Note: this is an abstract component that cannot be instantiated.
Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
SCIM Resource Types provide a unified view of identity data found in multiple data stores. The SCIM Resource Type determines the attributes that can be accessed by a client application.
↓Direct Subcomponents
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following SCIM Resource Types are available in the server :
These SCIM Resource Types inherit from the properties described below.
The following components have a direct composition relation from SCIM Resource Types:
The following components have a direct aggregation relation from SCIM Resource Types:
The following components have a direct aggregation relation to SCIM Resource Types:
The properties supported by this managed object are as follows:
General Configuration Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ endpoint | |
↓ primary-store-adapter | |
↓ id-attribute | |
↓ lookthrough-limit | |
↓ schema-checking-option | |
Authorization and Policies Basic Properties: | Advanced Properties: |
None | ↓ disable-response-processing |
Property Group | General Configuration |
Description | A description for this SCIM Resource Type |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Indicates whether the SCIM Resource Type is enabled. If a SCIM Resource Type is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The HTTP addressable endpoint of this SCIM Resource Type relative to the '/scim/v2' base URL. Do not include a leading '/'. |
Default Value | None |
Allowed Values | A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The primary Store Adapter to persist the data for this SCIM Resource Type. |
Default Value | None |
Allowed Values | The DN of any Store Adapter. The referenced Store Adapter must be enabled when this SCIM Resource Type is enabled. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Specifies the primary store adapter attribute to use as the value for the SCIM object ID. The object ID is a unique, immutable identifier for fetch, update and delete operations on an object. An object ID is obtained from an attribute value of the primary Store Adapter when a new object is created and this value is subsequently used to identify the object. Ideally, the object ID should be an immutable attribute. The 'entryUUID' attribute is a good choice for an LDAP Store Adapter. The 'entryDN' attribute may be used instead, however the LDAP entry DN is not immutable. It is also possible to specify the name of some other attribute provided during a create operation. A consideration in this latter case is that store adapter objects not created through the Store Adapter interface may not have a value for the ID attribute and cannot be managed through the Store Adapter. |
Default Value | entryUUID |
Allowed Values | The name of a store adapter attribute for the primary store adapter. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | The maximum number of resources that the SCIM Resource Type should "look through" in the course of processing a search request. This setting is provided as a way to bound the upper-limit on searches, so that clients do not exhaust the server resources. Every search operation requires that the full result set be passed through the policy engine to determine which subset of resources will be returned. This is also important in order to provide the client with paging information, such as how many total results they are allowed to access. If the number of raw search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results. |
Default Value | 500 |
Allowed Values | An integer value. Lower limit is 1. Upper limit is 100000 . |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Options to alter the way schema checking is performed during create or modify requests. |
Default Value | None |
Allowed Values | allow-undefined-attributes - Allow undefined attributes in the SCIM resource. The default SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined attributes. allow-undefined-sub-attributes - Allow undefined sub-attributes in one or more values of a complex attribute. SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined sub-attributes. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
disable-response-processing (Advanced Property)
Property Group | Authorization and Policies |
Description | Prevents the SCIM service from performing policy processing for responses. For create, modify, and replace requests, this will skip the subsequent "retrieve" policy call, always returning the created/modified resource after performing the operation. For search requests, this will skip the search result processing and return the list as it was received from the backend server. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured SCIM Resource Types:
dsconfig list-scim-resource-types [--property {propertyName}] ...
To view the configuration for an existing SCIM Resource Type:
dsconfig get-scim-resource-type-prop --type-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing SCIM Resource Type:
dsconfig set-scim-resource-type-prop --type-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To delete an existing SCIM Resource Type:
dsconfig delete-scim-resource-type --type-name {name}