Ping Identity PingAuthorize Server - Pass Through SCIM Resource Type

PingAuthorize Server Documentation Index
Configuration Reference Home

Pass Through SCIM Resource Type

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

Pass Through SCIM Resource Types expose a primary Store Adapter's data as core attributes of a SCIM 2.0 resource and expose each secondary Store Adapter's data as schema extensions whose attributes are namespaced by the schema's URI. If a referenced Store Adapter exposes a schema, that schema will be advertised as the core and/or extension schemas for the SCIM Resource Type. All schema enforcement is the responsibility of the Store Adapters.

↓Direct Subcomponents
↓Parent Component
↓Properties
↓dsconfig Usage

Direct Subcomponents

The following Pass Through SCIM Resource Types are available in the server :

These Pass Through SCIM Resource Types inherit from the properties described below.

Parent Component

The Pass Through SCIM Resource Type component inherits from the SCIM Resource Type

Properties

The properties supported by this managed object are as follows:

General Configuration Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ endpoint
↓ primary-store-adapter
↓ id-attribute
↓ lookthrough-limit
↓ schema-checking-option
Authorization and Policies Basic Properties:	Advanced Properties:
None	↓ disable-response-processing

Basic Properties

description

Property Group	General Configuration
Description	A description for this SCIM Resource Type
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Property Group	General Configuration
Description	Indicates whether the SCIM Resource Type is enabled. If a SCIM Resource Type is not enabled, then its contents are not accessible when processing operations.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

endpoint (Read-Only)

Property Group	General Configuration
Description	The HTTP addressable endpoint of this SCIM Resource Type relative to the '/scim/v2' base URL. Do not include a leading '/'.
Default Value	None
Allowed Values	A HTTP addressable endpoint consisting only of letters, digits, '_' and '-' characters.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

primary-store-adapter

Property Group	General Configuration
Description	The primary Store Adapter to persist the data for this SCIM Resource Type.
Default Value	None
Allowed Values	The DN of any Store Adapter. The referenced Store Adapter must be enabled when this SCIM Resource Type is enabled.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

id-attribute

Property Group	General Configuration
Description	Specifies the primary store adapter attribute to use as the value for the SCIM object ID. The object ID is a unique, immutable identifier for fetch, update and delete operations on an object. An object ID is obtained from an attribute value of the primary Store Adapter when a new object is created and this value is subsequently used to identify the object. Ideally, the object ID should be an immutable attribute. The 'entryUUID' attribute is a good choice for an LDAP Store Adapter. The 'entryDN' attribute may be used instead, however the LDAP entry DN is not immutable. It is also possible to specify the name of some other attribute provided during a create operation. A consideration in this latter case is that store adapter objects not created through the Store Adapter interface may not have a value for the ID attribute and cannot be managed through the Store Adapter.
Default Value	entryUUID
Allowed Values	The name of a store adapter attribute for the primary store adapter.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

lookthrough-limit

Property Group	General Configuration
Description	The maximum number of resources that the SCIM Resource Type should "look through" in the course of processing a search request. This setting is provided as a way to bound the upper-limit on searches, so that clients do not exhaust the server resources. Every search operation requires that the full result set be passed through the policy engine to determine which subset of resources will be returned. This is also important in order to provide the client with paging information, such as how many total results they are allowed to access. If the number of raw search results for a given request exceeds this value, an error will be returned to the client indicating that the search matched too many results.
Default Value	500
Allowed Values	An integer value. Lower limit is 1. Upper limit is 100000 .
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

schema-checking-option

Property Group	General Configuration
Description	Options to alter the way schema checking is performed during create or modify requests.
Default Value	None
Allowed Values	allow-undefined-attributes - Allow undefined attributes in the SCIM resource. The default SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined attributes. allow-undefined-sub-attributes - Allow undefined sub-attributes in one or more values of a complex attribute. SCIM 2.0 compliant behavior is to reject create or modify requests containing undefined sub-attributes.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

Advanced Properties

disable-response-processing (Advanced Property)

Property Group	Authorization and Policies
Description	Prevents the SCIM service from performing policy processing for responses. For create, modify, and replace requests, this will skip the subsequent "retrieve" policy call, always returning the created/modified resource after performing the operation. For search requests, this will skip the search result processing and return the list as it was received from the backend server.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured SCIM Resource Types:

dsconfig list-scim-resource-types
     [--property {propertyName}] ...

To view the configuration for an existing SCIM Resource Type:

dsconfig get-scim-resource-type-prop
     --type-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing SCIM Resource Type:

dsconfig set-scim-resource-type-prop
     --type-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Pass Through SCIM Resource Type:

dsconfig create-scim-resource-type
     --type-name {name}
     --type pass-through
     --set enabled:{propertyValue}
     --set endpoint:{propertyValue}
     --set primary-store-adapter:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing SCIM Resource Type:

dsconfig delete-scim-resource-type
     --type-name {name}