[keycloak-dev] SCIM v2 support
Stian Thorgersen
sthorger at redhat.com
Mon Sep 3 06:21:20 EDT 2018
Adding additional attributes to user entity is probably not the way to go.
Rather, it would be better for backwards compatibility to simply use
generic key/value attributes which the user entity already has.
Implementing the SCIM endpoints is probably pretty straightforward. Most of
the work will probably be down to testing and documentation.
On Wed, 29 Aug 2018 at 13:28, Lösch, Sebastian <
Sebastian.Loesch at governikus.de> wrote:
> Hello,
>
>
>
> in a customer project we use keycloak and need a SCIM (System for
> Cross-domain Identity Management) API.
>
> Currently we write a wrapper API and a custom endpoint providing the SCIM
> functionality. We wrote a extension of the UserEntity, UserModel and an
> extension of the JpaUserProvider.
>
> This strategy seems not ideal and the nicest way is to add this extensions
> to Keycloak. This is already suggested in
> https://issues.jboss.org/browse/KEYCLOAK-2537
>
> Is anybody out there who can guide me, what coding would be necessary to
> contribute the SCIM functionality?
>
>
>
> Currently I think we have to:
>
> - extend the UserEntity with all SCIM attributes. This will result
> in additional tables/entities for complex attributes e.g. Address, Name,
> Email
>
> - extend the UserModel to povide the additional attributes
>
> - implement the new SCIM endpoint /Users
>
> - make the additional attributes available via Admin REST API
> /users
>
> - extend views to be able to edit SCIM user attributes using the
> web ui
>
> - …
>
> - All the above again for the Groups endpoint…
>
>
>
> This also seem to be major changes. To big for one Pull Request. How do you
> like to handle this?
>
>
>
> Best regards,
>
> Sebastian
>
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list