Example: Mapped SCIM resource type for devices
This example demonstrates the addition of a simple mapped SCIM resource type, backed by the standard device object class of a PingDirectory Server.
To add data to PingDirectory Server, create a file named devices.ldif with the following contents:
dn: ou=Devices,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: Devices dn: cn=device.0,ou=Devices,dc=example,dc=com objectClass: top objectClass: device cn: device.0 description: Description for device.0 dn: cn=device.1,ou=Devices,dc=example,dc=com objectClass: top objectClass: device cn: device.1 description: Description for device.1
Use the ldapmodify tool to load the data file.
{pingdir}/bin/ldapmodify --defaultAdd --filename devices.ldifStart configuring PingAuthorize Server by adding a store adapter.
dsconfig create-store-adapter \ --adapter-name DeviceStoreAdapter \ --type ldap \ --set enabled:true \ --set "load-balancing-algorithm:User Store LBA" \ --set structural-ldap-objectclass:device \ --set include-base-dn:ou=devices,dc=example,dc=com \ --set include-operational-attribute:createTimestamp \ --set include-operational-attribute:modifyTimestamp \ --set create-dn-pattern:entryUUID=server-generated,ou=devices,dc=example,dc=com
The previous command creates a store adapter that handles LDAP entries found under the base DN ou=devices,dc=example,dc=com with the object class device. This example uses the user store load-balancing algorithm that is created when you use the create-initial-config tool to set up a users SCIM resource type.
The following command creates a SCIM schema for devices with the schema URN urn:pingidentity:schemas:Device:1.0:
dsconfig create-scim-schema \ --schema-name urn:pingidentity:schemas:Device:1.0 \ --set display-name:Device
Under this schema, add the string attributes name and description.
dsconfig create-scim-attribute \ --schema-name urn:pingidentity:schemas:Device:1.0 \ --attribute-name name \ --set required:true dsconfig create-scim-attribute \ --schema-name urn:pingidentity:schemas:Device:1.0 \ --attribute-name description
After you create a store adapter and schema, create the SCIM resource type.
dsconfig create-scim-resource-type \ --type-name Devices \ --type mapping \ --set enabled:true \ --set endpoint:Devices \ --set primary-store-adapter:DeviceStoreAdapter \ --set lookthrough-limit:500 \ --set core-schema:urn:pingidentity:schemas:Device:1.0
Map the two SCIM attributes to the corresponding LDAP attributes. The following commands map the SCIM name attribute to the LDAP cn attribute, and map the SCIM description attribute to the LDAP description attribute:
dsconfig create-store-adapter-mapping \ --type-name Devices \ --mapping-name name \ --set scim-resource-type-attribute:name \ --set store-adapter-attribute:cn \ --set searchable:true dsconfig create-store-adapter-mapping \ --type-name Devices \ --mapping-name description \ --set scim-resource-type-attribute:description \ --set store-adapter-attribute:description
To confirm that the new resource type has been added, send the following request to the SCIM resource types endpoint:
curl -k https://localhost:8443/scim/v2/ResourceTypes/DevicesThe response is:
{"schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],"id":"Devices","name":
"Devices","endpoint":"Devices","schema":"urn:pingidentity:schemas:Device:1.0",
"meta":{"resourceType":"ResourceType","location":"https://localhost:8443/scim/v2/ResourceTypes/Devices"}}For a more advanced example of a mapped SCIM resource type, see the example User schema in PingAuthorize/resource/starter-schemas.