https://github.com/aserto-dev/scim

Aserto SCIM service
https://github.com/aserto-dev/scim

Last synced: 4 months ago
JSON representation

Aserto SCIM service

• Host: GitHub
• URL: https://github.com/aserto-dev/scim
• Owner: aserto-dev
• License: apache-2.0
• Created: 2023-11-23T12:22:52.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-04-29T15:14:44.000Z (about 1 year ago)
• Last Synced: 2025-04-30T12:58:44.985Z (about 1 year ago)
• Language: Go
• Size: 177 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# scim

The Aserto SCIM service uses the SCIM 2.0 protocol to import data into the Aserto Directory. While not all features have been implemented yet, it supports the basic operations in order to manage users and groups using the SCIM core schemas.

### sample config.yaml

```yaml

---

logging:

  log_level: info

server:

  listen_address: ":8080"

  auth:

    basic:

      enabled: true

      username: "scim"

      password: "scim"

    bearer:

      enabled: true

      token: "scim"

directory:

  address: "localhost:9292"

  no_tls: true

scim:

  user:

    object_type: user

    identity_object_type: identity

    identity_relation: user#identifier

    property_mapping: 

      enabled: active

    source_object_type: scim_user

    manager_relation: manager

  group:

    object_type: group

    group_member_relation: member

    source_object_type: scim_group

  role:

    object_type: group

    role_relation: member

  relations:

    - object_id: system

      object_type: system

      relation: admin

      subject_id: admins

      subject_type: group

      subject_relation: member

```

### start service

```

go run ./cmd/aserto-scim/main.go run -c ./config.yaml

```

### run as docker container

```

docker run -p 8080:8080 -v {config directory}:/config:ro ghcr.io/aserto-dev/scim:latest run -c /config/config.yaml

```

### list users

```

curl  -X GET \

  'http://127.0.0.1:8080/Users' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim'

```

### create user

```

curl  -X POST \

  'http://127.0.0.1:8080/Users' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim' \

  --header 'Content-Type: application/json' \

  --data-raw '{

    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],

    "userName": "rsanchez",

    "name": {

        "givenName": "Rick",

        "familyName": "Sanchez"

    },

    "emails": [{

        "primary": true,

        "value": "rick@the-citadel.com",

        "type": "work"

    }],

    "displayName": "Rick Sanchez",

    "locale": "en-US",

    "groups": [],

    "active": true

}'

```

The create operation will return a user ID, which will be used to identify the user from now on

### get a user

`curl -X 'GET' 'http://127.0.0.1:8080/Users/{user id}' `

```

curl  -X GET \

  'http://127.0.0.1:8080/Users/rsanchez' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim'

```

### delete a user

`curl -X 'DELETE' 'http://127.0.0.1:8080/Users/{user id}'`

```

curl  -X DELETE \

  'http://127.0.0.1:8080/Users/rsanchez' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim'

```

### patch user

`curl -X 'PATCH' 'http://127.0.0.1:8080/Users/{user id}'`

```

curl  -X PATCH \

  'http://127.0.0.1:8080/Users/rsanchez' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim' \

  --header 'Content-Type: application/json' \

  --data-raw '{

"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],

"Operations":[

{"op":"add","path": "nickName","value": "Madman"},

{"op":"add","path": "emails[type eq \"home\"].value","value": "rick@home"}

]}'

```

### create group

```

curl  -X POST \

  'http://127.0.0.1:8080/Groups' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim' \

  --header 'Content-Type: application/json' \

  --data-raw '{"displayName": "admin"}'

```

### add user to group

```

curl  -X PATCH \

  'http://127.0.0.1:8080/Users/rsanchez' \

  --header 'Accept: */*' \

  --header 'Authorization: Bearer scim' \

  --header 'Content-Type: application/json' \

  --data-raw '{

"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],

"Operations":[

{"op":"add","path": "groups[type eq \"work\"].value","value": "admin"}

]}'

```

### create a relation from an imported group to a user (e.g. giving admin permission to users that are port of an imported group)

```

  relations:

    - object_id: system

      object_type: system

      relation: admin

      subject_id: admins

      subject_type: group

      subject_relation: member

```

This will create a `admin` relation with `member` subject relation between the `admins` group and the object with id `system` and type `system`