Page created: 22 Jul 2020
|
Page updated: 1 Feb 2021
| 3 min read
8.2 Product PingDirectory Directory Capability Product documentation Content Type Administration User task IT Administrator Administrator Audience Software Deployment Method Configuration LDAP Standards, specifications, and protocols
This example shows how to add a simple mapping SCIM 2.0 resource type backed by the inetOrgPerson LDAP objectclass to a PingDirectoryProxy Server deployment.
-
Set up the PingDirectory Server backend server.
For this example, the default settings should be used, meaning that sample data
will be used and that data encryption has been configured. After the server has
been set up, export the encryption-settings definition with the related tool's
export subcommand:
encryption-settings export --output-file exported-key
- Set up the PingDirectoryProxy Server, making sure to import the encryption-settings definition file that was created in the previous step. Then use the create-initial-proxy-config tool to configure the LDAP external server.
-
Create the SCIM schema that the resource type will use:
dsconfig create-scim-schema \ --schema-name urn:pingidentity:schemas:User:1.0 \ --set display-name:User
-
Under this schema, add the following SCIM attributes.
dsconfig create-scim-attribute \ --schema-name urn:pingidentity:schemas:User:1.0 \ --attribute-name displayName dsconfig create-scim-attribute \ --schema-name urn:pingidentity:schemas:User:1.0 \ --attribute-name name \ --set type:complex dsconfig create-scim-subattribute \ --schema-name urn:pingidentity:schemas:User:1.0 \ --attribute-name name \ --subattribute-name familyName dsconfig create-scim-subattribute \ --schema-name urn:pingidentity:schemas:User:1.0 \ --attribute-name name \ --subattribute-name formatted dsconfig create-scim-attribute \ --schema-name urn:pingidentity:schemas:User:1.0 \ --attribute-name userName
-
Create the LDAP mapping SCIM resource type on the PingDirectoryProxy Server.
dsconfig create-scim-resource-type \ --type-name Users \ --type ldap-mapping \ --set enabled:true \ --set endpoint:Users \ --set structural-ldap-objectclass:inetOrgPerson \ --set include-base-dn:ou=People,dc=example,dc=com \ --set lookthrough-limit:500 \ --set core-schema:urn:pingidentity:schemas:User:1.0
-
Run the followihg commands to create the SCIM attribute mappings.
dsconfig create-scim-attribute-mapping \ --type-name Users \ --mapping-name displayName \ --set scim-resource-type-attribute:displayName \ --set ldap-attribute:displayName dsconfig create-scim-attribute-mapping \ --type-name Users \ --mapping-name name.formatted \ --set scim-resource-type-attribute:name.formatted \ --set ldap-attribute:cn \ --set searchable:true dsconfig create-scim-attribute-mapping \ --type-name Users \ --mapping-name name.familyName \ --set scim-resource-type-attribute:name.familyName \ --set ldap-attribute:sn \ --set searchable:true dsconfig create-scim-attribute-mapping \ --type-name Users \ --mapping-name userName \ --set scim-resource-type-attribute:userName \ --set ldap-attribute:uid \ --set searchable:true
-
Configure the SCIM2 HTTP Servlet Extension to use a Mock Access Token
Validator. Note that Mock Access Token Validators should never be used in
production environments or with sensitive data.
dsconfig create-access-token-validator \ --validator-name "SCIM2 Mock Validator" \ --type mock \ --set enabled:true dsconfig set-http-servlet-extension-prop \ --extension-name SCIM2 \ --set "access-token-validator:SCIM2 Mock Validator"
-
Send the following request to the PingDirectoryProxy Server's SCIM /ResourceTypes endpoint to confirm that the new resource type has been
added. The HTTP port may vary depending on how the deployment was
configured.
curl -k -X GET \ https://localhost:8443/scim/v2/ResourceTypes \ -H 'Authorization: Bearer {"active":true}'
-
The following JSON object should appear in the response in the “Resources”
array:
{ ... "Resources": [{ "schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"], "id":"Users", "name":"Users", "endpoint":"Users", "schema":"urn:pingidentity:schemas:Users:1.0", "meta":{ "resourceType":"ResourceType", "location":"https://localhost:8443/scim/v2/ResourceTypes/Users" } }] ... }