The lui2 backend component implements a scim endpoint to provide access to resources handled by didmos2. The RESTful interface is used to standardise the usage of this endpoint.

Supported HTTP Methods


GETRetrieves one or more resources (e.g. Users/Groups)
POSTCreates new resources
DELETEDeletes a resource
PATCHModifies a resource supporting changes via add, modify, replace


Resource types

The following resources can be managed via the scim endpoint.

User

Groups


Organization


Authentication

The following types of authentication are implmented to allow access to this endpoint

Basic Authentication

Authenticate via username and password. Since this authentication is run against the internal database, the credentials have to be the didmosUUID of a user present in the system, along with his password.

The string has to be hase64 encoded and username and password have to be seperated by ':'.

OpenID ConnectAuthentication against an OpenID Connect Provider. Which can either be the internal authentication module of didmos2 or an external provider.


Endpoint

https://{hostname}/lui2_backend/v2

Requests

GET

Get information on a existing resource

URL/{resource}/{id}/

resource: The resource can be one of the set of resource types

id: Unique id of the entry in the database

HTTP-Method

GET
Body--
Result
Status 200

Returns information in Scim format.

For examples see ExampleSection below.


Get information on a set of resources according to a filter

URL/{resource}/?filter={filter}

resource: The resource can be one of the set of resource types

filter: A filter string according to Section 3.4.2.2 in the scim standard RFC 7644

HTTP-MethodGET
Body--
Result
Status 200

The response is a list of all entries in the directory which meet the requirements of the filter and the requestor has read permissions on.

Returns information in Scim format.

For examples see ExampleSection below.


Return Codes


200Success
401Unauthorised
500Internal Server Error


POST

Create a new resource

URL

/{resource}/{node_dn}/

/{resource}/

The node_dn is the dn of the entry under which the resource shall be created.

If no node_dn is specified a standard value will be used.

HTTP-MethodPOST
Body
Scimv2

Adds all given information to the entry. If there is no mapping defined for a given attribute,

it will be ignored.

Result

Status 200 

Returns the newly created entry in Scim format.

For examples see ExampleSection below.

Return Codes


200Success
400Provided message body did not match requirements
401Unauthorised
403Forbidden
419A username was provided and is already existing in the database (only if creating resources of type User)
500Internal Server Error


Delete

Delete a resource


URL/{resource}/{id}/id: Unique id of the entry in the database
HTTP-MethodDELETE
Body-
ResultStatus 200


Return Codes


200Success
401Unauthorised
403Forbidden
404The given id did not match any entry in the database
500Internal Server Error


PATCH

Modify an existing resource entry

URL/{resource}/{id}/id: Unique id of the entry in the database
HTTP-MethodPATCH
Body
{"schemas":
["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "add",
"value": {"email": [
{
"value": "max@muster.de",
"type": "home"
}
]
}
}
]
}
The body must contain a schema specification as well as a list of operations, which should be executed together with the values that should be modified.
ResultStatus 200


Return Codes


200Success
400Provided message body did not match requirements
401Unauthorised
403Forbidden
500Internal Server Error


Example Section

All example requests are written as curl commands.

Getting information on a existing resource

Requestcurl 'https://didmos2-backend.local/lui2_backend/v2/User/00000000-0000-0000-0000-000000010003/' -H 'Content-Type: application/json' -H 'Authorization: Bearer 99775a6f21864815ba1e01dbbbc3c049'
Result

{
    "name": {
        "formatted": "Super Admin",
        "familyName": "Admin",
        "givenName": "Super"
    },
    "location": [
        {
            "de": "dc=de"
        },
        {
            "didmos": "dc=didmos,dc=de"
        },
        {
            "default-tenant": "ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "data": "ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "people": "ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "00000000-0000-0000-0000-000000010003": "didmosUUID=00000000-0000-0000-0000-000000010003,ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
        }
    ],
    "id": "00000000-0000-0000-0000-000000010003",
    "displayName": "Super Admin",
    "userType": "local",
    "groups": [],
    "urn:scim:schemas:custom:daasi:lui:2.0": {
        "adminAccess": false,
        "roles": []
    },
    "meta": {
        "created": "20190731093903Z",
        "modified": "20190731093903Z",
        "urn:scim:schemas:custom:daasi:lui:2.0": {
            "operations": {
                "entry": [
                    "delete",
                    "modify-add",
                    "modify-del",
                    "modify-replace",
                    "read",
                    "write"
                ],
                "attributes": {}
            }
        }
    }
}

Getting information on a set of resources using a filter

Requestcurl 'https://didmos2-backend.local/lui2_backend/v2/User/?filter=displayName eq Admin' -H 'Content-Type: application/json' -H 'Authorization: Bearer 99775a6f21864815ba1e01dbbbc3c049'
Result

{"Resources": [
    {
        "name": {
            "formatted": "Super Admin",
            "familyName": "Admin",
            "givenName": "Super"
        },
        "location": [
            {
                "de": "dc=de"
            },
            {
                "didmos": "dc=didmos,dc=de"
            },
            {
                "default-tenant": "ou=default-tenant,dc=didmos,dc=de"
            },
            {
                "data": "ou=data,ou=default-tenant,dc=didmos,dc=de"
            },
            {
                "people": "ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
            },
            {
                "00000000-0000-0000-0000-000000000002": "didmosUUID=00000000-0000-0000-0000-000000000002,ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
            }
        ],
        "id": "00000000-0000-0000-0000-000000000002",
        "userName": "superadmin",
        "displayName": "Super Admin",
        "active": true,
        "userType": "local",
        "groups": [],
        "urn:scim:schemas:custom:daasi:lui:2.0": {
            "adminAccess": true,
            "roles": [
                "standarduser",
                "superadmin"
            ]
        },
        "meta": {
            "urn:scim:schemas:custom:daasi:lui:2.0": {
                "operations": {
                    "entry": [
                        "read",
                        "write",
                        "modify-add",
                        "modify-del",
                        "modify-replace",
                        "delete"
                    ],
                    "attributes": {}
                }
            }
        }
    }
]
}

Create a new resource

Requestcurl -X POST 'https://didmos2-backend.local/lui2_backend/v2/User/' -H 'Content-Type: application/json' -H 'Authorization: Bearer 99775a6f21864815ba1e01dbbbc3c049' --data '{"name":{"givenName":"Test","familyName":"User"}}'
Result

{
    "name": {
        "formatted": "Test User",
        "familyName": "User",
        "givenName": "Test"
    },
    "location": [
        {
            "de": "dc=de"
        },
        {
            "didmos": "dc=didmos,dc=de"
        },
        {
            "default-tenant": "ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "data": "ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "people": "ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "a110d949-b071-45a6-944e-5d60afd1de1f": "didmosUUID=a110d949-b071-45a6-944e-5d60afd1de1f,ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
        }
    ],
    "id": "a110d949-b071-45a6-944e-5d60afd1de1f",
    "userName": "user167i",
    "displayName": "Test User",
    "active": true,
    "userType": "local",
    "meta": {
        "urn:scim:schemas:custom:daasi:lui:2.0": {
            "operations": {
                "didmosUUID=a110d949-b071-45a6-944e-5d60afd1de1f,ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de": {
                    "entry": [
                        "delete",
                        "modify-add",
                        "modify-del",
                        "modify-replace",
                        "read",
                        "write"
                    ],
                    "attributes": {}
                }
            }
        }
    }
}

Create a new resource under a specific dn

Requestcurl -X POST 'https://didmos2-backend.local/lui2_backend/v2/User/ou=data,ou=default-tenant,dc=didmos,dc=de/' -H 'Content-Type: application/json' -H 'Authorization: Bearer 99775a6f21864815ba1e01dbbbc3c049' --data '{"name":{"givenName":"Test","familyName":"User"}}'
Result

{
    "name": {
        "formatted": "Test User",
        "familyName": "User",
        "givenName": "Test"
    },
    "location": [
        {
            "de": "dc=de"
        },
        {
            "didmos": "dc=didmos,dc=de"
        },
        {
            "default-tenant": "ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "data": "ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "3b9a1e4e-e257-4038-8e87-2870b8b82170": "didmosUUID=3b9a1e4e-e257-4038-8e87-2870b8b82170,ou=data,ou=default-tenant,dc=didmos,dc=de"
        }
    ],
    "id": "3b9a1e4e-e257-4038-8e87-2870b8b82170",
    "userName": "user216a",
    "displayName": "Test User",
    "active": true,
    "userType": "local",
    "meta": {
        "urn:scim:schemas:custom:daasi:lui:2.0": {
            "operations": {
                "didmosUUID=3b9a1e4e-e257-4038-8e87-2870b8b82170,ou=data,ou=default-tenant,dc=didmos,dc=de": {
                    "entry": [
                        "delete",
                        "modify-add",
                        "modify-del",
                        "modify-replace",
                        "read",
                        "write"
                    ],
                    "attributes": {}
                }
            }
        }
    }
}

Delete a resource


Requestcurl -X DELETE 'https://didmos2-backend.local/lui2_backend/v2/User/3b9a1e4e-e257-4038-8e87-2870b8b82170/' -H 'Content-Type: application/json' -H 'Authorization: Bearer 99775a6f21864815ba1e01dbbbc3c049'
Result-

Modify an existing resource entry

Request

 curl -X PATCH 'https://didmos2-backend.local/lui2_backend/v2/User/00000000-0000-0000-0000-000000010000/' -H 'Content-Type: application/json' -H 'Authorization: Bearer 99775a6f21864815ba1e01dbbbc3c049' 

--data '{"schemas": "urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations": [{"op": "add","value": {"email": [ {"value": "max@muster.de","type": "home"}]}}]}'

Result

{
    "name": {
        "formatted": "Super Admin",
        "familyName": "Admin",
        "givenName": "Super"
    },
    "location": [
        {
            "de": "dc=de"
        },
        {
            "didmos": "dc=didmos,dc=de"
        },
        {
            "default-tenant": "ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "data": "ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "people": "ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
        },
        {
            "00000000-0000-0000-0000-000000010000": "didmosUUID=00000000-0000-0000-0000-000000010000,ou=people,ou=data,ou=default-tenant,dc=didmos,dc=de"
        }
    ],
    "id": "00000000-0000-0000-0000-000000010000",
    "displayName": "Super Admin",
    "userType": "local",
    "email": "max@muster.de",
    "emails": [
        {
            "value": "max@muster.de"
        }
    ],
    "meta": {
        "created": "20190731093903Z",
        "modified": "20190801082749Z"
    }
}

  • No labels