Skip to content

elimity-com/scim

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

scim-logo

GoVersion GoDoc

Tag

This is an open source implementation of the SCIM v2.0 specification for use in Golang. SCIM defines a flexible schema mechanism and REST API for managing identity data. The goal is to reduce the complexity of user management operations by providing patterns for exchanging schemas using HTTP.

In this implementation it is easy to add custom schemas and extensions with the provided structures. Incoming resources will be validated by their corresponding schemas before being passed on to their callbacks.

The following features are supported:

  • GET for /Schemas, /ServiceProviderConfig and /ResourceTypes
  • CRUD (POST/GET/PUT/DELETE and PATCH) for your own resource types (i.e. /Users, /Groups, /Employees, ...)

Other optional features such as sorting, bulk, etc. are not supported in this version.

Installation

Assuming you already have a (recent) version of Go installed, you can get the code with go get:

$ go get github.com/elimity-com/scim

Usage

! errors are ignored for simplicity.

1. Create a service provider configuration.

RFC Config | Example Config

config := scim.ServiceProviderConfig{
    DocumentationURI: optional.NewString("www.example.com/scim"),
}

! no additional features/operations are supported in this version.

2. Create all supported schemas and extensions.

RFC Schema | User Schema | Group Schema | Extension Schema

schema := schema.Schema{
    ID:          "urn:ietf:params:scim:schemas:core:2.0:User",
    Name:        optional.NewString("User"),
    Description: optional.NewString("User Account"),
    Attributes:  []schema.CoreAttribute{
        schema.SimpleCoreAttribute(schema.SimpleStringParams(schema.StringParams{
            Name:       "userName",
            Required:   true,
            Uniqueness: schema.AttributeUniquenessServer(),
        })),
    },
}

extension := schema.Schema{
    ID:          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
    Name:        optional.NewString("EnterpriseUser"),
    Description: optional.NewString("Enterprise User"),
    Attributes: []schema.CoreAttribute{
        schema.SimpleCoreAttribute(schema.SimpleStringParams(schema.StringParams{
            Name: "employeeNumber",
        })),
        schema.SimpleCoreAttribute(schema.SimpleStringParams(schema.StringParams{
            Name: "organization",
        })),
    },
}

3. Create all resource types and their callbacks.

RFC Resource Type | Example Resource Type

3.1 Callback (implementation of ResourceHandler)

Simple In Memory Example

var userResourceHandler scim.ResourceHandler
// initialize w/ own implementation

! each resource type should have its own resource handler.

3.2 Resource Type

resourceTypes := []ResourceType{
    {
        ID:          optional.NewString("User"),
        Name:        "User",
        Endpoint:    "/Users",
        Description: optional.NewString("User Account"),
        Schema:      schema,
        SchemaExtensions: []SchemaExtension{
            {Schema: extension},
        },
        Handler:     userResourceHandler,
    },
},

4. Create Server

serverArgs := &ServerArgs{
    ServiceProviderConfig: config,
    ResourceTypes: resourceTypes,
}

serverOpts := []ServerOption{
    WithLogger(logger), // optional, default is no logging
}

server, err := NewServer(serverArgs, serverOpts...)

Backwards Compatibility

Even though the SCIM package has been running in some production environments, it is still in an early stage, and not all features are supported. So be aware that a change in the minor version could break your implementation. We will not make any breaking changes that takes hours to fix, but some functions might change name or signature.

This was the case for v0.1 to v0.2.0.

String Values for Attributes

By default, the SCIM server will NOT use the string type for all attributes, since this is NOT compliant with the SCIM specification. It is still possible to enable this behavior by toggling a flag within the schema package.

import "github.com/elimity-com/scim/schema"

schema.SetAllowStringValues(true)

Addition Checks/Tests

Not everything can be checked by the SCIM server itself. Below are some things listed that we expect that the implementation covers.

! this list is currently incomplete!

We want to keep this list as short as possible. If you have ideas how we could enforce these rules in the server itself do not hesitate to open an issue or a PR.

Mutability

Immutable Attributes

PUT Handler: If one or more values are already set for the attribute, the input value(s) MUST match.

WriteOnly Attributes

ALL Handlers: Attribute values SHALL NOT be returned.
Note: These attributes usually also has a returned setting of "never".

Contributing

Contributors

We are happy to review pull requests, but please first discuss the change you wish to make via issue, email, or any other method with the owners of this repository before making a change.

If you would like to propose a change please ensure the following:

  • All checks of GitHub Actions are passing (GolangCI-Lint: misspell, godot and whitespace)
  • All already existing tests are passing.
  • You have written tests that cover the code you are making, make sure to include edge cases.
  • There is documentation for at least all public functions you have added.
  • New public functions and structures are kept to a minimum.
  • The same practices are applied (such as the anatomy of methods, names, etc.)
  • Your changes are compliant with SCIM v2.0 (released as RFC7642, RFC7643 and RFC7644 under IETF).