Ping Identity PingAuthorize Server - Mapping SCIM Resource Type

PingAuthorize Server Documentation Index
Configuration Reference Home

Mapping SCIM Resource Type

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

Mapping SCIM Resource Types map attributes in a SCIM schema to native attributes found in data store entries, which provides a unified view of identity data found in multiple data stores. The Mapping SCIM Resource Type determines the attributes that can be accessed by a client application.

The attributes that comprise a Mapping SCIM Resource Type are defined by specifying a core schema and one or more schema extensions. The core schema defines attributes that may appear at the top level of a SCIM 2.0 resource exposed by the Mapping SCIM Resource Type while schema extensions define attributes that are namespaced by the schema's URI. Schema extensions may be configured as optional or required.

↓Direct Subcomponents
↓Parent Component
↓Relations from This Component
↓Properties
↓dsconfig Usage

Direct Subcomponents

The following Mapping SCIM Resource Types are available in the server :

These Mapping SCIM Resource Types inherit from the properties described below.

Parent Component

The Mapping SCIM Resource Type component inherits from the SCIM Resource Type

Relations from This Component

The following components have a direct composition relation from Mapping SCIM Resource Types:

Store Adapter Mapping

The following components have a direct aggregation relation from Mapping SCIM Resource Types:

SCIM Schema

Properties

The properties supported by this managed object are as follows:

General Configuration Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ endpoint
↓ primary-store-adapter
↓ id-attribute
↓ lookthrough-limit
↓ schema-checking-option
↓ core-schema
↓ required-schema-extension
↓ optional-schema-extension
Authorization and Policies Basic Properties:	Advanced Properties:
None	↓ disable-response-processing

Basic Properties

description

Property Group	General Configuration
Description	A description for this SCIM Resource Type
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Property Group	General Configuration
Description	Indicates whether the SCIM Resource Type is enabled. If a SCIM Resource Type is not enabled, then its contents are not accessible when processing operations.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

endpoint (Read-Only)

Property Group	General Configuration
Description	The HTTP addressable endpoint of this SCIM Resource Type relative to the '/scim/v2' base URL. Do not include a leading '/'.
Default Value	None
Allowed Values	A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

primary-store-adapter

Property Group	General Configuration
Description	The primary Store Adapter to persist the data for this SCIM Resource Type.
Default Value	None
Allowed Values	The DN of any Store Adapter. The referenced Store Adapter must be enabled when this SCIM Resource Type is enabled.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

id-attribute

Property Group	General Configuration
Description	Specifies the primary store adapter attribute to use as the value for the SCIM object ID. The object ID is a unique, immutable identifier for fetch, update and delete operations on an object. An object ID is obtained from an attribute value of the primary Store Adapter when a new object is created and this value is subsequently used to identify the object. Ideally, the object ID should be an immutable attribute. The 'entryUUID' attribute is a good choice for an LDAP Store Adapter. The 'entryDN' attribute may be used instead, however the LDAP entry DN is not immutable. It is also possible to specify the name of some other attribute provided during a create operation. A consideration in this latter case is that store adapter objects not created through the Store Adapter interface may not have a value for the ID attribute and cannot be managed through the Store Adapter.
Default Value	entryUUID
Allowed Values	The name of a store adapter attribute for the primary store adapter.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

lookthrough-limit

Property Group	General Configuration
Description	The maximum number of resources that the SCIM Resource Type should "look through" in the course of processing a search request. This setting is provided as a way to bound the upper-limit on searches, so that clients do not exhaust the server resources. Every search operation requires that the full result set be passed through the policy engine to determine which subset of resources will be returned. This is also important in order to provide the client with paging information, such as how many total results they are allowed to access. If the number of raw search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results.
Default Value	500
Allowed Values	An integer value. Lower limit is 1. Upper limit is 100000 .
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

schema-checking-option

Property Group	General Configuration
Description	Options to alter the way schema checking is performed during create or modify requests.
Default Value	None
Allowed Values	allow-undefined-attributes - Allow undefined attributes in the SCIM resource. The default SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined attributes. allow-undefined-sub-attributes - Allow undefined sub-attributes in one or more values of a complex attribute. SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined sub-attributes.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

core-schema

Property Group	General Configuration
Description	The core schema enforced on core attributes at the top level of a SCIM resource representation exposed by thisMapping SCIM Resource Type.
Default Value	None
Allowed Values	The DN of any SCIM Schema.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

required-schema-extension

Property Group	General Configuration
Description	Required additive schemas that are enforced on extension attributes in a SCIM resource representation for this Mapping SCIM Resource Type.
Default Value	None
Allowed Values	The DN of any SCIM Schema.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

optional-schema-extension

Property Group	General Configuration
Description	Optional additive schemas that are enforced on extension attributes in a SCIM resource representation for this Mapping SCIM Resource Type.
Default Value	None
Allowed Values	The DN of any SCIM Schema.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

Advanced Properties

disable-response-processing (Advanced Property)

Property Group	Authorization and Policies
Description	Prevents the SCIM service from performing policy processing for responses. For create, modify, and replace requests, this will skip the subsequent "retrieve" policy call, always returning the created/modified resource after performing the operation. For search requests, this will skip the search result processing and return the list as it was received from the backend server.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured SCIM Resource Types:

dsconfig list-scim-resource-types
     [--property {propertyName}] ...

To view the configuration for an existing SCIM Resource Type:

dsconfig get-scim-resource-type-prop
     --type-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing SCIM Resource Type:

dsconfig set-scim-resource-type-prop
     --type-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Mapping SCIM Resource Type:

dsconfig create-scim-resource-type
     --type-name {name}
     --type mapping
     --set enabled:{propertyValue}
     --set endpoint:{propertyValue}
     --set primary-store-adapter:{propertyValue}
     --set core-schema:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing SCIM Resource Type:

dsconfig delete-scim-resource-type
     --type-name {name}