admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#41668 SCIM 2e aanzet

Browse Source 
svn path=/Website/trunk/; revision=35216
This commit is contained in:
Jos Groot Lipman
2017-09-06 10:55:50 +00:00
parent 2882975134
commit e986a81b5f
10 changed files with 822 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
APPL/API2/api2.inc
View File

@@ -786,10 +786,12 @@ api2 = {
if (field.foreign.desc_is_unique) // Dan mag je die bij saven ook opgeven
{
field.typ = "sql";
newval = "(SELECT {0} FROM {1} WHERE {2} = {3})".format(field.foreign.key,
field.foreign.tbl,
field.foreign.desc,
safe.quoted_sql(newval.name));
var where = "{0} = {1}".format(field.foreign.desc, safe.quoted_sql(newval.name));
if (typeof field.foreign.desc_is_unique == "string")
where += " AND " + field.foreign.desc_is_unique;
newval = "(SELECT {0} FROM {1} WHERE {2})".format(field.foreign.key,
field.foreign.tbl,
where);
}
}
}

2
APPL/API2/api2_dispatch.inc
View File

@@ -105,7 +105,7 @@ var api2_mapper = {
"costtypegroups" : { "filename": "appl/mgt/prs_kostensoortgrp.asp" },
"costcentregroups" : { "filename": "appl/mgt/prs_kostenplaatsgrp.asp" },
"costcentres" : { "filename": "appl/mgt/prs_kostenplaats.asp" },
"persons" : { "filename": "appl/mgt/prs_perslid.asp", "nodoc": true },
"persons" : { "filename": "appl/api2/api_persons.asp", "nodoc": true },
"mandates" : { "filename": "appl/mgt/prs_perslidkostenplaats.asp" },
"relationtypes" : { "filename": "appl/mgt/prs_relatietype.asp" },
"employeefunctions" : { "filename": "appl/mgt/prs_srtperslid.asp" },

17
APPL/API2/api2_rest.inc
View File

@@ -587,8 +587,12 @@ api2_rest = {
// str_antwoord heeft nu het te versturen antwoord
// Bepaal eTag
var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
var eTag = '"' + oCrypto.hex_sha1(String(S("cache_changecounter")) + "_" + str_antwoord).toLowerCase() + '"';
var eTag = api2_rest.plugin.get_eTag({}, resultdata);
if (!eTag)
{
var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
var eTag = '"' + oCrypto.hex_sha1(String(S("cache_changecounter")) + "_" + str_antwoord).toLowerCase() + '"';
}
Response.AddHeader("ETag", eTag);
if (Request.ServerVariables("HTTP_IF_NONE_MATCH") == eTag)
{ // We hebben een match! Effectief besparen wel alleen op dataverkeer, de queries zijn al geweest
@@ -850,6 +854,15 @@ api2_rest = {
outdata = hook.transform_outgoing(params, data);
hook = null;
return outdata;
},
get_eTag: function(params, data)
{
var outdata = null;
var hook = api2_rest.find_plugin();
if ("get_eTag" in hook)
outdata = hook.get_eTag(params, data);
hook = null;
return outdata;
}
}
}

26
APPL/API2/api_persons.asp Normal file
View File

@@ -0,0 +1,26 @@
<%@ language = "JavaScript" %>
<% /*
$Revision$
$Id$
File: api_persons.asp
Description: ALG_GEBOUW API
Parameters:
Context: Door een remote systeem (geen persoon) om info uit FACILITOR te halen aan te roepen
Notes: Eigen bestand zodat we internal: true kunnen meegeven
*/
DOCTYPE_Disable = true;
ANONYMOUS_Allowed = 1; // Eigenlijk niet waar. We regelen echter alles zelf
THIS_FILE = "appl/api/api_persons.asp";
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="./api2_rest.inc" -->
<!-- #include file="../Shared/json2.js" -->
<!-- #include file="./model_prs_perslid.inc" -->
<%
var perslid = new model_prs_perslid({ internal: true }); // internal zodat PUT/POST/DELETE ook kunnen
api2_rest.process(perslid);
%>

13
APPL/API2/model_prs_perslid.inc
View File

@@ -51,11 +51,11 @@ function model_prs_perslid(params)
+ " AND fac_audit_waarde_oud IN ('{1}')"
}
};
this.softdelete = true;
this.soft_delete = "prs_perslid_verwijder";
this.primary = "prs_perslid_key";
this.record_title = L("prs_perslid");
this.records_title = L("prs_perslid_m");
this.autfunction = false; // we controleren zelf
this.autfunction = params.internal?false:"WEB_PRSSYS"; // we controleren zelf
this.fields = {
"id": {
@@ -131,6 +131,12 @@ function model_prs_perslid(params)
"typ": "varchar",
"filter": "exact"
},
"externallogin": {
"dbs": "prs_perslid_externoslogin",
"label": L("prs_perslid_externoslogin"),
"typ": "varchar",
"filter": "exact"
},
"employment": {
"dbs": "prs_perslid_dienstverband",
"label": L("lcl_prs_person_dienstverband"),
@@ -160,7 +166,7 @@ function model_prs_perslid(params)
"tbl": "prs_srtperslid",
"key": "prs_srtperslid_key",
"desc": "prs_srtperslid_omschrijving",
"desc_is_unique": true
"desc_is_unique": "prs_srtperslid_verwijder IS NULL"
}
},
"profile": {
@@ -300,6 +306,7 @@ function model_prs_perslid(params)
return json;
};
// We willen vooral dat je via Admin/Autorisatie personen niet met API kunt bewerken
if (params.internal) // bijvoorbeeld idp die personen kan aanmaken
{
this.REST_POST = generic_REST_POST(this);

205
APPL/API2/plugins/scimusers.wsc
View File

@@ -28,6 +28,10 @@
<PARAMETER name="params"/>
<PARAMETER name="data"/>
</method>
<method name="get_eTag">
<PARAMETER name="params"/>
<PARAMETER name="data"/>
</method>
</public>
<script language="javascript">
@@ -56,113 +60,132 @@ function initialize(params)
function transform_filter(filter)
{
filter.limit = filter.count;
if ("count" in filter)
filter.limit = filter.count;
return filter;
}
function get_eTag(params, data)
{
if (data && typeof data == "object" && "meta" in data)
return data.meta.version;
return null;
}
// We krijgen bijvoorbeeld: {"RMS":[1,-10,-11,-12,-13,-14,-15,-16,-17,2,3,-4,-5,-6,-7,-8,-9]}
// Als het object aan staat wordt de id opgeleverd, anders -id
function transform_incoming(params, data)
{
var result = [];
if (!("RMS" in data))
return null;
for (var obj in data.RMS)
//FCLT.DEZE.__DoLog(data);
var person =
{
var fw = data.RMS[obj];
var state = fw > 0 ? "1": "0";
var fw_id = "FW" + String(Math.abs(fw));
var sql = "SELECT ins_deel_key"
+ " FROM ins_deel"
+ " WHERE ins_deel_verwijder IS NULL"
+ " AND ins_srtdeel_key = " + scimusers_srtdeel_key
+ " AND ins_deel_omschrijving = " + FCLT.safe.quoted_sql(fw_id);
var oRs = FCLT.Oracle.Execute(sql);
if (!oRs.Eof)
{
result.push({
"id": oRs("ins_deel_key").Value,
"state": state
//"statedate": "2014-07-08T15:29:31Z",
})
}
oRs.Close()
login : data["userName"],
externallogin: data["userName"],
externalid : data["externalId"],
name : data["name"]["displayName"],
lastname : data["name"]["familyName"],
firstname : data["name"]["givenName"]
};
person["function"] = { name: data["userType"] } // id mag achterwege blijven omdat desc_is_unique
if (data["emails"].length)
{
person.email = data["emails"][0].value; // type:work/primary:true opzoeken ?
}
return { objects: result };
if (data["phoneNumbers"].length)
{
person.phone = data["phoneNumbers"][0].value; // type:work/primary:true opzoeken ?
}
// groepen negeren we nog
//FCLT.DEZE.__DoLog(person);
return { person: person };
}
function transform_one_person(params, person)
{
FCLT.DEZE.__Log(person);
var unique = FCLT.DEZE.customerId + "_person_" + String(person.id);
var oneuser = {
"userName":person.externallogin || person.login,
"externalId":person.externalid,
"id":unique,
"name":{
"formatted":person.name,
"familyName":person.lastname,
"givenName":person.firstname
},
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"displayName":person.name,
"meta":{
"created":person.created,
"lastModified":person.lastchange,
"location":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Users/" + unique,
"resourceType":"User"
},
"userType":person["function"].name,
"emails":[
{
"value":person.email,
"type":"work",
"primary":true
}
],
"phoneNumbers":[
{
"value":person.phone,
"type":"work",
"primary":true
}
],
"groups":[]
}
var allgroups = [];
for (var j = 0; j < person.authorization.length; j++)
{
var group = person.authorization[j];
var unique = FCLT.DEZE.customerId + "_authorization_" + String(group.authorizationgroup.id);
oneuser.groups.push({
"value":unique,
"$ref":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Groups/" + unique,
"display":group.authorizationgroup.name
})
}
var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(oneuser)).toLowerCase() + '"';
oneuser.meta["version"] = "W/" + eTag; // Weak eTag?
return oneuser;
}
function transform_outgoing(params, data)
{
var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
var allusers = [];
for (var i = 0; i < data.persons.length; i++)
if ("person" in data)
{
var person = data.persons[i];
var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(person)).toLowerCase() + '"';
// if (allusers.length > 9)
// break;
FCLT.DEZE.__DoLog(person);
var unique = FCLT.DEZE.customerId + "_person_" + String(person.id);
var oneuser = {
"userName":person.login,
// "externalId":person.login, deze is aangeleverd door het externe systeem, person.externalid VARCHAR(320)
"id":unique,
"name":{
"formatted":person.name,
"familyName":person.lastname,
"givenName":person.firstname
},
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"displayName":person.name,
"meta":{
"created":person.created,
"lastModified":person.lastchange,
"location":FCLT.DEZE.HTTP.urlzelf() + "/SCIM/Users/" + unique,
"version":"W/" + eTag, // Weak eTag?
"resourceType":"User"
},
"userType":person["function"].name,
"emails":[
{
"value":person.email,
"type":"work",
"primary":true
}
],
"phoneNumbers":[
{
"value":person.phone,
"type":"work",
"primary":true
}
],
"groups":[]
}
var allgroups = [];
for (var j = 0; j < person.authorization.length; j++)
{
var group = person.authorization[j];
var unique = FCLT.DEZE.customerId + "_authorization_" + String(group.authorizationgroup.id);
oneuser.groups.push({
"value":unique,
"$ref":FCLT.DEZE.HTTP.urlzelf() + "/SCIM/Groups/" + unique,
"display":group.authorizationgroup.name
})
}
allusers.push(oneuser);
var oneperson = transform_one_person(params, data.person);
return oneperson;
}
if ("persons" in data)
{
var allusers = [];
for (var i = 0; i < data.persons.length; i++)
{
if (params.limit && allusers.length > params.limit)
break;
var person = data.persons[i];
allusers.push(transform_one_person(params, person));
}
return {
"totalResults": allusers.length,
"itemsPerPage": 10,
"startIndex": 1,
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources": allusers
};
return {
"totalResults": allusers.length,
"itemsPerPage": 10,
"startIndex": 1,
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources": allusers
};
}
}
]]>

8
APPL/FAC/fac_rewrite.config
View File

@@ -43,8 +43,14 @@
<action type="Rewrite" url="default.asp?u=melding&amp;k={R:1}" appendQueryString="true" />
</rule>
<!-- SCIM/Users/UWVA_person_2122 -->
<rule name="SCIMUser" stopProcessing="true">
<match url="^appl/SCIM/Users/.*_person_(\d+)" />
<action type="Rewrite" url="default.asp?api2=persons&amp;id={R:1}&amp;format=json&amp;plugin=scimusers&amp;include=lastchange,authorization" appendQueryString="true" />
</rule>
<rule name="SCIMUsers" stopProcessing="true">
<match url="^SCIM/Users" />
<match url="^appl/SCIM/Users" />
<action type="Rewrite" url="default.asp?api2=persons&amp;format=json&amp;plugin=scimusers&amp;include=lastchange,authorization" appendQueryString="true" />
</rule>
<!--

44
APPL/SCIM/ResourceTypes/default.asp Normal file
View File

@@ -0,0 +1,44 @@
{
"totalResults": 2,
"itemsPerPage": 10,
"startIndex": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"endpoint": "\/Users",
"description": "User Account",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"required": true
}
],
"meta": {
"location": "https:\/\/example.com\/v2\/ResourceTypes\/User",
"resourceType": "ResourceType"
}
},
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "Group",
"name": "Group",
"endpoint": "\/Groups",
"description": "Group",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"meta": {
"location": "https:\/\/example.com\/v2\/ResourceTypes\/Group",
"resourceType": "ResourceType"
}
}
]
}

562
APPL/SCIM/Schemas/default.asp Normal file
View File

@@ -0,0 +1,562 @@
{
"totalResults": 3,
"itemsPerPage": 10,
"startIndex": 1,
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources": [{
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "User Account",
"attributes": [{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.",
"required": true,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "server"
},
{
"name": "name",
"type": "complex",
"multiValued": false,
"description": "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.",
"required": false,
"subAttributes": [{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "displayName",
"type": "string",
"multiValued": false,
"description": "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "title",
"type": "string",
"multiValued": false,
"description": "The user's title, such as \"Vice President.\"",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "userType",
"type": "string",
"multiValued": false,
"description": "Used to identify the relationship between the organization and the user. Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp', 'External', and 'Unknown', but any value may be used.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "preferredLanguage",
"type": "string",
"multiValued": false,
"description": "Indicates the User's preferred written or spoken language. Generally used for selecting a localized user interface; e.g., 'en_US' specifies the language English and country US.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "locale",
"type": "string",
"multiValued": false,
"description": "Used to indicate the User's default location for purposes of localizing items such as currency, date time format, or numerical representations.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "timezone",
"type": "string",
"multiValued": false,
"description": "The User's time zone in the 'Olson' time zone database format, e.g., 'America\/Los_Angeles'.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the User's administrative status.",
"required": false,
"mutability": "readWrite",
"returned": "default"
},
{
"name": "password",
"type": "string",
"multiValued": false,
"description": "The User's cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password.",
"required": false,
"caseExact": false,
"mutability": "writeOnly",
"returned": "never",
"uniqueness": "none"
},
{
"name": "emails",
"type": "complex",
"multiValued": true,
"description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
"required": false,
"subAttributes": [{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'work' or 'home'.",
"required": false,
"caseExact": false,
"canonicalValues": ["work",
"home",
"other"],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "phoneNumbers",
"type": "complex",
"multiValued": true,
"description": "Phone numbers for the User. The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.",
"required": false,
"subAttributes": [{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Phone number of the User.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.",
"required": false,
"caseExact": false,
"canonicalValues": ["work",
"home",
"mobile",
"fax",
"pager",
"other"],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}],
"mutability": "readWrite",
"returned": "default"
},
{
"name": "photos",
"type": "complex",
"multiValued": true,
"description": "URLs of photos of the User.",
"required": false,
"subAttributes": [{
"name": "value",
"type": "reference",
"referenceTypes": ["external"],
"multiValued": false,
"description": "URL of a photo of the User.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, i.e., 'photo' or 'thumbnail'.",
"required": false,
"caseExact": false,
"canonicalValues": ["photo",
"thumbnail"],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred photo or thumbnail. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}],
"mutability": "readWrite",
"returned": "default"
},
{
"name": "groups",
"type": "complex",
"multiValued": true,
"description": "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.",
"required": false,
"subAttributes": [{
"name": "value",
"type": "string",
"multiValued": false,
"description": "The identifier of the User's group.",
"required": false,
"caseExact": false,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "$ref",
"type": "reference",
"referenceTypes": ["User",
"Group"],
"multiValued": false,
"description": "The URI of the corresponding 'Group' resource to which the user belongs.",
"required": false,
"caseExact": false,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'direct' or 'indirect'.",
"required": false,
"caseExact": false,
"canonicalValues": ["direct",
"indirect"],
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}],
"mutability": "readOnly",
"returned": "default"
}],
"meta": {
"resourceType": "Schema",
"location": "\/v2\/Schemas\/urn:ietf:params:scim:schemas:core:2.0:User"
}
},
{
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"name": "Group",
"description": "Group",
"attributes": [{
"name": "displayName",
"type": "string",
"multiValued": false,
"description": "A human-readable name for the Group. REQUIRED.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "members",
"type": "complex",
"multiValued": true,
"description": "A list of members of the Group.",
"required": false,
"subAttributes": [{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Identifier of the member of this Group.",
"required": false,
"caseExact": false,
"mutability": "immutable",
"returned": "default",
"uniqueness": "none"
},
{
"name": "$ref",
"type": "reference",
"referenceTypes": ["User",
"Group"],
"multiValued": false,
"description": "The URI corresponding to a SCIM resource that is a member of this Group.",
"required": false,
"caseExact": false,
"mutability": "immutable",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the type of resource, e.g., 'User' or 'Group'.",
"required": false,
"caseExact": false,
"canonicalValues": ["User",
"Group"],
"mutability": "immutable",
"returned": "default",
"uniqueness": "none"
}],
"mutability": "readWrite",
"returned": "default"
}],
"meta": {
"resourceType": "Schema",
"location": "\/v2\/Schemas\/urn:ietf:params:scim:schemas:core:2.0:Group"
}
},
{
"id": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"name": "EnterpriseUser",
"description": "Enterprise User",
"attributes": [{
"name": "employeeNumber",
"type": "string",
"multiValued": false,
"description": "Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "costCenter",
"type": "string",
"multiValued": false,
"description": "Identifies the name of a cost center.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "organization",
"type": "string",
"multiValued": false,
"description": "Identifies the name of an organization.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "division",
"type": "string",
"multiValued": false,
"description": "Identifies the name of a division.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "department",
"type": "string",
"multiValued": false,
"description": "Identifies the name of a department.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "manager",
"type": "complex",
"multiValued": false,
"description": "The User's manager. A complex type that optionally allows service providers to represent organizational hierarchy by referencing the 'id' attribute of another User.",
"required": false,
"subAttributes": [{
"name": "value",
"type": "string",
"multiValued": false,
"description": "The id of the SCIM resource representing the User's manager. REQUIRED.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "$ref",
"type": "reference",
"referenceTypes": ["User"],
"multiValued": false,
"description": "The URI of the SCIM resource representing the User's manager. REQUIRED.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "displayName",
"type": "string",
"multiValued": false,
"description": "The displayName of the User's manager. OPTIONAL and READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}],
"mutability": "readWrite",
"returned": "default"
}],
"meta": {
"resourceType": "Schema",
"location": "\/v2\/Schemas\/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
}
}]
}

37
APPL/SCIM/ServiceProviderConfig/default.asp Normal file
View File

@@ -0,0 +1,37 @@
{
"patch": {
"supported": false
},
"bulk": {
"maxOperations": 0,
"maxPayloadSize": 0,
"supported": false
},
"filter": {
"maxResults": 0,
"supported": false
},
"changePassword": {
"supported": false
},
"sort": {
"supported": false
},
"etag": {
"supported": true
},
"authenticationSchemes": [
{
"name": "HTTP Basic",
"description":
"Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "http://example.com/help/httpBasic.html",
"type": "httpbasic"
}
],
"schemas": [
"urn:scim:schemas:core:1.0",
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
]
}