Ping Identity Data Sync Server - SCIM External Server

Data Sync Server Documentation Index
Configuration Reference Home

SCIM External Server

SCIM External Servers are used to specify connections to SCIM-enabled endpoints, via the SCIM protocol.

↓Parent Component
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage

Parent Component

The SCIM External Server component inherits from the External Server

Relations from This Component

The following components have a direct aggregation relation from SCIM External Servers:

Key Manager Provider

Location

Passphrase Provider

Trust Manager Provider

Relations to This Component

The following components have a direct aggregation relation to SCIM External Servers:

SCIM Sync Destination

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	↓ connect-timeout
↓ scim-service-url	↓ response-timeout
↓ user-name
↓ password
↓ passphrase-provider
↓ location
↓ connection-security
↓ authentication-method
↓ hostname-verification-method
↓ key-manager-provider
↓ trust-manager-provider
↓ oauth-token-type
↓ oauth-token

Basic Properties

description

Description	A description for this External Server
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

scim-service-url

Description	The complete URL which will be used to access the SCIM service provider.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

user-name

Description	The name of the login account to use when connecting to the SCIM service provider. This is used in conjunction with the chosen authentication-method.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

password

Description	The login password for the specified user name. This is used in conjunction with the chosen authentication-method.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

passphrase-provider

Description	The passphrase provider to use to obtain the login password for the specified user.
Default Value	None
Allowed Values	The DN of any Passphrase Provider.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

location

Description	Specifies the location for the SCIM External Server.
Default Value	None
Allowed Values	The DN of any Location.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

connection-security

Description	The mechanism to use to secure communication with the SCIM service provider.
Default Value	none
Allowed Values	none - No connection security should be used (i.e., unencrypted HTTP). ssl - SSL should be used to encrypt communication (i.e., HTTPS).
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

authentication-method

Description	The mechanism to use to authenticate to the target server.
Default Value	basic
Allowed Values	none - No authentication should be performed on the connection. basic - HTTP basic authentication (using a username and password) should be performed on the connection. oauth - Authentication should be performed using two-legged OAuth 2 by including an access token in the "Authorization" request header.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

hostname-verification-method

Description	The mechanism for checking if the service provider's hostname matches the name(s) stored inside the server's X.509 certificate. This is only applicable if SSL is being used for connection security.
Default Value	strict
Allowed Values	allow-all - This mechanism turns hostname verification off. strict - This mechanism works the same way as the Java Runtime Environment. It is also compliant with RFC 2818 for dealing with wildcards. The hostname must match either the first CN, or any of the Subject Alternative Names. A wildcard can occur in the CN, and in any of the Subject Alternative Names. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

key-manager-provider

Description	The key manager provider to use if SSL is to be used for connection-level security. When specifying a value for this property (except when using the Null key manager provider) you must ensure that the external server trusts this server's public certificate by adding this server's public certificate to the external server's trust store.
Default Value	None
Allowed Values	The DN of any Key Manager Provider. The associated key manager provider must exist and must be enabled if SSL is to be used.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

trust-manager-provider

Description	The trust manager provider to use if SSL is to be used for connection-level security.
Default Value	None
Allowed Values	The DN of any Trust Manager Provider. The associated trust manager provider must exist and must be enabled if SSL is to be used.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

oauth-token-type

Description	The type of OAuth token to use in conjunction with the OAuth authentication-method.
Default Value	bearer
Allowed Values	bearer - Use the Bearer token type. oauth - Use the OAuth token type.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

oauth-token

Description	The token to use in conjunction with the OAuth authentication-method and the chosen oauth-token-type.
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

Advanced Properties

connect-timeout (Advanced Property)

Description	Specifies the amount of time to wait for a response from the service provider when establishing a connection. If the timeout is exceeded, the Data Sync Server will attempt to fail over to a different server. A value of zero indicates no timeout.
Default Value	10 s
Allowed Values	A duration. Lower limit is 0 milliseconds. Upper limit is 3600000 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

response-timeout (Advanced Property)

Description	Specifies the maximum length of time that an operation should be allowed to block while waiting for a response from the SCIM service provider. A value of zero indicates that there should be no client-side timeout. This property indicates how long the Data Sync Server should wait for a response from a GET,POST,PUT,PATCH,DELETE request to a destination server before timing out and failing over to a different server. When this happens, the Sync Destination will retry the request a limited number of times before failing the operation. The total number of retries will not exceed the max-operation-attempts value defined in the Sync Pipe configuration.
Default Value	10 s
Allowed Values	A duration. Lower limit is 0 milliseconds. Upper limit is 3600000 milliseconds.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured External Servers:

dsconfig list-external-servers
     [--property {propertyName}] ...

To view the configuration for an existing External Server:

dsconfig get-external-server-prop
     --server-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing External Server:

dsconfig set-external-server-prop
     --server-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new SCIM External Server:

dsconfig create-external-server
     --server-name {name}
     --type scim
     --set scim-service-url:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing External Server:

dsconfig delete-external-server
     --server-name {name}