SCIM External Servers are used to specify connections to SCIM-enabled endpoints, via the SCIM protocol.
↓Parent Component
↓Relations From this Component
↓Relations To this Component
↓Properties
↓dsconfig Usage
The SCIM External Server component inherits from the External Server
The following components have a direct aggregation relation from SCIM External Servers:
The following components have a direct aggregation relation to SCIM External Servers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ connect-timeout |
| ↓ scim-service-url | ↓ response-timeout |
| ↓ user-name | |
| ↓ password | |
| ↓ location | |
| ↓ connection-security | |
| ↓ authentication-method | |
| ↓ hostname-verification-method | |
| ↓ trust-manager-provider | |
| ↓ oauth-token-type | |
| ↓ oauth-token |
| Description | A description for this External Server |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The complete URL which will be used to access the SCIM service provider. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the login account to use when connecting to the SCIM service provider. This is used in conjunction with the chosen authentication-method. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The login password for the specified user name. This is used in conjunction with the chosen authentication-method. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the location for the SCIM External Server. |
| Default Value | None |
| Allowed Values | The DN of any Location. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism to use to secure communication with the SCIM service provider. |
| Default Value | none |
| Allowed Values | none - No connection security should be used (i.e., unencrypted HTTP). ssl - SSL should be used to encrypt communication (i.e., HTTPS). |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism to use to authenticate to the target server. |
| Default Value | basic |
| Allowed Values | none - No authentication should be performed on the connection. basic - HTTP basic authentication (using a username and password) should be performed on the connection. oauth - Authentication should be performed using two-legged OAuth 2 by including an access token in the "Authorization" request header. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism for checking if the service provider's hostname matches the name(s) stored inside the server's X.509 certificate. This is only applicable if SSL is being used for connection security. |
| Default Value | strict |
| Allowed Values | allow-all - This mechanism turns hostname verification off. browser-compatible - This mechanism works the same way as cURL and Firefox. The hostname must match either the first CN, or any of the Subject Alternative Names. A wildcard can occur in the CN, and in any of the Subject Alternative Names. The only difference between 'browser-compatible' and 'strict' is that a wildcard (such as "*.foo.com") with 'browser-compatible' matches all subdomains, including "a.b.foo.com". strict - This mechanism works the same way as the Java Runtime Environment. It is also compliant with RFC 2818 for dealing with wildcards. The hostname must match either the first CN, or any of the Subject Alternative Names. A wildcard can occur in the CN, and in any of the Subject Alternative Names. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com". |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The trust manager provider to use if SSL is to be used for connection-level security. |
| Default Value | None |
| Allowed Values | The DN of any Trust Manager Provider. The associated trust manager provider must exist and must be enabled if SSL is to be used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The type of OAuth token to use in conjunction with the OAuth authentication-method |
| Default Value | bearer |
| Allowed Values | bearer - Use the Bearer token type. oauth - Use the OAuth token type. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The token to use in conjunction with the OAuth authentication-method and the chosen oauth-token-type. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
connect-timeout (Advanced Property)
| Description | Specifies the amount of time to wait for a response from the service provider when establishing a connection. If the timeout is exceeded, the Synchronization Server will attempt to fail over to a different server. A value of zero indicates no timeout. |
| Default Value | 10 s |
| Allowed Values | A duration. Lower limit is 0 milliseconds. Upper limit is 3600000 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
response-timeout (Advanced Property)
| Description | Specifies the maximum length of time that an operation should be allowed to block while waiting for a response from the SCIM service provider. A value of zero indicates that there should be no client-side timeout. This property indicates how long the Synchronization Server should wait for a response from a GET,POST,PUT,PATCH,DELETE request to a destination server before timing out and failing over to a different server. When this happens, the Sync Destination will retry the request a limited number of times before failing the operation. The total number of retries will not exceed the max-operation-attempts value defined in the Sync Pipe configuration. |
| Default Value | 10 s |
| Allowed Values | A duration. Lower limit is 0 milliseconds. Upper limit is 3600000 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured External Servers:
dsconfig list-external-servers
[--property {propertyName}] ...
To view the configuration for an existing External Server:
dsconfig get-external-server-prop
--server-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing External Server:
dsconfig set-external-server-prop
--server-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new SCIM External Server:
dsconfig create-external-server
--server-name {name}
--set scim-service-url:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing External Server:
dsconfig delete-external-server
--server-name {name}