Extensions | SCIM for ASP.NET

This quickstart shows how to utilize the extensions feature of SCIM as defined in Core Schema Specification and the Protocol Specification

Configuration

With the default validation and store implementations, extensions are already supported. When using the in-memory store, the EnterpriseUser extension is registered when you call AddScimDefaultResourcesForInMemoryStore. To add any additional extensions you can use the ScimBuilder that is returned from AddScimDefaultResourcesForInMemoryStore.

public void ConfigureServices(IServiceCollection services)
{
    services.AddScimServiceProvider("/SCIM", new ScimLicensingOptions("Demo", "eyJTb2xkRm9yIjowLjAsI .... "))
            .AddScimDefaultResourcesForInMemoryStore()
            .AddResourceExtension<User, MyCustomExtension>("urn:ietf:params:scim:schemas:extension:enterprise:2.0:MyCustomExtension");
}

The default validator will validate that any extension schemas that are present in the schemas array of a request are also present within the model. For example, given the request:

{
    "schemas":["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
    "userName":"babs"
}

The validator will catch that there is the extension schema of urn:ietf:params:scim:schemas:extension:enterprise:2.0:User in the schemas array, but no property in the body to represent the schema.

{
    "status": 400,
    "detail": "Extension \"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User\" is missing"
}

While a valid request will look something like this:

{
    "schemas":["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
    "userName":"babs",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" : {
        "employeeNumber": "emp1",
        "costCenter": "cc1",
        "organization": "org1",
        "division": "d1",
        "department": "d1"
    }
}

Custom Extension Validator

It is possible to use your own validator to extract and validate extensions from a request. To do so, you must have a class that implements IValidateScimExtensions. The methods in this interface are as follows:

Task<IScimResult<IEnumerable<ScimExtensionValue>>> ValidateAddingExtensions(string resourceAsString, string resourceSchema);

Task<IScimResult<IEnumerable<ScimExtensionValue>>> ValidateUpdatingExtensions(string resourceAsString, string resourceId, string resourceSchema);

Then you can register this in the ConfigureServices method in your Startup class.

public void ConfigureServices(IServiceCollection services)
{
    var connectionString = configuration.GetConnectionString("ExtendedScim");

    services.AddScimServiceProvider("/SCIM", new ScimLicensingOptions("Demo", "eyJTb2xkRm9yIjowLjAsI .... "))
            .AddExtensionValidator<ScimExtensionValidator>();
}

Previous Next