SCIM2 External Servers may be used to interact with servers using the SCIMv2 protocol.
The SCIM2 External Server component inherits from the External Server
The following components have a direct aggregation relation from SCIM2 External Servers:
The following components have a direct aggregation relation to SCIM2 External Servers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| scim-service-url | |
| http-proxy-external-server | |
| key-manager-provider | |
| trust-manager-provider | |
| ssl-cert-nickname | |
| hostname-verification-method | |
| http-authorization-method | |
| response-timeout | |
| client-reconnect-interval |
| Description | A description for this External Server |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The base URL for the SCIMv2 service. It must include the hostname, port, and base path to use to make SCIMv2 calls. |
| Default Value | None |
| Allowed Values | An absolute URL, or a relative URL |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | A reference to an HTTP proxy server that should be used for requests sent to the SCIMv2 service. |
| Default Value | No HTTP proxy server will be used. |
| Allowed Values | The DN of any HTTP Proxy External Server. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The key manager provider to use if it is necessary to present a client certificate to the SCIMv2 server. |
| Default Value | No client certificate will be presented to the SCIMv2 server. |
| Allowed Values | The DN of any Key Manager Provider. The key manager provider must be enabled. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The trust manager provider to use to determine whether to trust the certificate presented by the SCIMv2 server during TLS negotiation. |
| Default Value | A default set of trust managers will be used. |
| Allowed Values | The DN of any Trust Manager Provider. The trust manager provider must be enabled. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The nickname (alias) of the entry in the associated key store that holds the client certificate chain to present to the SCIMv2 server during TLS negotiation. This may be left undefined if either no key manager provider is specified or if the JVM should automatically select an appropriate certificate from the associated key store. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The method that should be used to validate the hostname in the server certificate presented during TLS negotiation. |
| Default Value | strict |
| Allowed Values | strict - Indicates that strict hostname validation should be used, which will require the server certificate to contain a subject alternative name extension with a value that matches the address used to connect to the SCIMv2 server. If the server certificate does not include a subject alternative name extension, then the CN value in the certificate subject DN will be used as a fallback. allow-all - Indicates that no certificate hostname validation should be used. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The method to use to authorize requests sent to the SCIMv2 server. |
| Default Value | None |
| Allowed Values | The DN of any HTTP Authorization Method. The HTTP authorization method must be enabled. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum length of time to wait for a response from the SCIMv2 server when processing operations. |
| Default Value | 10 s |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The maximum length of time that a client instance should remain active before being recreated. Periodically recreating the SCIMv2 client instance will help ensure that authorization credentials may be periodically refreshed (for example, in the case of OAuth 2.0 access tokens obtained using the client credentials grant). If the associated HTTP authorization method indicates that there is a maximum lifetime associated with the authorization credentials, and if that lifetime is shorter than the configured client reconnect interval, then the credential lifetime will be used instead. If no client reconnect interval value is specified, and if the HTTP authorization method does not indicate that there is a maximum lifetime for the configured credentials, then the SCIMv2 client will not be periodically recreated unless a communication failure occurs and indicates that a reconnect may be necessary. |
| Default Value | None |
| Allowed Values | A duration. Lower limit is 0 milliseconds. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured External Servers:
dsconfig list-external-servers
[--property {propertyName}] ...
To view the configuration for an existing External Server:
dsconfig get-external-server-prop
--server-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing External Server:
dsconfig set-external-server-prop
--server-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new SCIM2 External Server:
dsconfig create-external-server
--server-name {name}
--type scim2
--set scim-service-url:{propertyValue}
--set http-authorization-method:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing External Server:
dsconfig delete-external-server
--server-name {name}