Supported
Jul. 04, 2024
Support for Multi-Tenancy.
See documentation for more information
Supported
Mar. 13, 2024
We created new abstractions for Authentication and Authorization, allowing greater control over how to authenticate and authorize based on the SCIM request.
See the documentation for more details.
Supported
Feb. 07, 2024
Supported
Sep. 26, 2023
Supported
Aug. 24, 2023
In this release, we've focused on updating our component to conform to the standards that Microsoft require for Azure AD integration. This includes a breaking change to the `IScimStore`. In addition to this, we have also implemented the BULK endpoint.
The SCIM component now passes all of the tests to support Azure AD SCIM integration. We used the SCIM validator provided by Microsoft to run tests against our SCIM component.
You can enable Azure AD SCIM integration in the component by setting the
EnableAzureAdCompatibility flag to true in the ScimServiceProviderConfigOptions.
When you set this flag to true, you enable support for Azure AD's provisioning of users and groups.
To pass the integration tests
There are a number of known integration problems when using the SCIM validation tool. These are issues that are now known by Microsoft, in their backlog and are working to be resolved.
When using the 'Discover Schema' functionality, you must update the mappings generated by the validation tool. The `primary` sub-attribute of the `phoneNumbers` attribute has a bug where a string is generated for the 'primary' value sent in a PATCH request to the SCIM component. You can set the `value` text box of the rows that refer to the `primary` sub-attribute so that the correct value is sent over the wire.
When using the 'Default Mappings' functionality, there are three erroneous mappings. These are:
The SCIM Validation tool sends two requests, one POST to create and one PATCH to modify using an add operation. The body looks like this:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "[email protected]"
}
{
"op": "add",
"path": "emails[type eq \"work\"].value",
"value": "email address removed for privacy reasons"
}
The initial request for this JSON doesn't include any items for the email property. When the filter evaluates, there are no items in the collection so adding a value to the 'value' property fails
The SCIM Validation tool sends two requests, one POST to create and one PATCH to modify using an `replace` operation. The body looks like this:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "[email protected]"
}
{
"op": "replace",
"path": "roles[primary eq true].type",
"value": "I6T3MZAC1HXV"
}
```
The initial request for this JSON doesn't include any items for the roles property. When the filter evaluates, there are no items in the collection so adding a value to the 'type' property fails
The SCIM Validation tool sends two requests, one POST to create and one PATCH to modify using an `replace` operation:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "[email protected]"
}
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager",
"value": ""
}
Due to the interpretation of the SCIM specifications, the SCIM Component is currently not set up to handle empty values for `replace` operations. Microsoft are aware of the differing interpretations around this operation and are working on allowing a toggle between a `remove` and `replace` operation in this context.
The SCIM component now supports the BULK endpoint. More documentation for this functionality can be found in the SCIM documentation
Supported
Aug. 22, 2023
Fixed issue with SCIM client not sending resource id in URL for update operation
Unsupported
May. 23, 2023
When updating a resource using PUT the id is expected to be in the URI not in the body
PUT /SCIM/Users/{id}
Supported
May. 18, 2023
Bugs
* Resolved bug that when generating the location for a resource, the PathBase was not being considered
Supported
Mar. 08, 2023
New Features
Bug fixes
Dropped support
Supported
Dec. 02, 2022
Provides a workaround for a bug in the Azure AD SCIM client when using a resource extension schema
Error: Missing extension schema(s) - xxxxxx "
New configuration option IgnoreMissingExtensionSchemas, set to true will resolve this issue
Supported
Nov. 29, 2022
Fixed issue of extension schemas not being returned from the schemas endpoint
Supported
Nov. 24, 2022
Filtering and paging users was not returning the correct totalResults.
Supported
Nov. 22, 2022
Supported
May. 11, 2022
Fixed issue, when creating a resource via POST, any extension schema attributes created by the store were not being returned in the POST response.
Supported
May. 09, 2022
The first non-preview release allows applications to be provisioned with User and Group information ahead of time, using the SCIM2 protocol. The component enables Azure AD and Okta to provision your applications with identity data.
Samples can be found here
Please report any issues to [email protected]
Our products and services for IdentityServer are loved by so many. Here are just a few...
We are proud to be a Certified B Corporation, meeting the highest standards of social and environmental impact.