PingDirectory

Configuring the SCIM 1.1 servlet extension

Steps

  1. To allow read access to operational attributes used by the SCIM Servlet Extension, add access controls on each of the backend servers before you enable the System for Cross-domain Identity Management (SCIM) servlet extension.

    Example:

    Instead of the dsconfig interactive equivalent, the following example uses the non-interactive command to add access control instructions (ACIs) .

    $ bin/dsconfig set-access-control-handler-prop \
      --add 'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id ||
        createTimestamp || modifyTimestamp")
        (version 3.0;acl "Authenticated read access to operational attributes \
        used by the SCIM servlet extension"; allow (read,search,compare)
        userdn="ldap:///all";)'
  2. To enable the SCIM servlet extension, run the dsconfig batch file on the server.

    Example:

    $ bin/dsconfig --batch-file config/scim-config-proxy.dsconfig
  3. Edit the dsconfig batch file to use the correct request processor name and base distingushed names (DNs) for the set-request-processor-prop and set-root-dse-backend-prop commands.