SCIM for Federation
SCIM for Service Providers
⏰ Getting Started
Introduction
Soffid allows you to combine two of the most powerful addons you can use into Soffid Console, SCIM, and Federation.
Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation
Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization
Please note that it is recommended to use a REST client, please see our example in Testing tool # RESTer
Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request
Please note that the Federation addon must be installed and configured, check it in the Federation book.
Identify Service Provider
- classe: "S"
Service providers Types
Service providers types available
- SAML: saml
- SAML API client: soffid-saml
- OpenID Connect: openid-connect
- OpenID Dynamic Register: openid-dynamic-register
- Radius client: radius
- CAS client: cas
Open Id Mechanism
- PA: User's password
- AC: Authorization code
- PC: User's password + Client credentials
- IM: Implicit
Federation Operations
Soffid provides an API that allows you to connect to the Federation microservices.
The available operations are the following
- List all
- List by filter
- Query by id
- Create
- Update
- Delete
You can visit the SCIM Federation Member examples and the SCIM Entity Group examples page for more detailed information.
SCIM Entity Group examples
Operations
This page shows the functions that can be performed for the Entity Group object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6725679",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "Soffid",
"id": 6725679
},
{
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
]
}
List by filter
List all entity groups with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup?filter=name co "test"
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6725679",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "Soffid",
"id": 6725679
},
{
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
]
}
Query by id
Query an entity group by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/5462422
Response 200 OK
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
}
Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup
JSON
{
"metadataUrl": "test-3",
"name": "test-3"
}
Response 201 Created
{
"metadataUrl": "test-3",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-3",
"id": 6780695
}
Update partial
Only attributes with changes will be updated, the others will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/6780695
JSON
{
"Operations" : [
{
"op" : "replace",
"path" : "name",
"value": "SP Cloud"
},
{
"op" : "replace",
"path" : "metadataUrl",
"value": "SP Cloud"
}
]
}
Response 200 OK
{
"metadataUrl": "SP Cloud",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "SP Cloud",
"id": 6780695
}
Update all
This operation replaces all values in the entity group.
- Note that the attribute id is required to confirm that the resource "...EntityGroup/<id>" is the same that the JSON EntityGroup.
- Note that all the attributes not included in the request will be cleared in the EntityGroup and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see the Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/1976590
JSON
{
"metadataUrl": "SP Cloud Test",
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "SP Cloud Test",
"id": 6780695
}
Response 200 OK
{
"metadataUrl": "SP Cloud Test",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "SP Cloud Test",
"id": 6780695
}
Delete
Please note, after this deletion, the entity group has to be created again to use it in the following examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/EntityGroup/6780695
Response 204 No Content
204 No Content
Error response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM Federation Members examples
Operations
This page shows the functions that can be performed for the Federation Member object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/FederationMember
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 15,
"startIndex": 1,
"Resources": [
{
"internal": false,
"allowRecover": false,
"disableSSL": false,
"impersonations": [],
"roles": [],
"ssoCookieName": "soffid_sso_session",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"metadades": "{\n \"authorization_endpoint\": \"https://server/oauth2/auth\",\n \"token_endpoint\": \"https://server/oauth2/token\",\n \"userinfo_endpoint\": \"https://server/oauth2/userinfo\",\n \"scopes_supported\": [ \"openid\",\"email\",\"profile\"],\n \"display\": \"page\"\n}",
"authenticationMethods": "P",
"storeUser": false,
"contact": "pgarcia@soffid.com",
"loginHintScript": "loginHint",
"id": 5999758,
"enableCaptcha": false,
"classe": "I",
"idpType": "openid-connect",
"keytabs": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/5999758",
"resourceType": "FederationMember"
},
"organization": "Soffid",
"extendedAuthenticationMethods": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "OpenIDConnect_Test",
"serviceProvider": [],
"allowRegister": false,
"publicId": "OpenIDConnect_ID"
},
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [],
"registrationTokenExpiration": "2024-04-04 08:04:47",
"uidExpression": "userName",
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6798983",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6798983
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6798984",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6798984
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "http://localhost:4204",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6796706",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "OpenIDDynamicRegister-Test2",
"openidUrl": [],
"id": 6796706,
"maxRegistrations": 3,
"allowRegister": false,
"publicId": "OpenIDDynamicRegister-publicId-test2",
"serviceProviderType": "openid-dynamic-register"
},
........
]
}
List by filter
List all entity groups with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/FederationMember?filter=name co "Dynamic"
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_USER@soffid"
],
"registrationTokenExpiration": "2023-11-09 07:57:20",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617980",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617980
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617977",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617977
}
],
"openidMechanism": [
"PA",
"AC"
],
"openidLogoutUrl": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6617976",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Dynamic Register SP",
"openidUrl": [],
"id": 6617976,
"maxRegistrations": 2,
"allowRegister": false,
"publicId": "DR",
"serviceProviderType": "openid-dynamic-register"
},
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_USER@soffid"
],
"registrationTokenExpiration": "2022-11-10 00:00:00",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6622593",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6622593
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6622594",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6622594
}
],
"openidMechanism": [],
"openidLogoutUrl": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6622589",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Dynamic Register SP 2",
"openidUrl": [],
"id": 6622589,
"maxRegistrations": 1,
"allowRegister": false,
"publicId": "DR2",
"serviceProviderType": "openid-dynamic-register"
}
]
}
Query by id
Query a federation member by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/FederationMember/6617976
Response 200 OK
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_USER@soffid"
],
"registrationTokenExpiration": "2023-11-09 07:57:20",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617980",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617980
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617977",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617977
}
],
"openidMechanism": [
"PA",
"AC"
],
"openidLogoutUrl": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6617976",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Dynamic Register SP",
"openidUrl": [],
"id": 6617976,
"maxRegistrations": 2,
"allowRegister": false,
"publicId": "DR",
"serviceProviderType": "openid-dynamic-register"
}
Create (SAML)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMember
JSON
{
"name": "App SAML Cloud" ,
"publicId" : "http://<YOUR-SERVER>:8090/apps/user_saml/saml/metadata",
"classe": "S",
"serviceProviderType": "saml",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
}
Response 201 Created
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6798992",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "App SAML Cloud",
"id": 6798992,
"allowRegister": false,
"publicId": "http://<YOUR-SERVER>:8090/apps/user_saml/saml/metadata",
"serviceProviderType": "saml"
}
Create (SAML API client)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMember
JSON
{
"name": "Test-IdP" ,
"publicId" : "https://some.idp.com/identifier/",
"classe": "S",
"serviceProviderType": "soffid-saml",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
}
Response 201 Created
{
"classe": "S",
"internal": true,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787237",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Test-IdP",
"id": 6787237,
"allowRegister": false,
"publicId": "https://some.idp.com/identifier/",
"serviceProviderType": "soffid-saml"
}
Create (OpenID Connect)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMember
JSON
{
"name": "AngularAppOpenID",
"publicId": "AngularAppOpenID",
"classe": "S",
"serviceProviderType": "openid-connect",
"roles": [
"SOFFID_HRMANAGER@soffid",
"SOFFID_MUSIC@soffid"
],
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"allowedScopes": [
{
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
},
{
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidUrl": [
"http://localhost:4204"
],
"openidClientId" : "angularClientID",
"openidSecret": "XXXXXXX",
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"openidLogoutUrlBack": "",
"openidLogoutUrl" : [],
"openidSectorIdentifierUrl": ""
}
📌 openidMechanism
- PA: User's password
- AC: Authorization code
- PC: User's password + Client credentials
- IM: Implicit
Response 201 Created
{
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidSecret": {
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.api.Digest"
]
},
"id": 6787194,
"serviceProviderType": "openid-connect",
"classe": "S",
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
},
{
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"allowRegister": false,
"publicId": "AngularAppOpenID"
}
Create (Radius)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMember
JSON
{
"name": "SP-RADIUS" ,
"publicId" : "SP-RADIUS-publicId",
"classe": "S",
"serviceProviderType" : "radius",
"radiusSecret" : "XXxxzzaasssDD",
"sourceIps": "127.0.01,192.168.133.0/24",
"roles": ["SOFFID_HRMANAGER@soffid",
"SOFFID_MUSIC@soffid"],
"system": "BABELTEST",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
}
Response 201 Created
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"sourceIps": "127.0.01,192.168.133.0/24",
"system": "BABELTEST",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787250",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "SP-RADIUS",
"radiusSecret": "5GsnYxLvT0D0W4GQ9Zae",
"id": 6787250,
"allowRegister": false,
"publicId": "SP-RADIUS-publicId",
"serviceProviderType": "radius"
}
Create (Cas)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMember
JSON
{
"name": "CAS",
"publicId": "CAS-publicId",
"classe": "S",
"serviceProviderType": "cas",
"roles": [
"SOFFID_HRMANAGER@soffid",
"SOFFID_MUSIC@soffid"
],
"system": "BABELTEST",
"consent": true,
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidUrl": [
"https://www.testcasserver.lab/cas/"
],
"openidLogoutUrl": [
"https://www.testcasserver.lab/cas/logout?service=<redirect_url>"
]
}
Response 201 Created
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"consent": true,
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"system": "BABELTEST",
"openidLogoutUrl": [
"https://www.testcasserver.lab/cas/logout?service=<redirect_url>"
],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6804777",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "CAS",
"openidUrl": [
"https://www.testcasserver.lab/cas/"
],
"id": 6804777,
"allowRegister": false,
"publicId": "CAS-publicId",
"serviceProviderType": "cas"
}
Create (OpenID Dynamic Register)
The OpenID Dynamic Register has to be created in the Soffid console
For more information, you can visit the Openid-connect Dynamic Register documentation
Update partial
Only attributes with changes will be updated, the others will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/FederationMember/6787388
JSON
{
"Operations" : [
{
"op" : "replace",
"path" : "openidMechanism",
"value": ["AC", "PC"]
},
{
"op" : "replace",
"path" : "consent",
"value": "true"
}
]
}
Response 200 OK
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
},
{
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidMechanism": [
"AC",
"PC"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"id": 6787194,
"allowRegister": false,
"publicId": "AngularAppOpenID",
"serviceProviderType": "openid-connect"
}
Update all
This operation replaces all values in the entity group.
- Note that the attribute id is required to confirm that the resource "...EntityGroup/<id>" is the same that the JSON EntityGroup.
- Note that all the attributes not included in the request will be cleared in the EntityGroup and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see the Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/6787194
JSON
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
},
{
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"allowRegister": false,
"publicId": "AngularAppOpenID",
"serviceProviderType": "openid-connect"
}
Response 200 OK
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6802723",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6802723
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"id": 6787194,
"allowRegister": false,
"publicId": "AngularAppOpenID",
"serviceProviderType": "openid-connect"
}
Delete
Please note, after this deletion, the entity group has to be created again to use it in the following examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/FederationMember/6784722
Response 204 No Content
204 No Content
Error response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response