This example shows how to add a simple mapping SCIM 2.0 resource type backed by the inetOrgPerson LDAP objectclass to a PingDirectoryProxy Server deployment.

  1. Set up the PingDirectory Server backend server. For this example, the default settings should be used, meaning that sample data will be used and that data encryption has been configured. After the server has been set up, export the encryption-settings definition with the related tool's export subcommand:
    encryption-settings export --output-file exported-key
  2. Set up the PingDirectoryProxy Server, making sure to import the encryption-settings definition file that was created in the previous step. Then use the create-initial-proxy-config tool to configure the LDAP external server.
  3. Create the SCIM schema that the resource type will use:
    dsconfig create-scim-schema \
    --schema-name urn:pingidentity:schemas:User:1.0 \
    --set display-name:User
  4. Under this schema, add the following SCIM attributes.
    dsconfig create-scim-attribute \
    --schema-name urn:pingidentity:schemas:User:1.0 \
    --attribute-name displayName
    dsconfig create-scim-attribute \
    --schema-name urn:pingidentity:schemas:User:1.0 \
    --attribute-name name \
    --set type:complex
    dsconfig create-scim-subattribute \
    --schema-name urn:pingidentity:schemas:User:1.0 \
    --attribute-name name \
    --subattribute-name familyName
    dsconfig create-scim-subattribute \
    --schema-name urn:pingidentity:schemas:User:1.0 \
    --attribute-name name \
    --subattribute-name formatted
    dsconfig create-scim-attribute \
    --schema-name urn:pingidentity:schemas:User:1.0 \
    --attribute-name userName
  5. Create the LDAP mapping SCIM resource type on the PingDirectoryProxy Server.
    dsconfig create-scim-resource-type \
    --type-name Users \
    --type ldap-mapping \
    --set enabled:true \
    --set endpoint:Users \
    --set structural-ldap-objectclass:inetOrgPerson \
    --set include-base-dn:ou=People,dc=example,dc=com \
    --set lookthrough-limit:500 \
    --set core-schema:urn:pingidentity:schemas:User:1.0
  6. Run the followihg commands to create the SCIM attribute mappings.
    dsconfig create-scim-attribute-mapping \
    --type-name Users \
    --mapping-name displayName \
    --set scim-resource-type-attribute:displayName \
    --set ldap-attribute:displayName
    dsconfig create-scim-attribute-mapping \
    --type-name Users \
    --mapping-name name.formatted \
    --set scim-resource-type-attribute:name.formatted \
    --set ldap-attribute:cn \
    --set searchable:true
    dsconfig create-scim-attribute-mapping \
    --type-name Users \
    --mapping-name name.familyName \
    --set scim-resource-type-attribute:name.familyName \
    --set ldap-attribute:sn \
    --set searchable:true
    dsconfig create-scim-attribute-mapping \
    --type-name Users \
    --mapping-name userName \
    --set scim-resource-type-attribute:userName \
    --set ldap-attribute:uid \
    --set searchable:true
  7. Configure the SCIM2 HTTP Servlet Extension to use a Mock Access Token Validator. Note that Mock Access Token Validators should never be used in production environments or with sensitive data.
    dsconfig create-access-token-validator \
    --validator-name "SCIM2 Mock Validator" \
    --type mock \
    --set enabled:true
    dsconfig set-http-servlet-extension-prop \
    --extension-name SCIM2 \
    --set "access-token-validator:SCIM2 Mock Validator"
  8. Send the following request to the PingDirectoryProxy Server's SCIM /ResourceTypes endpoint to confirm that the new resource type has been added. The HTTP port may vary depending on how the deployment was configured.
    curl -k -X GET \
    https://localhost:8443/scim/v2/ResourceTypes \
    -H 'Authorization: Bearer {"active":true}'
  9. The following JSON object should appear in the response in the “Resources” array:
    {
    ...
    "Resources": [{
    "schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],
    "id":"Users",
    "name":"Users",
    "endpoint":"Users",
    "schema":"urn:pingidentity:schemas:Users:1.0",
    "meta":{
    "resourceType":"ResourceType",
    "location":"https://localhost:8443/scim/v2/ResourceTypes/Users"
    }
    }]
    ...
    }