The SCIM2 HTTP Servlet Extension may be used to present a System for Cross-Domain Identity Management (SCIM) 2.0 protocol interface to the Directory Server.
The SCIM2 HTTP Servlet Extension component inherits from the HTTP Servlet Extension
The following components have a direct aggregation relation from SCIM2 HTTP Servlet Extensions:
The properties supported by this managed object are as follows:
| Description | A description for this HTTP Servlet Extension |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The cross-origin request policy to use for the HTTP Servlet Extension. A cross-origin policy is a group of attributes defining the level of cross-origin request supported by the HTTP Servlet Extension. |
| Default Value | No cross-origin policy is defined and no CORS headers are recognized or returned. |
| Allowed Values | The DN of any HTTP Servlet Cross Origin Policy. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies HTTP header fields and values added to response headers for all requests. Values specified here must specify both the header field name and the value in conformance with RFC 2616. Fields may only be specified once; multiple values for the same header should be comma-separated. See RFC 7231 for a standard set of field names. Any response headers configured for this HTTP Servlet Extension will be combined with response headers configured on the corresponding Connection Handler. In the case of duplicates, the headers configured on this HTTP Servlet Extension will be used instead of the headers configured on the Connection Handler. |
| Default Value | None |
| Allowed Values | Colon-separated header field name and value |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | HTTP Connection Handlers hosting this HTTP Servlet Extension must be disabled and then re-enabled, or the server restarted, in order for this change to take effect. |
correlation-id-response-header
| Description | Specifies the name of the HTTP response header that will contain a correlation ID value. Example values are "Correlation-Id", "X-Amzn-Trace-Id", and "X-Request-Id". This property can be used to specify a custom response header name for correlation IDs. The value specified here will override the correlation-id-response-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension. If the use-correlation-id-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension is not enabled, then this property will be ignored. |
| Default Value | The correlation-id-response-header property of the HTTP Connection Handler hosting this HTTP Servlet Extension will be used. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The context path to use to access the SCIM 2.0 interface. The value must start with a forward slash and must represent a valid HTTP context path. |
| Default Value | /scim/v2 |
| Allowed Values | The value must start with a forward slash and must represent a valid HTTP context path. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | The SCIM2 HTTP Servlet Extension must be disabled and re-enabled for changes to this setting to take effect. In order for this modification to take effect, the component must be restarted, either by disabling and re-enabling it, or by restarting the server |
| Description | If specified, the Access Token Validator(s) that may be used to validate access tokens for requests submitted to this SCIM2 HTTP Servlet Extension. |
| Default Value | If no validators are specified, then any of the Access Token Validators configured for this server may be used to validate an access token. |
| Allowed Values | The DN of any Access Token Validator. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
map-access-tokens-to-local-users
| Description | Indicates whether the SCIM2 servlet should attempt to map the presented access token to a local user. |
| Default Value | disabled |
| Allowed Values | disabled - Do not attempt to map access tokens to local users. All operations will use a default "cn=SCIM2 Servlet,cn=Root DNs,cn=config" account as the authorization identity, and requests will be authorized based on the rights assigned to that user, as well as based on rights granted or denied for the OAuth scopes in the presented access token. optional - Attempt to map access tokens to local users. If the mapping is successful, then the mapped user will be used as the authorization identity. If the token cannot be mapped to a local user, then a default authorization ID of "cn=SCIM2 Servlet,cn=Root DNs,cn=config" will be used. Requests will be authorized based on the rights granted or denied to the authorization identity, as well as based on rights granted or denied for the OAuth scopes in the presented access token. Global ACIs defined in the server will grant a minimum set of access rights to the SCIM2 Servlet user or to any OAuth token with the "scim2" scope. required - Attempt to map access tokens to local users, and reject requests in cases where no mapping can be established. The mapped user will be used as the authorization identity, and requests will be authorized based on the rights assigned to that user, as well as based on rights granted or denied for the OAuth scopes in the presented access token. Global ACIs defined in the server will grant a minimum set of access rights to the SCIM2 Servlet user or to any OAuth token with the "scim2" scope. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
debug-enabled (Advanced Property)
| Description | Enables debug logging of the SCIM 2.0 SDK. Debug messages will be forwarded to the Directory Server debug logger with the scope of com.unboundid.directory.broker.http.scim2.extension.SCIM2HTTPServletExtension. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The Directory Server debug logger must be enabled and correctly configured for the debug messages to be forwarded. |
debug-level (Advanced Property)
| Description | The minimum debug level that should be used for messages to be logged. |
| Default Value | info |
| Allowed Values | severe - Indicates that error messages should be logged. warning - Indicates that warning and error messages should be logged. info - Indicates that info, warning, and error messages should be logged. config - Indicates that config, info, warning, and error messages should be logged. fine - Indicates that fine, config, info, warning, and error messages should be logged. finer - Indicates that finer, fine, config, info, warning, and error messages should be logged. finest - Indicates that finest, finer, fine, config, info, warning, and error messages should be logged. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
debug-type (Advanced Property)
| Description | The types of debug messages that should be logged. |
| Default Value | coding-error exception |
| Allowed Values | coding-error - Indicates that messages related to incorrect use of the SCIM 2.0 SDK should be logged. exception - Indicates that messages related to exceptions that were caught within the SCIM 2.0 SDK should be logged. other - Indicates that all other messages not covered by any other message type should be logged. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
include-stack-trace (Advanced Property)
| Description | Indicates whether a stack trace of the thread which called the debug method should be included in debug log messages. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
swagger-enabled (Advanced Property)
| Description | Indicates whether the SCIM2 HTTP Servlet Extension will generate a Swagger specification document. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | The SCIM2 HTTP Servlet Extension must be disabled and re-enabled for changes to this setting to take effect. For this modification to take effect, you must either restart the server or else disable and then re-enable any HTTP Connection Handler referencing this SCIM2 HTTP Servlet Extension. |
To list the configured HTTP Servlet Extensions:
dsconfig list-http-servlet-extensions
[--property {propertyName}] ...
To view the configuration for an existing HTTP Servlet Extension:
dsconfig get-http-servlet-extension-prop
--extension-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing HTTP Servlet Extension:
dsconfig set-http-servlet-extension-prop
--extension-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...