To allow a single SCIM service provider to support multi tenancy while maintaining a single store implementation, an interface has been created called Rsk.AspNetCore.Scim.Hosting.Tenancy.ITenancyAccessor. Stores wishing to support multi-tenancy should inject an implementation of ITenancyAccessor as part of their constructor parameters.
In each of the store methods, the store should use the ITenancyAccessor.Tenancy property to obtain the tenancy context for the current operation
There are many ways multi-tenancy could be configured
- Sub Domain
- Path Based
- Token
- API Key
Out of the box there is support for Path Based multi-tenancy (see below). To support an alternative, you will need to implement a piece of ASP.NET Core middleware to set the tenancy via the ITenancyAccessor.Tenancy property.
Path Based Multi Tenancy
The out of the box path based tenancy extracts the tenancy from the URL path of the SCIM request
https://myScimServiceProvider.acme.com/SCIM/{tenancy}/{resource type}
To enable path based tenancy, call AddPathBasedTenancy as part of the service wire up.
builder.Services
.AddScimServiceProvider("/scim",
new ScimLicensingOptions()
{
})
.AddPathBasedTenancy(PathBasedTenancyRequirement.OptionalPresence)
If a tenancy is provided as part of the SCIM request URL, the ITenancyAccessor.Tenancy property will be set to the tenancy
If supplying a tenancy is a requirement, then call AddPathBasedTenancy with PathBasedTenancyRequirement.MustBePresent. If a tenancy is not supplied in the SCIM request URL, a 404 will be returned.
Tenancy Validation
By default any value for the tenancy will be allowed, and it will be up to the store to determine its validaty. If you wish to validate the tenancy value as part of the pipeline, then you will need to provide an implementation of Rsk.AspNetCore.Scim.Hosting.Tenancy.IValidatePathBasedTenancy and register it with the DI container as a Singleton. When the SCIM routing middleware encounters a possible tenancy value in the path it will call IsValidTenancy with the extracted tenancy value, if the method returns true the tenancy is considered valid and the tenancy value is made available, if it returns false, a 404 will be returned.