What is System for Cross-domain Identity Management (SCIM) ?
The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in cloud-based applications and services easier. The specification suite seeks to build upon experience with existing schemas and deployments, placing specific emphasis on simplicity of development and integration, while applying existing authentication, authorization, and privacy models. Its intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols. In essence: make it fast, cheap, and easy to move users in to, out of, and around the cloud. For more details, visit my previous blog posts on SCIM and its use cases.
Introduction to SCIM : SCIM : Make it Fast, Cheap and Easy
SCIM Use Cases : 5 Things That Will Not be a Nightmare Anymore, If You Support SCIM
SCIM 2.0 Compliance Test Suite
This project is on implementing the SCIM 2.0 compliance test suite which can be run on both the cloud and on premise. In the test suite, it is intended to validate the supportability of a provided service provider, in terms of the SCIM 2.0 core specification and protocol specification.
The test suite generates a detailed analysis view and comprehensive report upon providing the server’s SCIM endpoint. The report includes the test results indicating the coverage percentage of each specification and a detailed view of the results of each test including requests sent by the test suite, expected response and the server response along with the indication whether a particular test is passed or not.
Working SCIM 2.0 Compliance Test Suite is available in below link.
Product : Compliance Test Suite 2.0
Proposal for the project can be found at the following link.
Proposal : Proposal 21: SCIM 2.0 Compliance Test Suite
Github link for the code of the project can be found in the following link.
Github Repo : scim2-compliance-test-suite
Merged code pull request can be found here.
Pull Request : Add SCIM 2.0 Compliance Test Suite #1
Patches worked on during the project is as below.
Link to Patches worked on : identity-inbound-provisioning-scim
Following screen-cast provides a demo run of the test suite on top of selected SCIM service provider.
Work Done (Test Coverage)
Following test cases are covered in the test suite implementation.
- /Users Endpoint : Create, Delete, Update, Patch, Get, Filter, Sort, Paginate, List
- /Groups Endpoint : Create, Delete, Update, Patch, Get, Filter, Sort, Paginate, List
- /Me Endpoint : Create, Delete, Update, Patch, Get,
- /ServiceProviderConfig Endpoint : Get
- /Schemas Endpoint : Get
- /ResourceType Endpoint : Get
- /Bulk Endpoint : Create
- Enterprise Extension : Create, Delete, Update, Patch, Get, Filter, Sort, Paginate, List
- Sub Tests : Required Attribute Test, Schema List Test, Attribute Mutability Test, All Groups In Test, All Users In Test, Pagination User Test, Pagination Group Test, Filter Content Test, Sort Users Test, Sort Groups Test
Value Adding Features
Test Report as PDF — A PDF test report will be generated by the end of test suite which includes the test results indicating the coverage percentage of each specification and a detailed view of the results of each test including requests sent by the test suite, expected response and the server response along with the indication whether a particular test is passed or not.
Add Custom Test Cases — The suite is developed with scalability in mind. Developers are welcome to add custom tests cases and improve the test suite.
The test suite can be expanded more by adding more test cases apart from the main test cases which have been implemented. Hence we are keeping the project as a an ongoing project and we highly value your contributions. We are open for PRs. For any clarifications, reach us through firstname.lastname@example.org
Finally, I would like to thank my mentors Omindu Rathnaweera (email@example.com), Darshana Gunawardana (firstname.lastname@example.org), Gayan Gunawardana(email@example.com) and WSO2 IS Team for the worthy guidance and immense support throughout the project.
Last but not least, my sincere gratitude should goes to WSO2 and Google for giving me this amazing opportunity to have a fruitful summer vacation.