SCIM2 HTTP Servlet Extension

The SCIM2 HTTP Servlet Extension may be used to present a System for Cross-Domain Identity Management (SCIM) 2.0 protocol interface to the Directory Server.

Parent Component Relations from This Component Properties dsconfig Usage

Parent Component

The SCIM2 HTTP Servlet Extension component inherits from the HTTP Servlet Extension

Relations from This Component

The following components have a direct aggregation relation from SCIM2 HTTP Servlet Extensions:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  debug-enabled
 cross-origin-policy  debug-level
 response-header  debug-type
 correlation-id-response-header  include-stack-trace
 base-context-path  swagger-enabled
 access-token-validator
 map-access-tokens-to-local-users

Basic Properties

description

Description
A description for this HTTP Servlet Extension
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

cross-origin-policy

Description
The cross-origin request policy to use for the HTTP Servlet Extension. A cross-origin policy is a group of attributes defining the level of cross-origin request supported by the HTTP Servlet Extension.
Default Value
No cross-origin policy is defined and no CORS headers are recognized or returned.
Allowed Values
The DN of any HTTP Servlet Cross Origin Policy.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

response-header

Description
Specifies HTTP header fields and values added to response headers for all requests. Values specified here must specify both the header field name and the value in conformance with RFC 2616. Fields may only be specified once; multiple values for the same header should be comma-separated. See RFC 7231 for a standard set of field names.
Any response headers configured for this HTTP Servlet Extension will be combined with response headers configured on the corresponding Connection Handler. In the case of duplicates, the headers configured on this HTTP Servlet Extension will be used instead of the headers configured on the Connection Handler.
Default Value
None
Allowed Values
Colon-separated header field name and value
Multi-Valued
Yes
Required
No
Admin Action Required
HTTP Connection Handlers hosting this HTTP Servlet Extension must be disabled and then re-enabled, or the server restarted, in order for this change to take effect.

correlation-id-response-header

Description
Specifies the name of the HTTP response header that will contain a correlation ID value. Example values are "Correlation-Id", "X-Amzn-Trace-Id", and "X-Request-Id". This property can be used to specify a custom response header name for correlation IDs. The value specified here will override the correlation-id-response-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension.

If the use-correlation-id-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension is not enabled, then this property will be ignored.

Default Value
The correlation-id-response-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension will be used.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

base-context-path (Read-Only)

Description
The context path to use to access the SCIM 2.0 interface. The value must start with a forward slash and must represent a valid HTTP context path.
Default Value
/scim/v2
Allowed Values
The value must start with a forward slash and must represent a valid HTTP context path.
Multi-Valued
No
Required
Yes
Admin Action Required
The SCIM2 HTTP Servlet Extension must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server

access-token-validator

Description
If specified, the Access Token Validator(s) that may be used to validate access tokens for requests submitted to this SCIM2 HTTP Servlet Extension.
Default Value
If no validators are specified, then any of the Access Token Validators configured for this server may be used to validate an access token.
Allowed Values
The DN of any Access Token Validator.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action

map-access-tokens-to-local-users

Description
Indicates whether the SCIM2 servlet should attempt to map the presented access token to a local user.
Default Value
disabled
Allowed Values
disabled - Do not attempt to map access tokens to local users. All operations will use a default "cn=SCIM2 Servlet,cn=Root DNs,cn=config" account as the authorization identity, and requests will be authorized based on the rights assigned to that user, as well as based on rights granted or denied for the OAuth scopes in the presented access token.

optional - Attempt to map access tokens to local users. If the mapping is successful, then the mapped user will be used as the authorization identity. If the token cannot be mapped to a local user, then a default authorization ID of "cn=SCIM2 Servlet,cn=Root DNs,cn=config" will be used. Requests will be authorized based on the rights granted or denied to the authorization identity, as well as based on rights granted or denied for the OAuth scopes in the presented access token. Global ACIs defined in the server will grant a minimum set of access rights to the SCIM2 Servlet user or to any OAuth token with the "scim2" scope.

required - Attempt to map access tokens to local users, and reject requests in cases where no mapping can be established. The mapped user will be used as the authorization identity, and requests will be authorized based on the rights assigned to that user, as well as based on rights granted or denied for the OAuth scopes in the presented access token. Global ACIs defined in the server will grant a minimum set of access rights to the SCIM2 Servlet user or to any OAuth token with the "scim2" scope.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

debug-enabled (Advanced Property)

Description
Enables debug logging of the SCIM 2.0 SDK. Debug messages will be forwarded to the Directory Server debug logger with the scope of com.unboundid.directory.broker.http.scim2.extension.SCIM2HTTPServletExtension.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
The Directory Server debug logger must be enabled and correctly configured for the debug messages to be forwarded.

debug-level (Advanced Property)

Description
The minimum debug level that should be used for messages to be logged.
Default Value
info
Allowed Values
severe - Indicates that error messages should be logged.

warning - Indicates that warning and error messages should be logged.

info - Indicates that info, warning, and error messages should be logged.

config - Indicates that config, info, warning, and error messages should be logged.

fine - Indicates that fine, config, info, warning, and error messages should be logged.

finer - Indicates that finer, fine, config, info, warning, and error messages should be logged.

finest - Indicates that finest, finer, fine, config, info, warning, and error messages should be logged.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

debug-type (Advanced Property)

Description
The types of debug messages that should be logged.
Default Value
coding-error
exception
Allowed Values
coding-error - Indicates that messages related to incorrect use of the SCIM 2.0 SDK should be logged.

exception - Indicates that messages related to exceptions that were caught within the SCIM 2.0 SDK should be logged.

other - Indicates that all other messages not covered by any other message type should be logged.
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

include-stack-trace (Advanced Property)

Description
Indicates whether a stack trace of the thread which called the debug method should be included in debug log messages.
Default Value
false
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

swagger-enabled (Advanced Property)

Description
Indicates whether the SCIM2 HTTP Servlet Extension will generate a Swagger specification document.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
The SCIM2 HTTP Servlet Extension must be disabled and re-enabled for changes to this setting to take effect. For this modification to take effect, you must either restart the server or else disable and then re-enable any HTTP Connection Handler referencing this SCIM2 HTTP Servlet Extension.


dsconfig Usage

To list the configured HTTP Servlet Extensions:

dsconfig list-http-servlet-extensions
     [--property {propertyName}] ...

To view the configuration for an existing HTTP Servlet Extension:

dsconfig get-http-servlet-extension-prop
     --extension-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing HTTP Servlet Extension:

dsconfig set-http-servlet-extension-prop
     --extension-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...