Hello,
in a customer project we use keycloak and need a SCIM (System for
Cross-domain Identity Management) API.
Currently we write a wrapper API and a custom endpoint providing the SCIM
functionality. We wrote a extension of the UserEntity, UserModel and an
extension of the JpaUserProvider.
This strategy seems not ideal and the nicest way is to add this extensions
to Keycloak. This is already suggested in
https://issues.jboss.org/browse/KEYCLOAK-2537
Is anybody out there who can guide me, what coding would be necessary to
contribute the SCIM functionality?
Currently I think we have to:
- extend the UserEntity with all SCIM attributes. This will result
in additional tables/entities for complex attributes e.g. Address, Name,
Email
- extend the UserModel to povide the additional attributes
- implement the new SCIM endpoint /Users
- make the additional attributes available via Admin REST API
/users
- extend views to be able to edit SCIM user attributes using the
web ui
-
- All the above again for the Groups endpoint
This also seem to be major changes. To big for one Pull Request. How do you
like to handle this?
Best regards,
Sebastian