFirstName
name.familyNameLastName
emails[0].valueEmail
phoneNumbers[0].valuePhone
photos[0].valueAvatar
addresses[0].localityLocation
addresses[0].regionRegion
addresses[0].countryCountryCode

Since Casdoor use Organization to manage User, where each User belongs to a specific Organization, the organization attribute should be passed in Enterprise User Schema Extension (identified by the schema URI urn:ietf:params:scim:schemas:extension:enterprise:2.0:User). Here is a User Resource Schema SCIM representation in JSON format:

{
"active": true,
"addresses": [
{
"country": "CN",
"locality": "Shanghai",
"region": "CN"
}
],
"displayName": "Bob~",
"emails": [
{
"value": "test1@casdoor.com"
}
],
"externalId": "1234123543234234",
"id": "ceacbcb6-40d0-48f1-af23-0990232d570a",
"meta": {
"resourceType": "User",
"created": "2023-10-08T23:51:55+08:00",
"lastModified": "2023-10-12T20:38:49+08:00",
"location": "Users/ceacbcb6-40d0-48f1-af23-0990232d570a",
"version": "2023-10-12T20:38:49+08:00"
},
"name": {
"familyName": "bob",
"formatted": "alice bob",
"givenName": "alice"
},
"nickName": "Bob~",
"phoneNumbers": [
{
"value": "18700006475"
}
],
"photos": [
{
"value": "https://cdn.casbin.org/img/casbin.svg"
}
],
"profileUrl": "https://test.com/profile/built-in/scim_test_user2",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { // The enterprise User extension is identified using this schema URI
"organization": "built-in" // This attribute MUST be passed
},
"userName": "scim_test_user2",
"userType": "normal-user"
}