Configuring the SCIM 1.1 servlet extension
Steps
-
To allow read access to operational attributes used by the SCIM Servlet Extension, add access controls on each of the backend servers before you enable the System for Cross-domain Identity Management (SCIM) servlet extension.
Example:
Instead of the
dsconfig
interactive equivalent, the following example uses the non-interactive command to add access control instructions (ACIs) .$ bin/dsconfig set-access-control-handler-prop \ --add 'global-aci:(targetattr="entryUUID || entryDN || ds-entry-unique-id || createTimestamp || modifyTimestamp") (version 3.0;acl "Authenticated read access to operational attributes \ used by the SCIM servlet extension"; allow (read,search,compare) userdn="ldap:///all";)'
-
To enable the SCIM servlet extension, run the
dsconfig
batch file on the server.Example:
$ bin/dsconfig --batch-file config/scim-config-proxy.dsconfig
-
Edit the
dsconfig
batch file to use the correct request processor name and base distingushed names (DNs) for theset-request-processor-prop
andset-root-dse-backend-prop
commands.For more information, see Configuring LDAP control support on all request processors (Proxy only) and SCIM 1.1 servlet extension authentication.