User store manager to cater organization management operations (wso2is-5.10.0)
##Organization user store manager configurations
- Make default
organization
SCIM2 attribute a complex attribute withorganization.id
andorganization.name
sub-attributes by adding/changing below in the<IS_HOME>>/repository/conf/scim2-schema-extension.config
file.
{
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization.id",
"attributeName":"id",
"dataType":"string",
"multiValued":"false",
"description":"The id of the organization",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"canonicalValues":[],
"referenceTypes":[]
},
{
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization.name",
"attributeName":"name",
"dataType":"string",
"multiValued":"false",
"description":"The name of the organization",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"canonicalValues":[],
"referenceTypes":[]
},
{
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization",
"attributeName":"organization",
"dataType":"complex",
"multiValued":"false",
"description":"Identifies an organization",
"required":"false",
"caseExact":"false",
"mutability":"readWrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"id name",
"canonicalValues":[],
"referenceTypes":[]
},
- From the Management Console, create new External claims(
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
dialect) and local claims(http://wso2.org/claims
dialect) and map them. (Map LDAP attributes to the newly defined local claims)
Example local claims:
http://wso2.org/claims/organizationName
http://wso2.org/claims/organizationId
Example external claims:
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization.name
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization.id
- Make sure that you have the
<IS_HOME>/repository/resources/conf/templates/repository/conf/identity/identity.xml.j2
updated with the new configurations for the organization management feature.
<!--Organization management properties-->
<OrganizationMgt>
<OrgNameClaimUri>{{organization.mgt.org_name_claim_uri}}</OrgNameClaimUri>
<OrgIdClaimUri>{{organization.mgt.org_id_claim_uri}}</OrgIdClaimUri>
<AttributeValidatorClass>{{organization.mgt.attribute_validator_class}}</AttributeValidatorClass>
</OrganizationMgt>
- Define organization mgt related claim URIs in the
<IS_HOME>>/repository/conf/deployment.toml
[organization.mgt]
org_name_claim_uri = "http://wso2.org/claims/organizationName"
org_id_claim_uri = "http://wso2.org/claims/organizationId"
attribute_validator_class = "org.wso2.carbon.identity.organization.mgt.core.validator.AttributeValidatorImpl"
- Build the project and add the artifact in the
<IS_HOME>/repository/components/dropins
directory - Restart the server
##Sample SCIM2 requests List/filter users of an organization (define organization by its 'id' or 'name')
curl -X GET \
'https://localhost:9443/scim2/Users?startIndex=0&count=10&domain=WSO2.COM&filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization.id+eq+cca6bb80-6252-4d98-9331-c8c6d48dbca3' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: ff645216-78f8-48d5-91fe-aedea074b05e' \
-H 'cache-control: no-cache'
curl -X GET \
'https://localhost:9443/scim2/Users?startIndex=0&count=10&domain=WSO2.COM&filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization.name+eq+Hesei' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 66c9e3d6-64c9-490a-b936-a4a46380240b' \
-H 'cache-control: no-cache'
Add user to an organization (define organization by its 'id' or 'name')
curl -X POST \
https://localhost:9443/scim2/Users \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 1410cbfb-1b40-4690-afc0-cbddecd00a24' \
-H 'cache-control: no-cache' \
-d '{
"schemas": [],
"name": {
"givenName": "John",
"familyName": "Doe"
},
"userName": "WSO2.com/johndoe",
"password": "abc123",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"organization": {
"id": "cca6bb80-6252-4d98-9331-c8c6d48dbca3"
}
}
}'
curl -X POST \
https://localhost:9443/scim2/Users \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
-H 'Content-Type: application/json' \
-H 'Postman-Token: 1410cbfb-1b40-4690-afc0-cbddecd00a24' \
-H 'cache-control: no-cache' \
-d '{
"schemas": [],
"name": {
"givenName": "John",
"familyName": "Doe"
},
"userName": "WSO2.com/johndoe",
"password": "abc123",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"organization": {
"name": "Hesei"
}
}
}'