This quickstart will cover what you need to know to add both authentication and authorization to your SCIM endpoints. The SCIM component will leverage the existing services that are introduced into your ASP.NET Core application by calling UseAuthentication
and UseAuthorization
.
Configuration
To add authorization and authentication to your SCIM endpoints, you need to call the UseAuthentication
method on IScimBuilder
returned from the AddScim
call. From there, you will need to pass through an authentication scheme for the SCIM component to use and optionally an authorization policy.
The example below shows calling the SCIM component with the CookieAuthenticationDefaults.AuthenticationScheme
for the authentication scheme, and a policy named "SalesOnly" that is created in the AddAuthorization
call.
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
services.AddAuthorization(options =>
{
options.AddPolicy("SalesOnly", policy =>
{
policy.RequireClaim("department", "sales");
});
});
services.AddScimServiceProvider("/SCIM", new ScimLicensingOptions("Demo", "eyJTb2xkRm9yIjowLjAsI .... "))
.AddScimDefaultResourcesForInMemoryStore()
.UseAuthentication(CookieAuthenticationDefaults.AuthenticationScheme, "SalesOnly");
}
public void Configure(IApplicationBuilder app)
{
app.UseAuthentication();
app.UseAuthorization();
app.UseScim();
}
}