Using Microsoft’s SCIM sample
There is reference code for the SCIM endpoint here and a Wiki here.
“SCIM is a standardized definition of two endpoints — a /Users endpoint and a /Groups endpoint. Using common REST verbs to create, update, and delete objects, and a pre-defined schema for common attributes like group name, username, first name, last name and email, apps that offer a SCIM 2.0 REST API can reduce or eliminate the pain of working with a proprietary user management API.”
The sample has two projects:
Microsoft.SCIM is the “engine” for SCIM provisioning that has the schema etc. The output is a class library i.e. a dll.
“The three main folders are Schemas, Controllers, and Protocol.
The Schemas folder includes:
- The models for the User and Group resources along with some abstract classes like Schematized for shared functionality.
- An Attributes folder which contains the class definitions for complex attributes of Users and Groups such as addresses.
The Service folder contains logic for actions relating to the way resources are queried and updated.
- The reference code has services to return users and groups.
- The controllers folder contains the various SCIM endpoints. Resource controllers include HTTP verbs to perform CRUD operations on the resource (GET, POST, PUT, PATCH, DELETE). Controllers rely on services to perform the actions.
The Protocol folder contains logic for actions relating to the way resources are returned according to the SCIM RFC such as:
- Returning multiple resources as a list.
- Returning only specific resources based on a filter.
- Turning a query into a list of linked lists of single filters.
- Turning a PATCH request into an operation with attributes pertaining to the value path.
- Defining the type of operation that can be used to apply changes to resource objects”.
Microsoft.SCIM.WebHostSample is a .NET Core MVC sample. It uses the above dll.
You can deploy your SCIM endpoint locally, host it in Azure, or any cloud provider that you choose.
I chose to do it locally.
I had no issues building the code in VS 2019.
Running the sample runs up a web site at:
that doesn’t actually appear to do anything.
The repository points to a Postman sample that you can use to play around with the code.
However, when you try and use the sample, it tells you that the sample is V1 and Postman only supports V2!
You can fix this by following this process.
In my case the command was:
postman-collection-transformer convert -i c:\downloads\scim.json -o c:\Temp\SCIM2.json -j 1.0.0 -p 2.0.0 -P
This provides a set of tests:
You need to set the following set of global variables:
Note that the API endpoint is /scim.
The first thing you need to do is get a token.
Run this returning:
Copy and paste the token value into the token global variable above.
Now lets create a user:
Notice the return code is “201 Created”.
But where is the user created?
The sample uses an InMemory model.
Looking at the “InMemoryUserProvider”, for creating a user:
The “Core2EnterpriseUser” etc. is all defined by the “engine”.
Remember it’s all in memory, so if you stop and restart the application, you have to recreate the user 😃
Looking at the create, we see:
So now let’s get a user using that ID:
and we can see that it returns the “BobIsAmazing” user.
Now let’s get all users:
And we see “totalResults = 1”.
Using the groups is similar.
If we wanted to use this e.g. to populate Azure AD B2C (that currently has no SCIM support), we would have to write another user provider that took the SCIM input, mapped the parameters from the SCIM schema to the B2C schema and then used the Graph API to write the user details to B2C.
All good!
