This quickstart will walk you through a basic implementation of a SCIM Service Provider using the default in-memory store from the NuGet package from Rock Solid Knowledge.
NuGet Installation
To start, you’ll need to install our SCIM component from NuGet:
install-package Rsk.AspNetCore.Scim
This component requires a license which you can get by signing up for a demo or purchasing via sales@identityserver.com.
Adding a SCIM Service Provider
To use the SCIM component as a service provider, you need to add the UseScim registration in your IApplicationBuilder, as well as the AddScimServiceProvider registration in your IServiceCollection. The AddScimServiceProvider call will return an IScimServiceProviderBuilder that exposes methods for registering new SCIM resources as well as custom stores and validators. Below we will cover how to quickly get started with the default SCIM resources: Users, Groups, and EnterpriseUsers.
Within the AddScimServiceProvider call, you can register a base route for SCIM requests to be handled on. Within the example, that value is /SCIM. The result is that requests for Users will be handled on /SCIM/Users, and requests for Groups will be handled on /SCIM/Groups.
Requests to service providers need an accept header with the value 'application/scim+json'
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddScimServiceProvider("/SCIM", new ScimLicensingOptions("Demo", "eyJTb2xkRm9yIjowLjAsI .... "));
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseScim();
}
}
Getting Started
The easiest way to test the SCIM component as a service provider is to utilize the in-memory store. To add the in-memory SCIM store for the SCIM core schema resources, call AddScimDefaultResourcesForInMemoryStore on the returned IScimServiceProviderBuilder from the AddScimServiceProvider call.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
services.AddScimServiceProvider("/SCIM", new ScimLicensingOptions("Demo", "eyJTb2xkRm9yIjowLjAsI .... "))
.AddScimDefaultResourcesForInMemoryStore();
}
To use your own models with the in-memory store, call the AddResoure<T> method on the returned IScimServiceProviderBuilder from the AddScimDefaultResourceForInMemoryStore, where T is a class derived from Resource.
public class Organization : Resource
{
public Organization() : base("Organization")
{
}
public string Name { get; set; }
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
services.AddScimServiceProvider("/SCIM", new ScimLicensingOptions("Demo", "eyJTb2xkRm9yIjowLjAsI .... "))
.AddScimDefaultResourcesForInMemoryStore()
.AddResource<Organization>("urn:ietf:params:scim:schemas:RSK:2.0:Organization", "Organizations");
}
Additional Logging
To help debug issues when using the SCIM component, SCIM requests and responses can be logged. Set the EnableRequestAndResponseLogging flag to true in the ScimServiceProviderConfigOptions object passed into AddScimServiceProvider. Then, set the host environment to Development and configure your application's log levels to capture debug logs. For information on changing the web host environment, visit the Microsoft environments documentation, and for help configuring the log level, visit the Microsoft logging [documentation] (https://learn.microsoft.com/en-us/aspnet/core/fundamentals/logging/). Once the additional logging has been enabled, extra details in SCIM requests and responses will be logged. Each log will being with a correlation ID, a unique ID given in the component to a SCIM request, to help correlate related logs for a request.
Warning: PII may be logged when enabling request and response logging. Ensure you're happy for potentially sensitive information to be logged before continuing
When requests is received by the service provider, a log will be output that includes the verb, the URL and the body of the request.
Correlation Id: 639f1764-7e14-4dea-91da-8dafe30ac1be. Incoming SCIM Request. Method "POST", URL: /SCIM/users/, Body: {
"userName": "damion@hodkiewicz.biz",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
]
}
After the request has been executed by the service provider, a log will be output that includes the response status code, and if present, the body of the response. An abbreviated example is below.
Correlation Id: 639f1764-7e14-4dea-91da-8dafe30ac1be. Returning SCIM Response. Status: 201, Body: { "userName":"damion@hodkiewicz.biz","name":{"formatted":" "} ... }