2

My requirement is to implement SCIM 2.0 server for Spring Boot application which supports SAML for OKTA authentication.

I haven't found any library provided by Spring Boot for SCIM sever and neither the documentation exists for it in Spring's Repos.

I have found some third party implementations like Better Cloud SCIM 2.0 or WSO2 Charon etc. But should I use those third party implementations ? Because what if their git hub repos are messed up later or we may not get our issues resolved.

Also if there does not exist any documentation for SCIM server implementation in Spring Boot. Then should it just be treated as implementing other restful APIs ?

Any help on this will be much appreciated.

gbhati
  • 493
  • 1
  • 8
  • 20

2 Answers2

3

I'm watching over my company's SCIM API. So far what I have seen is there's no Spring official library and you should stick to the protocol description to provide your implementation (see more here: https://www.rfc-editor.org/rfc/rfc7644).

Despite the lack of an official Spring Boot library (that would be cool, I agree!), I'm using this thirty party library: https://github.com/pingidentity/scim2. It has all the resources you need to expose your endpoints for users operations as well as filtering when getting users, that can become quite complicated implementing from scratch as the specification provides a quite extensive query language for it.

Community
  • 1
  • 1
cristianoms
  • 3,456
  • 3
  • 26
  • 28
  • So, I wonder, as I can not figure out this: Should one copy the code from this library and probably edit some source code (as needed) and then use it? or is it meant to extend/customize using some additional parameter/configuration/sub-classes etc? i.e. how to use it to enable scim2 in my existing service provider server instance? – Nitin Oct 28 '21 at 13:47
  • Hey @Nitin, unless you really required some level of customisation, I'd advice to stick with the standard library. – cristianoms Nov 08 '21 at 08:29
  • Thanks @cristianoms. I got some more understanding of it now. Some more questions, It will surely need some customizations (when using with existing server, to provision scims), isn't it? i.e. the existing server already have some user/group table-schemas and apis around it, and the exposed endpoints from library are required to do some concrete CRUD operations in existing schema (so some changes might be required there) and should not be left as is or whatever out-of-the-box (stubs/dummy) operations are given there in the library? Have I understood it right or not? Any links for further help? – Nitin Nov 08 '21 at 14:15
  • 1
    Hey @Nitin, SCIM is just a protocol. So what you'd have to do is expose its endpoints in the standard way (by using the aforementioned lib or any other available) and then plug that interface into your business logic with all the customisation you might need. Hope that shed some extra light to the discussion. – cristianoms Mar 15 '22 at 10:37
2

Open source version for a lightweight SCIM spring-boot server.

https://bitbucket.org/wouter29/personify-scim-server/src

For using SAML, a custom java authentication filter can be plugged in, because only Basic and Bearer tokens are implemented. Don't know if SAML is even mentioned in the specs/RFC

Storage layer can be chosen : ldap, mongo, postgres or MySQL.

Wally VDB
  • 11
  • 2