This quickstart will cover everything you need to know to use the default ASP Identity store. This uses a nuget package from Rock Solid Knowledge that allows you to receive CRUD requests as a SCIM Service Provider that operate against your ASP Identity store.
Nuget Installation
install-package Rsk.AspNetCore.Scim.Identity -pre
Configuration
The current implementation will allow you to accept SCIM CRUD requests for the User
resource, with support for the Group
resource coming in the future. To do this, call AddScimDefaultResourcesForIdentityStore
on the returned IScimBuilder
from the AddScim
call within ConfigureServices
.
public void ConfigureServices(IServiceCollection services)
{
...
services.AddScim("/SCIM")
.AddScimDefaultResourcesForIdentityStore();
...
}
Mapped properties
The SCIM Core Schema specification defines properties that can not be one-to-one mapped to IdentityUser
. The Id
property will map directly to the Id
property on IdentityUser
& the Email
and PhoneNumber
properties will be populated with the first values in their respective arrays on the SCIM User. If the Active
flag is set to false on the SCIM User, the resulting IdentityUser
will have its LockoutEnabled
set to true
and a LockoutEnd
value will also be supplied.
Custom Identity User
If your solution utilizes an identity user that isn't the standard ASP Identity IdentityUser
, then you can register this against the SCIM library using the AddUserResourceWithDefaultIdentityEfStore
method. To be able to use this method the only extra piece you need to implement is a mapper that maps between the SCIM User and your identity user. This mapper must implement the IIdentityUserMappingService
interface.
If you need to map a custom SCIM resource to an IdentityUser
then you will need to implemenet a custom store. See the custom stores and validation documentation for more information
public class ExtendedIdentityUser : IdentityUser
{
...
}
public class Mapper : IIdentityUserMappingService<Rsk.AspNetCore.Scim.Models.User, ExtendedIdentityUser>
{
public Task<Rsk.AspNetCore.Scim.Models.User> ToResource(ExtendedIdentityUser identityUser)
{
...
}
public UserMappingResult<MyIdentityUser> ToIdentityUser(ScimURsk.AspNetCore.Scim.Models.User userResource)
{
...
}
}