Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Mapping SCIM Resource Types map attributes in a SCIM schema to native attributes found in data store entries, which provides a unified view of identity data found in multiple data stores. The Mapping SCIM Resource Type determines the attributes that can be accessed by a client application.
The attributes that comprise a Mapping SCIM Resource Type are defined by specifying a core schema and one or more schema extensions. The core schema defines attributes that may appear at the top level of a SCIM 2.0 resource exposed by the Mapping SCIM Resource Type while schema extensions define attributes that are namespaced by the schema's URI. Schema extensions may be configured as optional or required.
↓Direct Subcomponents
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage
The following Mapping SCIM Resource Types are available in the server :
These Mapping SCIM Resource Types inherit from the properties described below.
The Mapping SCIM Resource Type component inherits from the SCIM Resource Type
The following components have a direct composition relation from Mapping SCIM Resource Types:
The following components have a direct aggregation relation from Mapping SCIM Resource Types:
The properties supported by this managed object are as follows:
General Configuration Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ endpoint | |
↓ primary-store-adapter | |
↓ id-attribute | |
↓ lookthrough-limit | |
↓ schema-checking-option | |
↓ core-schema | |
↓ required-schema-extension | |
↓ optional-schema-extension | |
Authorization and Policies Basic Properties: | Advanced Properties: |
None | ↓ disable-response-processing |
Property Group | General Configuration |
Description | A description for this SCIM Resource Type |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Indicates whether the SCIM Resource Type is enabled. If a SCIM Resource Type is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The HTTP addressable endpoint of this SCIM Resource Type relative to the '/scim/v2' base URL. Do not include a leading '/'. |
Default Value | None |
Allowed Values | A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The primary Store Adapter to persist the data for this SCIM Resource Type. |
Default Value | None |
Allowed Values | The DN of any Store Adapter. The referenced Store Adapter must be enabled when this SCIM Resource Type is enabled. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Specifies the primary store adapter attribute to use as the value for the SCIM object ID. The object ID is a unique, immutable identifier for fetch, update and delete operations on an object. An object ID is obtained from an attribute value of the primary Store Adapter when a new object is created and this value is subsequently used to identify the object. Ideally, the object ID should be an immutable attribute. The 'entryUUID' attribute is a good choice for an LDAP Store Adapter. The 'entryDN' attribute may be used instead, however the LDAP entry DN is not immutable. It is also possible to specify the name of some other attribute provided during a create operation. A consideration in this latter case is that store adapter objects not created through the Store Adapter interface may not have a value for the ID attribute and cannot be managed through the Store Adapter. |
Default Value | entryUUID |
Allowed Values | The name of a store adapter attribute for the primary store adapter. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The maximum number of resources that the SCIM Resource Type should "look through" in the course of processing a search request. This setting is provided as a way to bound the upper-limit on searches, so that clients do not exhaust the server resources. Every search operation requires that the full result set be passed through the policy engine to determine which subset of resources will be returned. This is also important in order to provide the client with paging information, such as how many total results they are allowed to access. If the number of raw search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results. |
Default Value | 500 |
Allowed Values | An integer value. Lower limit is 1. Upper limit is 100000 . |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Options to alter the way schema checking is performed during create or modify requests. |
Default Value | None |
Allowed Values | allow-undefined-attributes - Allow undefined attributes in the SCIM resource. The default SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined attributes. allow-undefined-sub-attributes - Allow undefined sub-attributes in one or more values of a complex attribute. SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined sub-attributes. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The core schema enforced on core attributes at the top level of a SCIM resource representation exposed by thisMapping SCIM Resource Type. |
Default Value | None |
Allowed Values | The DN of any SCIM Schema. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Required additive schemas that are enforced on extension attributes in a SCIM resource representation for this Mapping SCIM Resource Type. |
Default Value | None |
Allowed Values | The DN of any SCIM Schema. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Optional additive schemas that are enforced on extension attributes in a SCIM resource representation for this Mapping SCIM Resource Type. |
Default Value | None |
Allowed Values | The DN of any SCIM Schema. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
disable-response-processing (Advanced Property)
Property Group | Authorization and Policies |
Description | Prevents the SCIM service from performing policy processing for responses. For create, modify, and replace requests, this will skip the subsequent "retrieve" policy call, always returning the created/modified resource after performing the operation. For search requests, this will skip the search result processing and return the list as it was received from the backend server. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured SCIM Resource Types:
dsconfig list-scim-resource-types [--property {propertyName}] ...
To view the configuration for an existing SCIM Resource Type:
dsconfig get-scim-resource-type-prop --type-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing SCIM Resource Type:
dsconfig set-scim-resource-type-prop --type-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Mapping SCIM Resource Type:
dsconfig create-scim-resource-type --type-name {name} --type mapping --set enabled:{propertyValue} --set endpoint:{propertyValue} --set primary-store-adapter:{propertyValue} --set core-schema:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing SCIM Resource Type:
dsconfig delete-scim-resource-type --type-name {name}