SCIM
System for Cross-domain Identity Management
- Introduction to SCIM
- SCIM Operations
- SCIM Query syntax
- How to install SCIM in Soffid
- How to use SCIM in Soffid
- Testing tool
- Resource data model & schema
- User resource
- Group resource
- Account resource
- Application resource
- Role resource
- Group type resource
- User type resource
- GroupUser resource
- RoleAccount resource
- Host resource
- MailList resource
- MailDomain resource
- Network resource
- DomainValue resource
- VaultFolder resource
- System resource
- CustomObject resource
- ProcessDefinition resource
- ProcessInstance resource
- TaskInstance resource
- Issue resource
- SCIM full examples
- Previous steps
- SCIM User examples
- SCIM Group examples
- SCIM Account examples
- SCIM Application examples
- SCIM Role examples
- SCIM Group type examples
- SCIM User type examples
- SCIM GroupUser examples
- SCIM RoleAccount examples
- SCIM Host examples
- SCIM MailDomain examples
- SCIM MailList examples
- SCIM Network examples
- SCIM DomainValue examples
- SCIM VaultFolder examples
- SCIM System examples
- SCIM CustomObject examples
- SCIM ProcessDefinition examples
- SCIM ProcessInstance examples
- SCIM TaskInstance examples
- SCIM Issue examples
- SCIM for OTP devices
- SCIM for Federation
- Cross-Origin Resource Sharing (CORS)
- Textual Index
Introduction to SCIM
What is SCIM?
SCIM is a standard created to simplify user management in the cloud by defining a schema for representing users and groups with a REST API for all the necessary CRUD operations.
This standard could be extended to other resources like accounts, roles, etc.
Soffid is compatible with SCIM 2 protocol but uses its owns schema for users, groups, roles and so one. That is why Soffid implements SCIM protocols (RFC7644 and EFC 7644), but not SCIM core schema (RFC7643).
Information about SCIM
All the information about SCIM is published in the following link: http://www.simplecloud.info/
Currently, the last available version of the standard is SCIM 2.0.
The most relevant link about the specification of this protocol is: https://tools.ietf.org/html/rfc7644
Use cases of SCIM
SCIM could be used to create a new identity from third part application assign or revoke permissions, create or disable accounts, or even take part of new or existing workflows.
You can leverage SCIM protocol to extend current Soffid functionality adapting the Identity Platform to your needs.
Example of SCIM
SCIM uses JSON specification for the data model containing the requests and responses. For instance, the data information of a user would be:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "bjensen",
"externalId": "bjensen",
"name": {
"formatted": "Ms. Barbara J Jensen III",
"familyName": "Jensen",
"givenName": "Barbara"
}
}SCIM also uses REST specification for HTTP communication between clients and servers. For instance, a request to create a user would be:
POST /Users HTTP/1.1
Host: example.com
Accept: application/scim+json
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Content-Length: ...The HTTP codes are very important in the responses. For instance:
HTTP/1.1 200 Response is ok
HTTP/1.1 201 Resource created
HTTP/1.1 404 Resource not found
etcSCIM Operations
HTTP Method
|
GET |
Retrieves one or more complete or partial resources. |
|
POST |
Depending on the endpoint, creates new resources, creates a search request, or MAY be used to bulk-modify resources. |
|
PUT |
Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT MUST NOT be used to create new resources. |
|
PATCH |
Modifies a resource with a set of client-specified changes (partial update). |
|
DELETE |
Deletes a resource. |
Get
A HTTP Get request is used to fetch a resource or a set of resources.
Read
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}- id: is the identifier of a specific resource
Search
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/?filter={attribute}{op}{value}&sortBy={attributeName}&sortOrder={ascending|descending}&attributes={attributes}- filter: allows you to add filter to query.
- attribute
- op: SCIM has support for the filter operations equals, contains, starts with, and more.
- value
- sortBy: the attribute used to sort the response.
- sortOrder: order to sort, ascending or descending. Ascending is the default order.
Also, you can asl for specific attributes of the resource
- attributes={attributes}
Example:
http://<your-domain>/soffid/webservice/scim2/v1/User?filter=lastName co ada and active eq true &sortOrder=descending&sortBy=userName&attributes=userName,lastName&filter=userName co adminSorting
|
Parameter |
Description |
|---|---|
| sortBy | Specifies the attribute whose value will be used to order ther returned responses. |
| sortOrder |
Allowed values are "ascending" and "descending". If sortBy is provided, and sortOrder is nos provided, sortOrder will be "ascending" by default. |
Sorting example:
http://<your-server>/soffid/webservice/scim2/v1/User?sortBy=lastName&sortOrder=descendingPagination
|
Parameter |
Description |
|---|---|
| startIndex | Index of the first query result. Default 1 |
| count | Maximun numer of query results per page |
Pagination example:
http://<your-server>/soffid/webservice/scim2/v1/User?startIndex=1&count=10{
"totalResults":100,
"itemsPerPage":10,
"startIndex":1,
"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources":[{
...
}]
}Post
A HTTP Post request is used to create a new resource
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}Content-Type: application/jsonYou must send the JSON with the attributes of the resource you want to create.
{
"schemas":[{schema}],
"attribute1":"value1",
"attribute2":"value2",
"attribute3":{
"subattribute1":"valueX",
"subattribute1":"valueX",
},
.......
}- schema: is the schema url of the resource you are creating.
- attributes: name of the resource attributes.
- values: values for each attribute.
Put
A HTTP Put request is used to update resources. This operation replace all values of the resource
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}Content-Type: application/jsonYou must send the JSON with the attributes of the resource you want to update, which includes the ID.
{
"schemas":[{schema}],
"id": "idValue",
"attribute1":"value1",
"attribute2":"value2",
"attribute3":{
"subattribute1":"valueX",
"subattribute1":"valueX",
},
.......
}- schema: is the schema url of the resource you are creating.
- id: identifier of the resource
- attributes: name of the resource attributes.
- values: values for each attribute.
Patch
A HTTP Patch request is used to update partial resources
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}{
"Operations": [
{
"op": "operation",
"path": "attribute",
"value": "value"
},
............
]
}- op: available operations to realize:
- add: allows you to add a new value to an attribute.
- remove: allows you to delete the value of an attribute.
- replace: allows you to replace (update) the value of an attribute.
More information about the operations on https://www.rfc-editor.org/rfc/rfc6902
- path: to indicate the attribute on which the operation is to be performed.
- value: the new value for the attribute.
Delete
A HTTP Delete request is used to delete a resource.
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}- id: is the identifier of a specific resource
Request
In the PUT and PATCH methods, a JSON stream with the data model is required (please see this format in the following link: Resource data model).
Response
The response format will be represented as a SCIM JSON response, but all the keys in the response will depend on the method requested and the result of the operation.
HTTP Status
The most commons responses
Successful Responses
|
200 |
OK |
|
201
|
Created |
|
204
|
No Content |
Error Response
|
400 |
Bad Request |
|
401
|
Unauthorized |
|
403 |
Forbidden |
|
404 |
Not Found |
|
500 |
Internal Server Error
|
For instance, when you search by id but no resource is found, only a 404 HTTP code is included in the response (the body is empty, no JSON is provided).
User cases:
- Search by id but no resource is found (404 code).
- Update all, the id is not found (404 code).
- Update partial, the id is not found (404 code).
- Delete, the id is not found (404 code).
- A "/<resource>" (in the URL) not exist (404 code).
- Other errors (404 or 500 code).
More detail about SCIM JSON error
SCIM JSON Response
SCIM JSON list
For instance, when a list of resources is requested, this is the JSON output format:
Note, to simplify the JSON output every resource has been replaced by {...}
{
"totalResults": 3,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"resources": [
{...},
{...},
{...}
]
}This is the description of this type of response:
|
Attribute
|
Description
|
|---|---|
| totalResults | Number of the resources returned in the response |
| schemas | Defined by SCIM protocl. Always: "urn:ietf:params:scim:api:messages:2.0:ListResponse" |
| resources | List of resources returned |
User cases:
- A list all operation (200 code).
- A search by filter operation (200 code).
- The delete operation (204 code).
SCIM JSON resource
For instance, when a resource by id is requested, this is the JSON format:
Note, to simplify the JSON output every resource has been replaced by {...}
{
"id": 11345
"organizational": true,
...
}In this case, the JSON stream of the resource is included directly in the response.
User cases:
- Search by id operations (200 code).
- Successful create operations (201 code).
- Successful complete update operations (200 code).
- Successful partial update operations (200 code).
SCIM JSON error
For instance, if an attempt to delete a resource is made, but this resource is not found the following JSON response will be obtained:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"detail": "User 1234 not found",
"status": "404"
}This is the description of this type of response:
|
Attribute
|
Description
|
|---|---|
| schemas | Defined by SCIM protocl. Always: "urn:ietf:params:scim:api:messages:2.0:Error" |
| detail | Returns the description on the validation, problem, error, etc |
| status | Is the HTTP status, that is the same that the HTTP code of the HTTP response |
User cases:
- When you try to delete a resource but it's not found (404 code).
- When you try to delete a group, the solution is to disable it by PATCH (500 code).
- Generic errors (500 code).
SCIM Query syntax
SCIM protocol provides a language to search and filter resources.
Please browse the standard specifications in this link: https://tools.ietf.org/html/rfc7644#section-3.4.2.2
Example
To search all users having "John" as name:
http://<domain>/webservice/scim2/v1/User/?filter=userName eq "John"Use
This feature can be used with the Search by filter operation.
After the URL resource. the filter parameter with the language expression to apply must be added: <URL>?filter=<expression>
Remember that in this case the HTTP method is GET.
The result always is a SCIM response list.
Syntax
Attribute operators
|
Operator |
Description |
|---|---|
|
eq |
equal |
|
eq_ci |
case insensitive version of equal operator |
|
ne |
not equal |
|
co |
contains |
|
sw |
starts with |
|
ew |
ends with |
|
pr |
present (has value) |
|
gt |
greater than |
|
ge |
greater than or equal to |
|
lt |
less than |
|
le |
less than or equal to |
Logical operators
|
Operator |
Description |
|---|---|
|
and |
Logical "and" |
|
or |
Logical "or" |
|
not |
"Not" function |
Grouping operators
|
Operator |
Description |
|---|---|
|
( ) |
Precedence grouping |
|
[ ] |
Complex attribute filter group |
Data values
|
Data type |
Value |
|---|---|
| Numbers | Use the value without ", for example 1234 |
| Text | Use the value within ", for example "John" |
| Date |
Use the value within " with an ISO format, for example "2011-05-13T04:42:34Z" |
| Boolean | Use [ true | false ] (without ") |
| Null | Use [ null ] (without ") |
Filter examples
filter=userName eq "admin"
filter=userName ne "admin"
filter=userName co "ad"
filter=userName sw "a"
filter=userName ew "n"
filter=userName pr
filter=id gt 1
filter=id ge 60
filter=id lt 1000
filter=id le 1188
filter=consoleProperties.id eq 229
filter=createdDate gt "2011-05-13T04:42:34Z"
filter=id eq 60 and id eq 1188
filter=id eq 60 or id eq 1188
filter=firstName eq "Admin" and id eq 60
filter=firstName eq "Admin" or id eq 61
filter=primaryGroup eq "world" and (firstName co "John” or lastName co "Smith")
filter=userName co "i" and (userName co "a" or userName co "s")
filter=id eq 60 and (userName co "a" and consoleProperties.id eq 229)Sorting
Short is optional .
|
Parameter |
Description |
|---|---|
| sortBy | Specifies the attribute whose value will be used to order ther returned responses. |
| sortOrder |
Allowed values are "ascending" and "descending". If sortBy is provided, and sortOrder is nos provided, sortOrder will be "ascending" by default. |
Example:
http://<your-server>/webservice/scim2/v1/User?sortBy=lastName&sortOrder=descendingPagination
|
Parameter |
Description |
|---|---|
| startIndex | Index of the first query result. Default 1 |
| count | Maximun numer of query results per page |
Example:
http://<your-server>/webservice/scim2/v1/User?startIndex=1&count=10{
"totalResults":100,
"itemsPerPage":10,
"startIndex":1,
"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources":[{
...
}]
}How to install SCIM in Soffid
Installation
Download
Please download the Soffid SCIM add-on.
You can download it at the following link http://www.soffid.com/download/enterprise/ if you have Soffid user with authorization, or in the following http://download.soffid.com/download/ by registering.
Upload
Once the SCIM add-on is downloaded, please log in to IAM Console.
You need to be an administrator user of the Soffid console or a user with permissions to upload addons.
It is recommended to upload the addons to master, this is the way to maintain updated all, master and tenants if there are.
In the Soffid console, please go to: "Main Menu > Administration > Configure Soffid > Global Settings > Plugins" and upload the addon file, for more information visit the Addons Getting started page
Finally, when the addon is installed, it will be required to restart the Soffid Console.
Testing
Confirm authorization
To access to the SCIM REST web service, a user with correct authorization is required.
First we can check the authorization created by the SCIM add-on:
Confirm access
Once a user is available to access SCIM functionality, testing is easily done with a browser.
For example, to list groups.
- Please introduce the next URL: http://<domain>/webservice/scim2/v1/Group (note, you must replace "<domain>" for your Soffid IAM Console domain).
- Now a browser prompt requests the user and password for the authentication (note, you must use the user with the SCIM authorization).
- Finally, if the response is something like a compact JSON (Chrome) or a download file (Firefox).
Comments
- One can use a REST client extension in the browser, for example, RESTer
- One can show a JSON formatted with a browser extension, for example, JSONView (note, it's necessary include the CONTENT-TYPE="application/scim+json" in the extension preferences).
How to use SCIM in Soffid
Introduction
Soffid has implemented a version of the SCIM protocol 2.0. Some optional recommendations have also been included to improve the usage of this specification within the Soffid context.
This functionality is available only by installing the SCIM add-on. This add-on is available in the download section of the Soffid website.
Discovery
Soffid provides some endpoints to discover supported features and specific attribute details:
Service provider config
This endpoint provides additional information about the Soffid SCIM implementation.
Request
GET https://<your-domain>/soffid/webservice/scim2/v1/ServiceProviderConfigResponse 200 OK
{
"patch": {
"supported": true
},
"filter": {
"maxResults": 1000,
"supported": true
},
"documentationUri": "https://bookstack.soffid.com/books/scim",
"authenticationSchemes": [
{
"documentationUri": "https://bookstack.soffid.com/book/scim",
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"type": "httpbasic"
}
],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ServiceProvider",
"resourceType": "ServiceProviderConfig"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"etag": {
"supported": false
},
"sort": {
"supported": true
},
"bulk": {
"supported": false
},
"changePassword": {
"supported": true
}
}Resources Types
An endpoint used to discover the types of resources available.
List resources types
The SCIM protocol is focused on resource management, such as users, groups, accounts, etc. To know all the resources that Soffid provides you can use this REST web service:
Request
GET https://<your-domain>/soffid/webservice/scim2/v1/ResourceTypesResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 20,
"startIndex": 1,
"Resources": [
{
"schema": "urn:soffid:com.soffid.iam.api.Account",
"endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/Account",
"resourceType": "ResourceType"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Account",
"description": "Account object",
"id": "Account"
},
{
"schema": "urn:soffid:com.soffid.iam.api.Group",
"endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/Group",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/Group",
"resourceType": "ResourceType"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Group",
"description": "Group object",
"id": "Group"
},
...............
]
}Query resource type
Specifies metadata about each resource. To query a specific resource type, you can use this REST web service:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes/{Resource}Example
GET http://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes/UserResponse 200 OK
{
"schema": "urn:soffid:com.soffid.iam.api.User",
"endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/User",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/User",
"resourceType": "ResourceType"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "User",
"description": "User object",
"id": "User"
}Response 404
404 Not FoundSchemas
Schema definition for a specific resource.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/{Schema_URL}Example
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.RoleResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Role",
"description": "Role object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "system",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "category",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "informationSystemName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "domain",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "bpmEnabled",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "approvalStart",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "approvalEnd",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Role"
}Response 404
404 Not FoundSoffid Resources
Soffid provides the following resources:
|
Resource
|
Description
|
|---|---|
| User |
Management of the users included in the Soffid solution. A user is an identity that represents only one person. |
| Group |
Management of the groups included in the Soffid solution. A group could be part of a hierarchical group tree. Users are assigned to a primary group and optionally could be in some secondary groups. |
| Account |
Management of the accounts included in the Soffid solution. An account is a representation of one application access. A user may have a lot of accounts and may have some accounts for the same applications with different roles and restrictions. |
|
|
Management of the applications (Information Systems from a functional point of view) included in the Soffid solution. Every agent (of an external system) manages these roles through one or more applications. |
|
|
Management of the roles included in the Soffid solution. Every role is created in one application, so an application has a list of roles. |
|
Management of the GroupTypes included in the Soffid solution. |
|
|
Management of the GroupTypes included in the Soffid solution. |
|
|
Management of the GroupUsers included in the Soffid solution. |
|
|
Management of the RoleAccounts included in the Soffid solution. |
|
|
Management of the Hosts included in the Soffid solution. |
|
|
Management of the MailDomains included in the Soffid solution. |
|
|
Management of the MailLists included in the Soffid solution. |
|
|
Management of the DomainValues included in the Soffid solution. |
|
|
Management of the VaultFolders included in the Soffid solution. |
|
|
Management of the Systems (Agents) included in the Soffid solution. Information storage system from a technical point of view. |
|
|
Management of the CustomObjects included in the Soffid solution. |
|
|
Management of the TaskInstances included in the Soffid solution. |
|
|
Management of the ProcessInstances included in the Soffid solution. |
|
|
Management of the ProcessDefinition included in the Soffid solution. |
You can view all resource data models and schemas on Resource data model & schema chapter
Soffid Operations
For every resource the following operations are available:
|
Operation |
HTTP method |
URL example |
Description |
|---|---|---|---|
|
List all |
GET |
.../soffid/webservice/scim/<resource> |
List all resources |
|
Search by id |
GET |
.../soffid/webservice/scim/<resource>/<id> |
Search the resource with the <id> specified |
|
Search by filter |
GET |
.../soffid/webservice/scim/<resource>?filter=<filter-language> |
Search all resources that fulfil the <filter-language> filter (please see filtering language here 5. SCIM filter language) |
|
Create |
POST |
.../soffid/webservice/scim/<resource> |
Create a resource |
|
Update all |
PUT |
.../soffid/webservice/scim/<resource>/<id> + <JSON in the body> |
Update all attributes specified in the JSON stream (the attributes not included will be cleared) |
|
Update partial |
PATCH |
.../soffid/webservice/scim/<resource>/<id> + <JSON in the body> |
Update only the attributes specified in the JSON stream (the other attributes will not be updated) |
|
Delete |
DELETE |
.../soffid/webservice/scim/<resource>/<id> |
Delete a resource |
HTTP request
In every HTTP request the following HTTP header parameters are required:
|
Parameter
|
Value
|
Description
|
|---|---|---|
| URL | https://<your-domain>/soffid/webservice/scim/<resource> | URL with the <resource> to be managed |
| Method | [ GET | POST | PUT | PATCH | DELETE ] | Method allowed in SCIM REST protocol |
| Content-Type | application/scim+json | SCIM specification |
| Accept | application/scim+json | SCIM specification |
| Authorization | Basic YWRtaW46Y2hhbmdlaXQ= | Only BASIC authentication is implemented in this version. A Soffid user (+password) with SCIM access is required to generate this parameter |
| Accept-Language | [ EN | ES | CA | NL ] | This parameter is OPTIONAL. The default language is EN |
HTTP codes
The following HTTP codes are managed in the HTTP response:
|
Code |
Status |
User case |
|---|---|---|
|
200 |
Ok |
After: list all, search by id, search by filter, update all, update partial |
|
201 |
Created |
After: create |
|
204 |
No content |
After: delete |
|
404 |
Not found |
After: resource not found |
|
500 |
Error |
After: internal error, PATCH DELETE |
Testing tool
REST clients
Any REST client may be used to test and consume our SCIM REST web service.
RESTer
In this case, we will show the usage with RESTer, a browser extension available for Chrome and Firefox.
This extension may be added from these links: Chrome, Firefox
Once it's added to the browser, this tool is accessible from its toolbar icon:
This is the RESTer application window:
Remember to use the HTTP headers specified in SCIM in SCIM in Soffid-HTTPrequest
Remember to use a user with authorization. See 8. How to use SCIM in How to use SCIM in Soffid-Confirmauthorization
Postman
Postman is another REST client, you can use it as an extension of the browser, but we recommend the operating system application.
Resource data model & schema
The data model of the Soffid objects is mapped to JSON objects to enable the data transport between client and server.
Resource data model & schema
User resource
/User
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/User.html
Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object.
Query schema
It is allowed to consult all the User definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.User",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "User",
"description": "User object",
"attributes": [
{
"subattributes": [
{
"uniqueness": "none",
"name": "NIF",
"description": "NIF",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "PHONE",
"description": "PHONE",
"canonicalValues": [
"1",
"2",
"3"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "manager",
"description": "Manager",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "Contrat_type",
"description": "Contract type",
"canonicalValues": [
"T",
"I",
"F",
"S"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "RegisterServiceProvider",
"description": "RegisterServiceProvider",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "EMAIL",
"description": "External email",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ActivationKey",
"description": "ActivationKey",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "picture",
"description": "Fotografía",
"mutability": "readWrite",
"type": "binary",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "birthDate",
"description": "Birth date",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "language",
"description": "Languages spoken by the user",
"canonicalValues": [
"Spanish",
"English",
"German"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "country",
"description": "Country",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"uniqueness": "none",
"name": "attributes",
"description": "Custom attributes",
"mutability": "readWrite",
"type": "complex",
"returned": "default",
"multiValued": false
},
{
"uniqueness": "none",
"name": "userName",
"description": "User name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "firstName",
"description": "First name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "lastName",
"description": "Last Name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "middleName",
"description": "Middle name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "fullName",
"description": "Full name",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "userType",
"description": "Type",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "primaryGroup",
"description": "Primary group",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "homeServer",
"description": "Home server",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "profileServer",
"description": "Profile server",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "emailAddress",
"description": "Internal eMail",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "mailAlias",
"description": "Mail alias",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "mailServer",
"description": "Mail server",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "active",
"description": "Enabled",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "multiSession",
"description": "Multi session",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "comments",
"description": "Comments",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "createdByUser",
"description": "Created by",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "createdDate",
"description": "Created on",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "modifiedByUser",
"description": "Modifid by",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "modifiedDate",
"description": "Modified last on",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"subattributes": [
{
"uniqueness": "none",
"name": "domain",
"description": "Password domain to be changed. By default, the DEFAULT domain is changed",
"mutability": "writeOnly",
"type": "string",
"caseExact": true,
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "value",
"description": "The password itself, in clear text",
"mutability": "writeOnly",
"type": "string",
"caseExact": true,
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "expired",
"description": "If not set to false, the user will be prompted to change it on next logon",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"multiValued": false,
"required": false
}
],
"uniqueness": "none",
"name": "password",
"description": "Change current user password",
"mutability": "writeOnly",
"type": "complex",
"caseExact": true,
"multiValued": true,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.User"
}Full JSON example
Visit SCIM User examples page
Resource data model & schema
Group resource
/Group
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Group.html
Soffid allows you to add customized data to the group object. You can do that on the metadata option:
Query Schema
It is allowed to consult all the Group definitions using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Group",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Group",
"description": "Group object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "driveLetter",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "parentGroup",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "type",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "driveServerName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "obsolete",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Group"
}Full JSON example
Visit SCIM Group examples page
Resource data model & schema
Account resource
/Account
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Account.html
Soffid allows you to add customized data to the Account object. You can do that on metadata option:
Query Schema
It is allowed to consult all the Account definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.AccountResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Account",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Account",
"description": "Account object",
"attributes": [
{
"uniqueness": "none",
"name": "system",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "type",
"canonicalValues": [
"U",
"S",
"P",
"I"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "status",
"canonicalValues": [
"a",
"d",
"FA",
"FD",
"r",
"l"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "passwordPolicy",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "ownerGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "ownerUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "ownerRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "managerGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "managerUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "managerRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "grantedGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "grantedUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "grantedRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "serverType",
"canonicalValues": [
"Windows",
"Linux",
"Database"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "serverName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "vaultFolderId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "inheritNewPermissions",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "loginUrl",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "loginName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "launchType",
"canonicalValues": [
"S",
"W",
"P"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "jumpServerGroup",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "created",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lastLogin",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lastUpdated",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lastPasswordSet",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "passwordExpiration",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lockedBy",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "passwordStatus",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"subattributes": [
{
"uniqueness": "none",
"name": "value",
"description": "The password itself, in clear text",
"mutability": "writeOnly",
"type": "string",
"caseExact": true,
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "expired",
"description": "If not set to false, the user will be prompted to change it on next logon",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"multiValued": false,
"required": false
}
],
"uniqueness": "none",
"name": "password",
"description": "Change current account password",
"mutability": "writeOnly",
"type": "complex",
"caseExact": true,
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "attributes",
"mutability": "readWrite",
"type": "complex",
"caseExact": true,
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Account"
}Full JSON example
Visit SCIM Account examples page
Resource data model & schema
Application resource
/Application (addon version 1.2.0+)
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Application.html
Soffid allows you to add customized data to the Application object. You can do that on metadata option:
Query Schema
It is allowed to consult all the Application definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.ApplicationResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Application",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Application",
"description": "Application object",
"attributes": [
{
"uniqueness": "none",
"name": "type",
"canonicalValues": [
"container",
"application",
"business"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "parent",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "relativeName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "source",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "owner",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "executable",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "database",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ownerName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "bpmEnabled",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "notificationEmails",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "approvalProcess",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "roleDefinitionProcess",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "singleRole",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Application"
}Full JSON example
Visit SCIM Application examples page
Resource data model & schema
Role resource
/Role (addon version 1.2.0+)
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Role.html
Soffid allows you to add customized data to the Role object. You can do that on metadata option:
Query schema
It is allowed to consult all the Role definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.RoleResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Role",
"description": "Role object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "system",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "category",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "informationSystemName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "domain",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "bpmEnabled",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "approvalStart",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "approvalEnd",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Role"
}Full JSON example
Visit SCIM Role examples page
Resource data model & schema
Group type resource
/OUType
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/OUType.html
Query Schema
It is allowed to consult all the Group Type definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.OUTypeResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.OUType",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "OUType",
"description": "OUType object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "roleHolder",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.OUType"
}Full JSON example
Visit SCIM Group type examples page
Resource data model & schema
User type resource
/UserType
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/UserType.html
Query Schema
It is allowed to consult all the User Type definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserTypeResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserType",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "UserType",
"description": "UserType object",
"attributes": [
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "unmanaged",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
}
],
"id": "urn:soffid:com.soffid.iam.api.UserType"
}Full JSON example
Visit SCIM User type examples page
Resource data model & schema
GroupUser resource
/GroupUser
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/GroupUser.html
Soffid allows you to add customized data to the GroupUser object. You can do that on metadata option:
Query Schema
It is allowed to consult all the GroupUser definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupUserResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupUser",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "GroupUser",
"description": "GroupUser object",
"attributes": [
{
"subattributes": [
{
"uniqueness": "none",
"name": "startDate",
"description": "Start date (2)",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "comments",
"description": "Comments",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"uniqueness": "none",
"name": "attributes",
"description": "Custom attributes",
"mutability": "readWrite",
"type": "complex",
"returned": "default",
"multiValued": false
},
{
"uniqueness": "none",
"name": "user",
"description": "User",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "group",
"description": "Group",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
}
],
"id": "urn:soffid:com.soffid.iam.api.GroupUser"
}Full JSON example
Visit SCIM GroupUser examples page
Resource data model & schema
RoleAccount resource
/RoleAccount
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/RoleAccount.html
Query Schema
It is allowed to consult all the RoleAccount definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes/RoleAccountResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.RoleAccount",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "RoleAccount",
"description": "RoleAccount object",
"attributes": [
{
"uniqueness": "none",
"name": "accountId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "accountName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "accountSystem",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "roleName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "roleCategory",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "informationSystemName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "roleDescription",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "userFullName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "groupDescription",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "domainValue",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "system",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "userGroupCode",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "bpmEnforced",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "userCode",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ruleId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ruleDescription",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "sodRisk",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "sodRules",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "startDate",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "endDate",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "enabled",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "approvalPending",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "removalPending",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "holderGroup",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "approvalProcess",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "certificationDate",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "parentGrant",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "delegationStatus",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ownerAccount",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "delegateAccount",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "delegateSince",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "delegateUntil",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.RoleAccount"
}Full JSON example
Visit SCIM RoleAccount examples page
Resource data model & schema
Host resource
/Host
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Host.html
Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object.
Query Schema
It is allowed to consult all the Host definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.HostResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Host",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Host",
"description": "Host object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "networkCode",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dhcp",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ip",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "os",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "mail",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "office",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "mac",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "hostAlias",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "printersServer",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dynamicIp",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "serialNumber",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lastSeen",
"mutability": "readOnly",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Host"
}Full JSON example
Visit SCIM Host examples page
Resource data model & schema
MailList resource
/MailList
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/MailList.html
Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object.
Query Schema
It is allowed to consult all the MailList definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailListResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailList",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "MailList",
"description": "MailList object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "domainName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lists",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "externalList",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "roleMembers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "groupMembers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "usersList",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "listsBelong",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "explodedUsersList",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.MailList"
}Full JSON example
Visit SCIM MailList examples page.
Resource data model & schema
MailDomain resource
/MailDomain
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/MailDomain.html
Query Schema
It is allowed to consult all the MailDomain definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailDomainResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailDomain",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "MailDomain",
"description": "MailDomain object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "obsolete",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.MailDomain"
}Full JSON example
Visit SCIM MailDomain examples page.
Resource data model & schema
Network resource
/Network
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/Network.html
Query Schema
It is allowed to consult all the Network definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.NetworkResponse 200
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Network",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Network",
"description": "Network object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "ip",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "mask",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "lanAccess",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dhcp",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dhcpSupport",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "loginRestriction",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Network"
}Full JSON example
Visit SCIM Network examples page.
Resource data model & schema
DomainValue resource
/DomainValue
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/DomainValue.html
Query Schema
It is allowed to consult all the DomainValue definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.DomainValueResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.DomainValue",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "DomainValue",
"description": "DomainValue object",
"attributes": [
{
"uniqueness": "none",
"name": "value",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "domainName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "externalCodeDomain",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.DomainValue"
}Full JSON example
Visit SCIM DomainValue examples page.
Resource data model & schema
VaultFolder resource
/VaultFolder
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/VaultFolder.html
Query Schema
It is allowed to consult all the VaultFolder definitions using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.VaultFolderResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.VaultFolder",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "VaultFolder",
"description": "VaultFolder object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "personal",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "parentId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "parentFolder",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "grantedGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "grantedUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "grantedRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "managerGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "managerUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "managerRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ownerGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ownerUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "ownerRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "navigateGroups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "navigateUsers",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "navigateRoles",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "accessLevel",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.VaultFolder"
}Full JSON example
Visit SCIM VaultFolder examples page.
Resource data model & schema
System resource
/System
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/System.html
Query Schema
It is allowed to consult all the System definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.SystemResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.System",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "System",
"description": "System object",
"attributes": [
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "className",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "url",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "url2",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param0",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param1",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param2",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param3",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param4",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param5",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param6",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param7",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param8",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "param9",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "rolebased",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "trusted",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "userTypes",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "groups",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "groupsList",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "accessControl",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "passwordsDomainId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "passwordsDomain",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "usersDomain",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "readOnly",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "fullReconciliation",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "generateTasksOnLoad",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "databaseReplicaId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "authoritative",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "blobParam",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "timeStamp",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "authoritativeProcess",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "manualAccountCreation",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "sharedDispatcher",
"mutability": "readWrite",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "threads",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "timeout",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "longTimeout",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "tenant",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.System"
}Full JSON example
Visit SCIM System examples page.
Resource data model & schema
CustomObject resource
/CustomObject
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/api/CustomObject.html
Query Schema
It is allowed to consult all the CustomObject definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.CustomObjectResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.CustomObject",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "CustomObject",
"description": "CustomObject object",
"attributes": [
{
"uniqueness": "none",
"name": "id",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "type",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "attributes",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.CustomObject"
}Full JSON example
Visit SCIM CustomObject examples page.
Resource data model & schema
ProcessDefinition resource
/ProcessDefinition
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessDefinition.html
Query Schema
It is allowed to consult all the ProcessDefinition definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessDefinitionResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "ProcessDefinition",
"description": "ProcessDefinition object",
"attributes": [
{
"uniqueness": "none",
"name": "version",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "tag",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "server",
"name": "id",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "enabled",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "appliesTo",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "type",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "deployed",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "author",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
}Full JSON example
Visit SCIM ProcessDefinition examples page.
Resource data model & schema
ProcessInstance resource
/ProcessInstance
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessInstance.html
QUery Schema
It is allowed to consult all the ProcessInstance definitions using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessInstanceResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessInstance",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "ProcessInstance",
"description": "ProcessInstance object",
"attributes": [
{
"uniqueness": "server",
"name": "id",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "start",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "end",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "variables",
"mutability": "readWrite",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "currentTask",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "comments",
"mutability": "readWrite",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "processDefinition",
"mutability": "immutable",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dummyProcess",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "transition",
"mutability": "writeOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
}Full JSON example
Visit SCIM ProcessInstance examples page.
Resource data model & schema
TaskInstance resource
/TaskInstance
Dictionary table
The diagram service model of the object: https://download.soffid.com/doc/console/latest/uml/com/soffid/iam/bpm/api/TaskInstance.html
Query Schema
It is allowed to consult all the TaskInstance definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.TaskInstanceResponse 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.TaskInstance",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "TaskInstance",
"description": "TaskInstance object",
"attributes": [
{
"uniqueness": "server",
"name": "id",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "processName",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "server",
"name": "processId",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "processDefinition",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dummyTask",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "actorId",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "create",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "start",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "end",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "dueDate",
"mutability": "readOnly",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "priority",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "cancelled",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "open",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "signalling",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "blocking",
"mutability": "readOnly",
"type": "boolean",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "swimlane",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "pooledActors",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "variables",
"mutability": "readWrite",
"type": "complex",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "transitions",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "transition",
"mutability": "writeOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
}Full JSON example
Visit SCIM TaskInstance examples page.
Resource data model & schema
Issue resource
/Issue
Dictionary table
Query Schema
It is allowed to consult all the Issue definition using the Schema query:
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Issue
Response 200 OK
{
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Issue",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Issue",
"description": "Issue object",
"attributes": [
{
"uniqueness": "none",
"name": "number",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "created",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "type",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "description",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "times",
"mutability": "readOnly",
"type": "integer",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "status",
"canonicalValues": [
"N",
"A",
"S",
"D"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": true
},
{
"uniqueness": "none",
"name": "acknowledged",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "solved",
"mutability": "readWrite",
"type": "dateTime",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "failedLoginPct",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "humanConfidence",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "system",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "otpDevice",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "exception",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "risk",
"canonicalValues": [
"L",
"H",
"F",
"N"
],
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "roleAccount",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "rule",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "jobName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "country",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "account",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "actor",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "loginName",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "hosts",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "users",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": true,
"required": false
},
{
"uniqueness": "none",
"name": "performedActions",
"mutability": "readWrite",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
},
{
"uniqueness": "none",
"name": "requester",
"mutability": "readOnly",
"type": "string",
"caseExact": true,
"returned": "default",
"multiValued": false,
"required": false
}
],
"id": "urn:soffid:com.soffid.iam.api.Issue"
}Full JSON example
Visit SCIM Issue examples page
SCIM full examples
SCIM full examples
Previous steps
Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation
Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization
Please note that is recommended to use a REST client, please see our example in Testing tool # RESTer
Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request
SCIM full examples
SCIM User examples
Operations
This page shows the operations that can be performed for the user object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 64,
"startIndex": 1,
"Resources": [
{
"lastName": "Pig",
"profileServer": "null",
"createdByUser": "hrms",
"fullName": "Dad Pig",
"active": true,
"userName": "1",
"mailAlias": "",
"mailServer": "null",
"firstName": "Dad",
"createdDate": "2021-02-16 13:38:26",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477909",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'1'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'1'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'1'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-05-04 09:24:54",
"attributes": {},
"id": 1477909,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "World Original",
"primaryGroup": "world"
},
{
"lastName": "SUZY",
"profileServer": "null",
"createdByUser": "hrms",
"fullName": "Suzy SUZY",
"active": true,
"userName": "10",
"mailAlias": "",
"mailServer": "null",
"firstName": "Suzy",
"createdDate": "2021-02-16 13:38:27",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477931",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'10'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'10'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'10'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-05-05 14:11:37",
"attributes": {},
"id": 1477931,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "World Original",
"primaryGroup": "world"
},
{
"lastName": "Rabbit",
"profileServer": "null",
"createdByUser": "hrms",
"fullName": "Ricchard Rabbit",
"active": true,
"userName": "11",
"mailAlias": "",
"mailServer": "null",
"firstName": "Ricchard",
"createdDate": "2021-02-16 13:38:27",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477953",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'11'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'11'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'11'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-02-17 19:06:20",
"attributes": {},
"id": 1477953,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "World Original",
"primaryGroup": "world"
},
.......
]
}List by filter
List all users with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/User?filter=lastName co ada&sortOrder=descending&sortBy=userNameResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 13,
"startIndex": 1,
"Resources": [
{
"lastName": "ADAMS",
"comments": "Changed",
"profileServer": "null",
"createdByUser": "soffid.bubu.lab",
"fullName": "Wally ADAMS",
"active": true,
"userName": "wally",
"mailAlias": "",
"mailServer": "null",
"firstName": "Wally",
"createdDate": "2020-12-11 11:23:58",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1002599",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'wally'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'wally'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'wally'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-04-22 19:31:01",
"attributes": {
"RegisterServiceProvider": "anonymous",
"manager": "admin",
"PHONE": "2",
"EMAIL": "wally5@test.com",
},
"id": 1002599,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "Enterprise",
"primaryGroup": "enterprise"
},
{
"lastName": "ADAMS",
"comments": "Changed",
"profileServer": "null",
"createdByUser": "soffid.bubu.lab",
"fullName": "Tina ADAMS",
"active": true,
"userName": "tina",
"mailAlias": "",
"mailServer": "null",
"firstName": "Tina",
"createdDate": "2020-12-11 12:22:07",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1004678",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'tina'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'tina'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'tina'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-04-22 19:11:17",
"attributes": {
"RegisterServiceProvider": "anonymous",
"manager": "admin",
"PHONE": "1",
"EMAIL": "tina11@test.com",
},
"id": 1004678,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "Enterprise",
"primaryGroup": "enterprise"
},
{
"lastName": "ADAMS",
"comments": "Changed",
"profileServer": "null",
"createdByUser": "soffid.bubu.lab",
"fullName": "Teodoro ADAMS",
"active": true,
"userName": "ted",
"mailAlias": "",
"mailServer": "null",
"firstName": "Teodoro",
"createdDate": "2020-12-11 09:18:42",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1000190",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ted'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ted'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ted'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-02-04 15:44:42",
"attributes": {
"RegisterServiceProvider": "anonymous",
"manager": "admin",
"EMAIL": "test3@gmail.com",
},
"id": 1000190,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "Enterprise",
"primaryGroup": "enterprise"
},
.........
]
}Query by id
Query a user by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/User/1057751Response 200 OK
{
"lastName": "Smith",
"comments": "Changed",
"createdByUser": "soffid.bubu.lab",
"fullName": "John Smith",
"active": true,
"userName": "jsmith",
"mailAlias": "",
"firstName": "John",
"createdDate": "2020-12-14 17:52:14",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1057751",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'jsmith'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'jsmith'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'jsmith'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-05-07 12:32:41",
"attributes": {
"RegisterServiceProvider": "anonymous",
"manager": "admin",
"EMAIL": "jsmith@test.com",
"birthDate": "1970-05-26 00:00:00",
"ActivationKey": "HPhl61lBlJ9fgcDtWyug0O15"
},
"id": 1057751,
"userType": "I",
"primaryGroupDescription": "Help desk support team",
"primaryGroup": "it"
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/UserJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"userName": "ckelp",
"firstName": "Cas",
"lastName": "Kelp",
"userType": "I",
"primaryGroup": "world",
"homeServer": "null",
"mailServer": "null",
"profileServer": "null",
"active": true
}Response 201 Created
{
"lastName": "Kelp",
"profileServer": "null",
"createdByUser": "admin",
"fullName": "Cas Kelp",
"active": true,
"userName": "ckelp",
"mailAlias": "",
"mailServer": "null",
"firstName": "Cas",
"createdDate": "2021-05-11 09:06:49",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User/1976665",
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-05-11 09:06:49",
"attributes": {},
"id": 1976665,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "World Original",
"primaryGroup": "world"
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
If you want to add users to a group, please visit SCIM GroupUser examples page
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/User/1976665JSON
{
"Operations": [
{
"op": "replace",
"path": "lastName",
"value": "Casey"
},
{
"op": "replace",
"path": "middleName",
"value": "XX"
}
]
}Response 200 OK
{
"lastName": "Casey",
"profileServer": "null",
"createdByUser": "admin",
"fullName": "Casey Casey XX",
"active": true,
"userName": "ckelp",
"mailAlias": "",
"mailServer": "null",
"firstName": "Casey",
"createdDate": "2021-05-11 09:06:49",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User/1976665",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ckelp'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ckelp'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ckelp'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-05-11 09:33:35",
"middleName": "XX",
"attributes": {},
"id": 1976665,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "World Original",
"primaryGroup": "world"
}Password change
Password change request. Multiple domains can be specified adding new objects inside the first "value" key. In this example we update the password on a user so that the user doesn't have to change the password on the first logon ("passwordExpired" is false).
Request
PATCH https://<your-domain>/soffid/webservice/scim2/v1/User/568327Body (JSON)
{
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"Operations": [
{
"op": "replace",
"path": "password",
"value": [
{"domain": "DEFAULT",
"value": "NewPass1234",
"passwordExpired": false}
]
}
]
}Response 200 OK
{
"lastName": "Peaky",
"createdByUser": "admin",
"fullName": "Familiar Peaky Primer",
"active": true,
"userName": "familiar1",
"mailAlias": "",
"firstName": "Familiar",
"emailAddress": "familiar1@soffid.com",
"mailDomain": "soffid.com",
"createdDate": "2023-07-05 00:00:00",
"multiSession": false,
"meta": {
"location": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/User/568327",
"links": {
"roleAccounts": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'familiar1'+and+enabled+eq+true",
"groupUsers": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'familiar1'+and+disabled+eq+false",
"accounts": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'familiar1'",
"issues": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'familiar1'",
"effectiveGrants": "http://pr-as-am19-dev-soffid-console-ms-ns-as-am19-dev-back.apps.aroas.westeurope.aroapp.io/soffid/webservice/scim2/v1/User/568327/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "queries",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2024-05-15 09:46:28.714",
"middleName": "Primer",
"attributes": {
"gepipId": "645cb2ed99e63065c76b51de",
"RecoverKey": "unEVPLWQ2KLdocjmpGs2vO4uO6jL8m2VMChIypJCTUmMV867l1ZgEr5sAJBw5koJ0uOYOM3iCRC4568327",
"email": "familiar1@soffid.com"
},
"id": 568327,
"userType": "E",
"shortName": "familiar1",
"primaryGroupDescription": "World",
"primaryGroup": "world"
}Update all
This operation replaces all values in the user.
- Note that the attribute id is required to confirm that the resource "...User/<id>" is the same that the JSON user.
- Note that all the attributes not included in the request will be cleared in the user and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/User/1976590JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"id": 1976665,
"userName": "ckelp",
"firstName": "Casey",
"lastName": "Kelp",
"userType": "I",
"primaryGroup": "world",
"homeServer": "null",
"mailServer": "null",
"profileServer": "null",
"active": true
}Response 200 OK
{
"lastName": "Kelp",
"profileServer": "null",
"createdByUser": "admin",
"fullName": "Casey Kelp",
"active": true,
"userName": "ckelp",
"mailAlias": "",
"mailServer": "null",
"firstName": "Casey",
"createdDate": "2021-05-11 09:06:49",
"multiSession": false,
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1976665",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ckelp'+and+enabled+eq+true",
"groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ckelp'+and+disabled+eq+false",
"accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ckelp'"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2021-05-11 09:35:24",
"attributes": {},
"id": 1976665,
"userType": "I",
"homeServer": "null",
"primaryGroupDescription": "World Original",
"primaryGroup": "world"
}Delete
Please note after this delete, the user has to be created again to use it in the following examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/User/1976665Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Group examples
Operations
This page shows the operations that can be performed for the group object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 7,
"startIndex": 1,
"Resources": [
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "world",
"obsolete": false,
"description": "World Original",
"attributes": {},
"id": 83
},
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/87",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'enterprise'+or secondaryGroup.group.name+eq+'enterprise'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'enterprise'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "enterprise",
"obsolete": false,
"description": "Enterprise",
"parentGroup": "world",
"attributes": {},
"id": 87
},
......
]
}List by filter
List all groups with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Group?filter=name co worldResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "world",
"obsolete": false,
"description": "World Original",
"attributes": {},
"id": 83
},
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/485118",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world2'+or secondaryGroup.group.name+eq+'world2'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world2'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "world2",
"obsolete": false,
"description": "World Modified",
"attributes": {},
"id": 485118
}
]
}Query by id
Retrieve a group by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Group/83Response 200 OK
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "world",
"obsolete": false,
"description": "World Original",
"attributes": {},
"id": 83
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Group/JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "EngineeringTeam",
"description": "Enterprise engineering team",
"parentGroup": "world"
}Response 201 Created
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559",
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "EngineeringTeam",
"obsolete": false,
"description": "Enterprise engineering team",
"parentGroup": "world",
"attributes": {},
"id": 1976559
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
If you want to add users to a group, please visit SCIM GroupUser examples page
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Group/1976559JSON
{
"Operations": [
{
"op": "replace",
"path": "description",
"value": "Enterprise Engineering Group"
},
{
"op": "replace",
"path": "type",
"value": "CC"
}
]
}Response 200 OK
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'EngineeringTeam'+or secondaryGroup.group.name+eq+'EngineeringTeam'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'EngineeringTeam'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "EngineeringTeam",
"obsolete": false,
"description": "Enterprise Engineering Group",
"parentGroup": "world",
"attributes": {},
"id": 1976559,
"type": "CC"
}Update all
This operation replaces all values in the group.
- Note that the attribute id is required to confirm that the resource "...Group/<id>" is the same that the JSON group.
- Note that all the attributes not included in the request will be cleared in the group and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page.
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Group/1976559JSON
{
"schemas": ["urn:soffid:com.soffid.iam.api.Group"],
"id": 1976559,
"name": "EngineeringTeam",
"description": "Enterprise engineering team",
"parentGroup": "world"
}Response 200 OK
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559",
"links": {
"members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'EngineeringTeam'+or secondaryGroup.group.name+eq+'EngineeringTeam'",
"administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'EngineeringTeam'"
},
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "EngineeringTeam",
"obsolete": false,
"description": "Enterprise engineering team",
"parentGroup": "world",
"attributes": {},
"id": 1976559
}Delete
Please note that after this delete action, you will need to create again the group to use it in the next examples.
Request
DELETE http://<your-domain>/soffid/webservice/scim2/v1/Group/1976559Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Account examples
Operations
This page shows the operations that can be performed for the account object
List all
List all accounts, disabled or not.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/AccountResponse 200 OK
For example, after the Soffid installation, these are the available account.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"lastLogin": "2021-05-10 13:00:40",
"grantedRoles": [],
"description": "Soffid Administrator",
"type": "U",
"ownerGroups": [],
"oldName": "admin",
"loginName": "admin",
"inheritNewPermissions": false,
"disabled": false,
"id": 103,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2021-05-05 11:32:14",
"passwordExpiration": "2022-05-05 00:00:00",
"passwordPolicy": "I",
"accessLevel": "O",
"managerRoles": [],
"created": "2020-02-13 23:01:44",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://<your-domain>/webservice/scim2/v1/Account/103",
"links": {
"roleAccounts": "http://<your-domain>/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
"users": "http://<your-domain>/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admin",
"managerUsers": [],
"attributes": {},
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
]
}List by filter
List all accounts with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy prResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"lastLogin": "2021-05-10 13:05:15",
"grantedRoles": [],
"description": "Soffid Administrator",
"type": "U",
"ownerGroups": [],
"oldName": "admin2",
"loginName": "admin",
"inheritNewPermissions": false,
"disabled": false,
"id": 103,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2021-05-05 11:32:14",
"passwordExpiration": "2022-05-05 00:00:00",
"passwordPolicy": "I",
"accessLevel": "O",
"managerRoles": [],
"created": "2020-02-13 23:01:44",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/103",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admin",
"managerUsers": [],
"attributes": {},
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
},
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"created": "2021-03-04 22:37:21",
"description": "Soffid test account",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587766",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766"
},
"resourceType": "Account"
},
"loginName": "admintest",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admintest",
"inheritNewPermissions": false,
"managerUsers": [
"dilbert",
"dogbert"
],
"disabled": false,
"attributes": {},
"id": 1587766,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
},
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"created": "2021-03-04 22:44:06",
"description": "Soffid test account 2",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587776",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776"
},
"resourceType": "Account"
},
"loginName": "admintest2",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admintest2",
"inheritNewPermissions": false,
"managerUsers": [
"dilbert",
"dogbert"
],
"disabled": false,
"attributes": {},
"id": 1587776,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
]
}Query by id
Query an account by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account/1057754Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "-",
"managerRoles": [],
"created": "2020-12-14 17:52:14",
"description": "John Smith",
"type": "U",
"system": "idp",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1057754",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754"
},
"resourceType": "Account"
},
"loginName": "jsmith",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "jsmith",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1057754,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"jsmith"
],
"grantedUsers": []
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/AccountJSON
{
"schemas": ["urn:soffid:com.soffid.iam.api.Account"],
"name": "Guest",
"type": "I",
"system": "soffid",
"passwordPolicy": "I",
"description": "Guest user",
"inheritNewPermissions": false,
"disabled": false
}Response 201 Created
{
"passwordPolicy": "I",
"grantedRoles": [],
"managerRoles": [],
"description": "Guest user",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"ownerUsers": [],
"grantedUsers": []
}Update partial
Only attributes with changes will be updated, the others will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"Operations": [
{
"op": "replace",
"path": "description",
"value": "Guest User"
},
{
"op": "replace",
"path": "ownerUsers",
"value": [
"admin"
]
}
]
}Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "-",
"managerRoles": [],
"created": "2021-05-10 13:08:05",
"description": "Guest User",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
},
"resourceType": "Account"
},
"loginName": "Guest",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}Update partial (password update)
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455JSON
Option 1
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"Operations": [
{
"op": "replace",
"path": "password.value",
"value": "123123"
},
{
"op": "replace",
"path": "password.expired",
"value": false
}
]
}Option 2
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"Operations": [
{
"op": "replace",
"path": "password",
"value": {
"value" : "123123",
"expired" : false
}
}
]
}Response 200 OK
{
"lastLogin": "2023-06-29 14:30:29",
"grantedRoles": [],
"description": "Frankaaa Sinatra",
"type": "U",
"ownerGroups": [],
"loginName": "frank",
"inheritNewPermissions": false,
"disabled": false,
"id": 5366314,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2023-06-29 14:30:37",
"passwordExpiration": "2023-07-24 00:00:00",
"passwordPolicy": "I",
"accessLevel": "-",
"managerRoles": [],
"created": "2022-04-21 10:11:12",
"hasSnapshot": false,
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/5366314",
"links": {
"briefAudit": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/Audit?filter=searchIndex+eq+'ACC%235366314'",
"roleAccounts": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+5366314+and+enabled+eq+true",
"users": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+5366314+or+accounts.account.id+eq+5366314"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "frank",
"managerUsers": [],
"lastChange": "2023-06-05 15:05:16",
"attributes": {},
"status": "a",
"ownerUsers": [
"frank"
],
"grantedUsers": []
}Update all
This operation replaces all values in the account. For example, we will update the description.
- Note that the attribute id is required to confirm that the resource "...Account/<id>" is the same that the JSON account.
- Note that all the attributes not included in the request will be cleared in the account and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Account/1976454JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"id": 1976454,
"name": "Guest",
"type": "I",
"system": "soffid",
"passwordPolicy": "I",
"description": "Guest Guest",
"inheritNewPermissions": false,
"disabled": false
}Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"managerRoles": [],
"description": "Guest Guest",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [],
"grantedUsers": []
}Delete
Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Account/1976454Response 204 No Content
204 No ContentNote: use of roles with domain values
In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:
{
"grantedRoles": [],
"roles": [
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236442,
"roleDescription": "Business unit manager",
"domainValue": "D2"
},
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236447,
"roleDescription": "Business unit manager",
"domainValue": "enterprise"
}
],
"description": "faith - faith MUYOYO",
"type": {
"value": "U"
},
"lastUpdated": "2019-07-16T10:35:01+02:00",
"ownerGroups": [],
"inheritNewPermissions": false,
"disabled": false,
"id": 1727122,
"grantedGroups": [],
"managerGroups": [],
"passwordPolicy": "I",
"managerRoles": [],
"created": "2019-07-16T10:26:16+02:00",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122",
"resourceType": "Account"
},
"name": "faith",
"managerUsers": [],
"attributes": {},
"grantedUsers": [],
"ownerUsers": [
{
"lastName": "Smith",
"createdByUser": "csv",
"mailServer": "null",
"nationalID": "",
"multiSession": false,
"modifiedByUser": "admin",
"id": 1727113,
"homeServer": "null",
"primaryGroupDescription": "Entrprise",
"primaryGroup": "enterprise",
"comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
"profileServer": "null",
"active": true,
"fullName": "faith MUYOYO",
"userName": "faith",
"mailAlias": "",
"firstName": "faith",
"createdDate": "2019-07-16T10:26:16+02:00",
"phoneNumber": "",
"modifiedDate": "2019-12-12T17:06:42+01:00",
"userType": "I"
}
]
}Error response
For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Application examples
Operations
This page shows the operations that can be performed for the application object (Information Systems from a functional point of view)
List all
Request
GET http://<your-domain>/webservice/scim2/v1/ApplicationResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"parent": "Operation/Business 2",
"relativeName": "SOFFID",
"database": "",
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/41",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/SOFFID'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/SOFFID'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business 2/SOFFID",
"description": "SOFFID Identity Manager",
"singleRole": false,
"attributes": {},
"id": 41,
"type": "application"
},
{
"parent": "Operation/Business process",
"relativeName": "ad",
"database": "ad",
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/391459",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/ad'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/ad'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business process/ad",
"description": "Active Directory",
"singleRole": false,
"attributes": {},
"id": 391459,
"type": "application"
}
]
}List by filter
List all application with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Application?filter=description co SOFFIDResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"parent": "Operation/Business 2",
"relativeName": "SOFFID",
"database": "",
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/41",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/SOFFID'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/SOFFID'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business 2/SOFFID",
"description": "SOFFID Identity Manager",
"singleRole": false,
"attributes": {},
"id": 41,
"type": "application"
},
{
"parent": "Operation/Business 2",
"relativeName": "iam.soffid.com",
"database": "iam.soffid.com",
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1836136",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/iam.soffid.com'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/iam.soffid.com'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business 2/iam.soffid.com",
"description": "Discovered host iam.soffid.com",
"singleRole": false,
"attributes": {},
"id": 1836136,
"type": "application"
}
]
}Query by id
Retrieve an application by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Application/391459Response 200 OK
{
"parent": "Operation/Business process",
"relativeName": "ad",
"database": "ad",
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/391459",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/ad'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/ad'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business process/ad",
"description": "Active Directory",
"singleRole": false,
"attributes": {},
"id": 391459,
"type": "application"
}Create
To create an application (Information System).
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Application/JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"parent": "Operation/Business 2",
"relativeName": "appBilling",
"database": "",
"bpmEnabled": false,
"name": "Operation/Business 2/App Billing",
"description": "Billing application",
"singleRole": false,
"attributes": {},
"type": "application"
}Response 201 Created
{
"parent": "Operation/Business 2",
"relativeName": "App Billing",
"database": "",
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515",
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business 2/App Billing",
"description": "Billing application",
"singleRole": false,
"attributes": {},
"id": 1976515,
"type": "application"
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Application/1976515JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"Operations": [
{
"op": "replace",
"path": "parent",
"value": "Operation/Business process"
},
{
"op": "replace",
"path": "name",
"value": "Operation/Business process/App Billing"
},
{
"op": "replace",
"path": "database",
"value": "DDBBBilling"
}
]
}Response 200 OK
{
"parent": "Operation/Business process",
"relativeName": "App Billing",
"database": "DDBBBilling",
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/App Billing'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/App Billing'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business process/App Billing",
"description": "Billing application",
"singleRole": false,
"attributes": {},
"id": 1976515,
"type": "application"
}Update all
This operation replaces all values in the application.
- Note that the attribute id is required to confirm that the resource "...Application/<id>" is the same that the JSON user.
- Note that all the attributes not included in the request will be cleared in the application and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page.
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Application/1976515JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"id": 1976515,
"parent": "Operation/Business 2",
"relativeName": "appBilling",
"database": "",
"bpmEnabled": false,
"name": "Operation/Business 2/App Billing",
"description": "Billing application",
"singleRole": false,
"attributes": {},
"type": "application"
}Response 200 OK
{
"parent": "Operation/Business 2",
"relativeName": "App Billing",
"database": "",
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515",
"links": {
"children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/App Billing'",
"roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/App Billing'"
},
"resourceType": "Application"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Application"
],
"name": "Operation/Business 2/App Billing",
"description": "Billing application",
"singleRole": false,
"attributes": {},
"id": 1976515,
"type": "application"
}Delete
Please note that after this delete action, you will need to create again the application to use it in the next examples.
Request
DELETE http://<your-domain>/webservice/scim2/v1/Application/2236428Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Role examples
Operations
This page shows the operations that can be performed for the role object
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/RoleResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"approvalEnd": "2021-02-26 13:19:36",
"ownedRoles": [
{
"informationSystem": "Operation/Business process/ad",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 393195,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/1563461",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "AD role",
"hasDomain": false,
"id": 1563461,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "AD role",
"status": "A"
},
{
"informationSystem": "Operation/Business 2/SOFFID",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 393447,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501188",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "accounting_mgr",
"hasDomain": false,
"id": 501188,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "Accounting Manager",
"status": "A"
},
{
"informationSystem": "Operation/Business process/ad",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 391535,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/503759",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "g100",
"hasDomain": false,
"id": 503759,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "Desarrollo Circuito",
"status": "A"
},
{
"informationSystem": "Operation/Business process/ad",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 391480,
"mandatory": false,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501481",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "Group Policy Creator Owners",
"hasDomain": false,
"id": 501481,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "Members in this group can modify group policy for the domain",
"status": "A"
}
],
"description": "SOFFID Administrator",
"granteeGroups": [
{
"system": "soffid",
"informationSystem": "Operation/Business 2/SOFFID",
"roleId": 63,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/503848",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "SOFFID_ADMIN",
"ownerGroup": "admingroup",
"hasDomain": false,
"id": 503848,
"roleDescription": "SOFFID Administrator",
"mandatory": true,
"enabled": true
}
],
"informationSystemName": "Operation/Business 2/SOFFID",
"password": false,
"system": "soffid",
"ownerGroups": [
{
"organizational": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/91",
"resourceType": "Group"
},
"quota": "0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Group"
],
"name": "admingroup",
"obsolete": false,
"description": "Enterprise Administrators Group",
"parentGroup": "enterprise",
"attributes": {},
"id": 91
}
],
"ownerRoles": [
{
"informationSystem": "Operation/Business 2/SOFFID",
"ownerRole": 392727,
"ownerRoleDescription": "Business Services",
"roleId": 63,
"mandatory": true,
"enabled": true,
"ownerSystem": "ad",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501606",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "SOFFID_ADMIN",
"hasDomain": false,
"id": 501606,
"ownerRoleName": "share-15000",
"roleDescription": "SOFFID Administrator",
"status": "A"
}
],
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/63",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "SOFFID_ADMIN",
"approvalStart": "2021-02-26 13:19:36",
"attributes": {},
"id": 63,
"enableByDefault": true
},
{
"ownedRoles": [],
"description": "Soffid vault owner",
"granteeGroups": [],
"informationSystemName": "Operation/Business 2/SOFFID",
"password": false,
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/790961",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "SOFFID_OWNER",
"attributes": {},
"id": 790961,
"enableByDefault": false
},
.............
]
}List by filter
List all roles with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role?filter=ownerRoles.name eq SOFFID_ADMINResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"ownedRoles": [],
"description": "Accounting Manager",
"granteeGroups": [],
"informationSystemName": "Operation/Business 2/SOFFID",
"password": false,
"system": "ad",
"ownerGroups": [],
"ownerRoles": [
{
"informationSystem": "Operation/Business 2/SOFFID",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 393447,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501188",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "accounting_mgr",
"hasDomain": false,
"id": 501188,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "Accounting Manager",
"status": "A"
}
],
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/393447",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "accounting_mgr",
"attributes": {},
"id": 393447,
"enableByDefault": false
},
{
"ownedRoles": [],
"description": "Members in this group can modify group policy for the domain",
"granteeGroups": [],
"informationSystemName": "Operation/Business process/ad",
"password": false,
"system": "ad",
"ownerGroups": [],
"ownerRoles": [
{
"informationSystem": "Operation/Business process/ad",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 391480,
"mandatory": false,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501481",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "Group Policy Creator Owners",
"hasDomain": false,
"id": 501481,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "Members in this group can modify group policy for the domain",
"status": "A"
}
],
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/391480",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "Group Policy Creator Owners",
"attributes": {},
"id": 391480,
"enableByDefault": false
},
.............
]
}Query by id
Query a role by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role/393195Response 200 OK
{
"approvalEnd": "2021-02-04 15:39:05",
"ownedRoles": [],
"description": "AD role",
"granteeGroups": [],
"informationSystemName": "Operation/Business process/ad",
"password": false,
"system": "ad",
"ownerGroups": [],
"ownerRoles": [
{
"informationSystem": "Operation/Business process/ad",
"ownerRole": 63,
"ownerRoleDescription": "SOFFID Administrator",
"roleId": 393195,
"mandatory": true,
"enabled": true,
"ownerSystem": "soffid",
"system": "ad",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/1563461",
"resourceType": "RoleGrant"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleGrant"
],
"roleName": "AD role",
"hasDomain": false,
"id": 1563461,
"ownerRoleName": "SOFFID_ADMIN",
"roleDescription": "AD role",
"status": "A"
}
],
"bpmEnabled": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/393195",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "AD role",
"approvalStart": "2021-02-04 15:39:05",
"attributes": {},
"id": 393195,
"enableByDefault": false
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/RoleJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing Role",
"description": "Role Admin for Billing application",
"informationSystemName": "Operation/Business 2/App Billing",
"system": "test",
"password": false,
"bpmEnabled": false,
"enableByDefault": false,
"granteeGroups": [],
"ownedRoles": [],
"ownerGroups": [],
"ownerRoles": []
}Response 201 Created
{
"ownedRoles": [],
"description": "Role Admin for Billing application",
"granteeGroups": [],
"informationSystemName": "Operation/Business 2/App Billing",
"password": false,
"system": "test",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing Role",
"attributes": {},
"id": 1976590,
"enableByDefault": false
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"Operations": [
{
"op": "replace",
"path": "system",
"value": "soffid"
}
]
}Response 200 OK
{
"ownedRoles": [],
"description": "Role Admin for Billing application",
"granteeGroups": [],
"informationSystemName": "Operation/Business 2/App Billing",
"password": false,
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing Role",
"attributes": {},
"id": 1976590,
"enableByDefault": false
}Update all
This operation replaces all values in the role.
- Note that the attribute id is required to confirm that the resource "...Role/<id>" is the same that the JSON role.
- Note that all the attributes not included in the request will be cleared in the role and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"id": 1976590,
"name": "App Billing",
"description": "Role Admin for Billing application",
"informationSystemName": "Operation/Business 2/App Billing",
"system": "test",
"password": false,
"bpmEnabled": false,
"enableByDefault": false,
"granteeGroups": [],
"ownedRoles": [],
"ownerGroups": [],
"ownerRoles": []
}Response 200 OK
{
"ownedRoles": [],
"description": "Role Admin for Billing application",
"granteeGroups": [],
"informationSystemName": "Operation/Business 2/App Billing",
"password": false,
"system": "test",
"ownerGroups": [],
"ownerRoles": [],
"bpmEnabled": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590",
"resourceType": "Role"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing",
"attributes": {},
"id": 1976590,
"enableByDefault": false
}Delete
Please note after this delete, the role has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Role/1976590Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
Notes
Note: use of roles with domain values
In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:
{
"grantedRoles": [],
"roles": [
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236442,
"roleDescription": "Business unit manager",
"domainValue": "D2"
},
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236447,
"roleDescription": "Business unit manager",
"domainValue": "enterprise"
}
],
"description": "faith - faith MUYOYO",
"type": {
"value": "U"
},
"lastUpdated": "2019-07-16T10:35:01+02:00",
"ownerGroups": [],
"inheritNewPermissions": false,
"disabled": false,
"id": 1727122,
"grantedGroups": [],
"managerGroups": [],
"passwordPolicy": "I",
"managerRoles": [],
"created": "2019-07-16T10:26:16+02:00",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122",
"resourceType": "Account"
},
"name": "faith",
"managerUsers": [],
"attributes": {},
"grantedUsers": [],
"ownerUsers": [
{
"lastName": "Smith",
"createdByUser": "csv",
"mailServer": "null",
"nationalID": "",
"multiSession": false,
"modifiedByUser": "admin",
"id": 1727113,
"homeServer": "null",
"primaryGroupDescription": "Entrprise",
"primaryGroup": "enterprise",
"comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
"profileServer": "null",
"active": true,
"fullName": "faith MUYOYO",
"userName": "faith",
"mailAlias": "",
"firstName": "faith",
"createdDate": "2019-07-16T10:26:16+02:00",
"phoneNumber": "",
"modifiedDate": "2019-12-12T17:06:42+01:00",
"userType": "I"
}
]
}Notes about role domains
By default, roles have no security domain (sometimes referred to as scope). When a security domain is assigned to a role, each account-role object is tagged with the proper security domain value. It is allowed to assign one role multiple times to the same user, as long as each assignment is tagged with a different security domain value. For instance, one can create the SOFFID_OU_MANAGER role bound to the GROUPS security domain. Then, you can assign the role SOFFID_OU_MANAGER/Group1 to any user.
Four kind of security domains are available:
- SENSE_DOMAIN: No security domain applies
- GROUP: A business unit is bound to each grant of this role
- APLICATION: A information sysstem is bound to each grant of this role
- Custom domain: Each application can have its own security domains with arbitrary meanings.
To set or modify the role domain for a role, one can use the "domain" attribute. This attribute is a complex object composed of a name and a description. Only the name is mandatory.
Notes about role inheritance
Role inheritance is driven by the ownedRoles, ownerRoles and ownedGroups. Each of these attributes is an array of grants. Each grant has the following attributes:
- ownerRole: id of owner role.
- ownerSystem: name of owner role's system.
- ownerRoleName: name of owner role's name.
- ownerRolDomainValue: security domain of the owner role. If a user is granted with the owner role, and the ownerRolDomainValue does not match the grant domain, the inheritance rule does not apply.
- roleId: id of owned role.
- system: name of owned role's system
- roleName: name of owned role's name
- domainValue: security domain of the owned role.
The role inheritance can vary slightly depending on whether the owned role and the owner role are in the same domain or not:
|
Resulting domain value
|
Owner role has no domain
|
Owner role has a different domain
|
Same domain
|
|---|---|---|---|
| Domain value not specified | Blank | Blank | Owner role domain value |
| Domain value specified | Specified value | Specified value | Specified value |
SCIM full examples
SCIM Group type examples
Operations
This page shows the operations that can be performed for the Group Type object
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OUTypeResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"roleHolder": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761",
"resourceType": "OUType"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "CC",
"description": "Cost Center",
"id": 504761
},
{
"roleHolder": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504762",
"resourceType": "OUType"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "PC",
"description": "Productive center",
"id": 504762
}
]
}List by filter
List all group types with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OUType?filter=description co CostResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"roleHolder": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761",
"resourceType": "OUType"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "CC",
"description": "Cost Center",
"id": 504761
}
]
}Query by id
Query a group type by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OUType/504761Response 200 OK
{
"roleHolder": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761",
"resourceType": "OUType"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "CC",
"description": "Cost Center",
"id": 504761
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/OUTypeJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Role"
],
"name": "App Billing Role",
"description": "Role Admin for Billing application",
"informationSystemName": "Operation/Business 2/App Billing",
"system": "test",
"password": false,
"bpmEnabled": false,
"enableByDefault": false,
"granteeGroups": [],
"ownedRoles": [],
"ownerGroups": [],
"ownerRoles": []
}Response 201 Created
{
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "NewOU",
"description": "New OU"
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OUType/1976710JSON
{
"Operations": [
{
"op": "replace",
"path": "name",
"value": "OU"
}
]
}Response 200 OK
{
"roleHolder": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/1976710",
"resourceType": "OUType"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "OU",
"description": "New OU",
"id": 1976710
}Update all
This operation replaces all values in the group type.
- Note that the attribute id is required to confirm that the resource "...OUType/<id>" is the same that the JSON group type.
- Note that all the attributes not included in the request will be cleared in the group type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"id": 1976710,
"name": "ChangeOU"
}Response 200 OK
{
"roleHolder": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/1976710",
"resourceType": "OUType"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"name": "ChangeOU",
"id": 1976710
}Delete
Please note after this delete, the group type has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/OUType/1976710Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM User type examples
Operations
This page shows the operations that can be performed for the user type object
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserTypeResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/29",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "S",
"description": "SSO account (USE IT)",
"id": 29
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/31",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "E",
"description": "External user",
"id": 31
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/33",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "I",
"description": "Internal user",
"id": 33
}
]
}List by filter
List all user types with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserType?filter=description co ssoResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/29",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "S",
"description": "SSO account (USE IT)",
"id": 29
}
]
}Query by id
Query a user type by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserType/33Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/33",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "I",
"description": "Internal user",
"id": 33
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/UserTypeJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "O",
"description": "Other user",
"unmanaged": false
}Response 201 Created
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "O",
"description": "Other user",
"id": 1976718
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/UserType/1976718JSON
{
"Operations": [
{
"op": "replace",
"path": "name",
"value": "OT"
}
]
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "OT",
"description": "Other user",
"id": 1976718
}Update all
This operation replaces all values in the roole.
- Note that the attribute id is required to confirm that the resource "...UserType/<id>" is the same that the JSON user type.
- Note that all the attributes not included in the request will be cleared in the user type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/UserType/1976718JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.OUType"
],
"id": 1975535,
"name": "OY"
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718",
"resourceType": "UserType"
},
"unmanaged": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.UserType"
],
"name": "OY",
"id": 1976718
}Delete
Please note after this delete, the user type has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/UserType/1976718Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM GroupUser examples
Operations
This page shows the operations that can be performed for the object that establishes the relationship between groups and users. You can add, delete and or modify users in a group.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupUserResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 25,
"startIndex": 1,
"Resources": [
{
"groupDescription": "Enterprise",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/480412",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2020-07-02 12:14:48",
"fullName": "test User",
"disabled": false,
"attributes": {},
"id": 480412,
"user": "test2",
"primaryGroup": false,
"group": "enterprise"
},
{
"groupDescription": "World Modified",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/503629",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2020-08-06 15:52:12",
"fullName": "test User",
"end": "2021-02-26 13:05:44",
"disabled": true,
"attributes": {},
"id": 503629,
"user": "test2",
"primaryGroup": false,
"group": "world2"
},
{
"groupDescription": "Enterprise Administrators Group",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1182887",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2020-12-31 16:48:58",
"fullName": "John Smith",
"disabled": false,
"attributes": {
"comments": "This is a test",
"startDate": "2021-01-01 00:00:00"
},
"id": 1182887,
"user": "jsmith",
"primaryGroup": false,
"group": "admingroup"
},
...........
]
}List by filter
List all GroupUsers with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupUser?filter=groupDescription eq "Help desk support team"Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 15,
"startIndex": 1,
"Resources": [
{
"groupDescription": "Help desk support team",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1519688",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2021-02-20 17:59:15",
"fullName": "Dilbert ADAMS .",
"end": "2021-03-12 10:38:42",
"disabled": true,
"attributes": {
"comments": "Comments",
"startDate": "2021-02-20 00:00:00"
},
"id": 1519688,
"user": "dilbert",
"primaryGroup": false,
"group": "it"
},
{
"groupDescription": "Help desk support team",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1974296",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2021-05-05 12:49:51",
"fullName": "John Smith",
"disabled": false,
"attributes": {
"startDate": "2021-05-04 00:00:00"
},
"id": 1974296,
"user": "jsmith",
"primaryGroup": false,
"group": "it"
},
...............
]
}Query by id
Query a GroupUser by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1974296Response 200 OK
{
"groupDescription": "Help desk support team",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1974296",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2021-05-05 12:49:51",
"fullName": "John Smith",
"disabled": false,
"attributes": {
"startDate": "2021-05-04 00:00:00"
},
"id": 1974296,
"user": "jsmith",
"primaryGroup": false,
"group": "it"
}Create
This option allows you to add a user to a specific group.
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/GroupUserJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"group": "it",
"groupDescription": "Help desk support team",
"user": "ckelp",
"fullName": "Casey Kelp",
"primaryGroup": true,
"attributes": {}
}Response 201 Created
{
"groupDescription": "Help desk support team",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2021-05-11 10:39:23",
"fullName": "Casey Kelp",
"disabled": false,
"attributes": {},
"id": 1976741,
"user": "ckelp",
"primaryGroup": true,
"group": "it"
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741JSON
{
"Operations": [
{
"op": "replace",
"path": "groupDescription",
"value": "Enterprise engineering team"
},
{
"op": "replace",
"path": "group",
"value": "EngineeringTeam"
}
]
}Response 200 OK
{
"groupDescription": "Enterprise engineering team",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"start": "2021-05-11 10:39:23",
"fullName": "Casey Kelp",
"disabled": false,
"attributes": {},
"id": 1976741,
"user": "ckelp",
"primaryGroup": true,
"group": "EngineeringTeam"
}Update all
This operation replaces all values in the GroupUser.
- Note that the attribute id is required to confirm that the resource "...GroupUser/<id>" is the same that the JSON GroupUser.
- Note that all the attributes not included in the request will be cleared in the GroupUser type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"id": 1976741,
"group": "it",
"groupDescription": "Help desk support team",
"user": "ckelp",
"fullName": "Casey Kelp",
"primaryGroup": true,
"attributes": {}
}Response 200 OK
{
"groupDescription": "Help desk support team",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741",
"resourceType": "GroupUser"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"fullName": "Casey Kelp",
"disabled": false,
"attributes": {},
"id": 1976741,
"user": "ckelp",
"primaryGroup": true,
"group": "it"
}Delete
This option allows you to remove a user from a specific group.
Please note after this delete, the group user has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/GroupUser/1976741Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM RoleAccount examples
Operations
This page shows the operations that can be performed for the object that establishes the relationship between roles and accounts. You can assign, revoke and or modify roles to an account.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/RoleAccountResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3530,
"startIndex": 1,
"itemsPerPage": 100,
"Resources": [
{
"certificationDate": "2020-02-13 23:01:44",
"accountSystem": "soffid",
"accountName": "admin",
"userGroupCode": "admingroup",
"approvalPending": false,
"userFullName": "Soffid Administrator",
"bpmEnforced": "S",
"userCode": "admin",
"enabled": true,
"accountId": 103,
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110",
"resourceType": "RoleAccount"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"roleName": "SOFFID_ADMIN",
"removalPending": false,
"id": 110,
"roleDescription": "SOFFID Administrator",
"startDate": "2020-02-13 12:00:00"
},
{
"certificationDate": "2020-12-15 10:48:44",
"accountSystem": "soffid",
"accountName": "admin",
"userGroupCode": "admingroup",
"approvalPending": false,
"userFullName": "Soffid Administrator",
"bpmEnforced": "N",
"userCode": "admin",
"ruleDescription": "Grants soffid user role to everyone",
"enabled": true,
"accountId": 103,
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1059370",
"resourceType": "RoleAccount"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"roleName": "SOFFID_USER",
"removalPending": false,
"id": 1059370,
"ruleId": 1059365,
"roleDescription": "Soffid user",
"startDate": "2020-12-15 00:00:00"
},
................
]
}List by filter
List all RoleAccounts with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/soffid/webservice/scim2/v1/RoleAccount?filter=enabled eq true and system eq soffidResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 67,
"startIndex": 1,
"Resources": [
{
"certificationDate": "2020-02-13 23:01:44",
"accountSystem": "soffid",
"accountName": "admin",
"userGroupCode": "admingroup",
"approvalPending": false,
"userFullName": "Soffid Administrator",
"bpmEnforced": "S",
"userCode": "admin",
"enabled": true,
"accountId": 103,
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110",
"resourceType": "RoleAccount"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"roleName": "SOFFID_ADMIN",
"removalPending": false,
"id": 110,
"roleDescription": "SOFFID Administrator",
"startDate": "2020-02-13 12:00:00"
},
{
"certificationDate": "2020-12-13 19:30:51",
"accountSystem": "soffid",
"accountName": "gbuades",
"userGroupCode": "enterprise",
"approvalPending": false,
"userFullName": "Gabriel Buades ..",
"bpmEnforced": "S",
"userCode": "gbuades",
"enabled": true,
"accountId": 1039860,
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1039866",
"resourceType": "RoleAccount"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"roleName": "SOFFID_ADMIN",
"removalPending": false,
"id": 1039866,
"roleDescription": "SOFFID Administrator",
"startDate": "2020-12-13 12:00:00"
},
...................
]
}Query by id
Query a RoleAccount by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/RoleAccount/110Response 200 OK
{
"certificationDate": "2020-02-13 23:01:44",
"accountSystem": "soffid",
"accountName": "admin",
"userGroupCode": "admingroup",
"approvalPending": false,
"userFullName": "Soffid Administrator",
"bpmEnforced": "S",
"userCode": "admin",
"enabled": true,
"accountId": 103,
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110",
"resourceType": "RoleAccount"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"roleName": "SOFFID_ADMIN",
"removalPending": false,
"id": 110,
"roleDescription": "SOFFID Administrator",
"startDate": "2020-02-13 12:00:00"
}Create
This option allows you to assign a role to a specific account.
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/RoleAccountJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"accountName": "ckelp",
"userFullName": "Casey Kelp",
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"roleName": "SOFFID_ADMIN",
"roleDescription": "SOFFID Administrator",
"bpmEnforced": "N",
"enabled": true,
"approvalPending": false,
"certificationDate": "2021-05-10 12:00:00",
"startDate": "2021-05-10 12:00:00"
}Response 201 Created
{
"certificationDate": "2021-05-12 07:20:36",
"accountSystem": "soffid",
"accountName": "ckelp",
"userGroupCode": "it",
"approvalPending": false,
"userFullName": "Casey Kelp",
"bpmEnforced": "S",
"userCode": "ckelp",
"enabled": true,
"accountId": 1976677,
"informationSystemName": "Operation/Business 2/SOFFID",
"system": "soffid",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1976862",
"resourceType": "RoleAccount"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.RoleAccount"
],
"roleName": "SOFFID_ADMIN",
"removalPending": false,
"id": 1976862,
"roleDescription": "SOFFID Administrator",
"startDate": "2021-05-10 12:00:00"
}Delete
This option allows you to revoke a role to a specific account.
If you have installed the User snapshot backup addon when you delete a RoleAccount, it will be disabled, but never deleted from the database. If you don not have installed the User snapshot backup addon, when you delete the RoleAccount, it will be deleted from the database.
Please note after this delete, the RoleAccount has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/RoleAccount/1976862Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Host examples
Operations
This page shows the operations that can be performed for the host object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/HostResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 12,
"startIndex": 1,
"Resources": [
{
"serialNumber": "soffid.bubu.lab:192.168.133.1",
"os": "ALT",
"mail": false,
"ip": "192.168.133.1",
"dynamicIp": true,
"description": "Autocreated on 12/13/20 6:49:34 PM",
"office": false,
"lastSeen": "2020-12-13 18:49:34",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1039055",
"resourceType": "Host"
},
"networkCode": "internal",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "soffid.bubu.lab",
"id": 1039055,
"hostAlias": [],
"printersServer": false
},
{
"os": "ALT",
"mail": false,
"ip": "10.129.120.4",
"dynamicIp": false,
"description": "Discovered host iam.soffid.com",
"office": false,
"lastSeen": "2021-04-05 20:06:19",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793093",
"resourceType": "Host"
},
"networkCode": "lab1",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "iam.soffid.com",
"id": 1793093,
"hostAlias": [],
"printersServer": false
},
........
]
}List by filter
List all Hosts with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Host?filter=os eq LIN and name co archivaResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"os": "LIN",
"mail": false,
"ip": "10.129.120.2",
"dynamicIp": false,
"description": "Discovered host archiva.dev.lab",
"office": false,
"lastSeen": "2021-04-05 20:04:49",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793026",
"resourceType": "Host"
},
"networkCode": "lab1",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "archiva.dev.lab",
"id": 1793026,
"hostAlias": [],
"printersServer": false
}
]
}Query by id
Query a Host by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Host/1793093Response 200 OK
{
"os": "ALT",
"mail": false,
"ip": "10.129.120.4",
"dynamicIp": false,
"description": "Discovered host iam.soffid.com",
"office": false,
"lastSeen": "2021-04-05 20:06:19",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793093",
"resourceType": "Host"
},
"networkCode": "lab1",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "iam.soffid.com",
"id": 1793093,
"hostAlias": [],
"printersServer": false
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/HostJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "billing.dev.lab",
"description": "Host billing.dev.lab",
"os": "LIN",
"mail": false,
"dynamicIp": false,
"networkCode": "internal",
"hostAlias": [
"aliasHost_1",
"aliasHost_2"
],
"serialNumber": "123456789",
"printersServer": false
}Response 201 Created
{
"serialNumber": "123456789",
"os": "LIN",
"mail": false,
"dynamicIp": false,
"description": "Host billing.dev.lab",
"office": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899",
"resourceType": "Host"
},
"networkCode": "internal",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "billing.dev.lab",
"id": 1976899,
"hostAlias": [
"aliasHost_1",
"aliasHost_2"
],
"printersServer": false
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Host/1976899JSON
{
"Operations": [
{
"op": "replace",
"path": "networkCode",
"value": "Lab1"
},
{
"op": "add",
"path": "hostAlias",
"value": [
"aliasHost_3",
"aliasHost_4"
]
}
]
}Response 200 OK
{
"serialNumber": "123456789",
"os": "LIN",
"mail": false,
"dynamicIp": false,
"description": "Host billing.dev.lab",
"office": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899",
"resourceType": "Host"
},
"networkCode": "Lab1",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "billing.dev.lab",
"id": 1976899,
"hostAlias": [
"aliasHost_1",
"aliasHost_2",
"aliasHost_3",
"aliasHost_4"
],
"printersServer": false
}Update all
This operation replaces all values in the Hosts.
- Note that the attribute id is required to confirm that the resource "...Host/<id>" is the same that the JSON Host.
- Note that all the attributes not included in the request will be cleared in the Host type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Host/1976899JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"id": 1976899,
"name": "billing.dev.lab",
"description": "Host billing.dev.lab",
"os": "LIN",
"mail": false,
"dynamicIp": false,
"networkCode": "internal",
"printersServer": false
}Response 200 OK
{
"os": "LIN",
"mail": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899",
"resourceType": "Host"
},
"networkCode": "internal",
"schemas": [
"urn:soffid:com.soffid.iam.api.Host"
],
"name": "billing.dev.lab",
"dynamicIp": false,
"description": "Host billing.dev.lab",
"id": 1976899,
"hostAlias": [],
"printersServer": false
}Delete
Please note after this delete, the host has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Host/1976899Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM MailDomain examples
Operations
This page shows the operations that can be performed for the MailDomain object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailDomainResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523263",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "soffid.com",
"obsolete": false,
"description": "Soffid",
"id": 523263
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523265",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "soffid.org",
"obsolete": false,
"description": "Old Domain",
"id": 523265
}
]
}List by filter
List all Mail domain with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailDomain?filter=obsolete eq false and description co oldResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523265",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "soffid.org",
"obsolete": false,
"description": "Old Domain",
"id": 523265
}
]
}Query by id
Query a Mail Domain by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailDomain/523263Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523263",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "soffid.com",
"obsolete": false,
"description": "Soffid",
"id": 523263
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/MailDomainJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "newdomain.com",
"obsolete": false,
"description": "New Domain"
}Response 201 Created
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "newdomain.com",
"obsolete": false,
"description": "New Domain",
"id": 1976941
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/MailDomain/1976941JSON
{
"Operations": [
{
"op": "replace",
"path": "description",
"value": "New domain (xxx)"
},
{
"op": "replace",
"path": "obsolete",
"value": "true"
}
]
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "newdomain.com",
"obsolete": true,
"description": "New domain (xxx)",
"id": 1976941
}Update all
This operation replaces all values in the Mail Domain.
- Note that the attribute id is required to confirm that the resource "...MailDomain/<id>" is the same that the JSON MailDomain.
- Note that all the attributes not included in the request will be cleared in the MailDomain type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/MailDomain/1976941JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"id": 1976941,
"name": "newdomain.com",
"obsolete": false,
"description": "New Domain"
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941",
"resourceType": "MailDomain"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.MailDomain"
],
"name": "newdomain.com",
"obsolete": false,
"description": "New Domain",
"id": 1976941
}Delete
Please note after this delete, the mail domain has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/MailDomain/1976941Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM MailList examples
Operations
This page shows the operations that can be performed for the MailList object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailListResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"groupMembers": [],
"usersList": [
"admin",
"test2"
],
"description": "Test email",
"externalList": [],
"explodedUsersList": [
"test2",
"admin"
],
"roleMembers": [],
"lists": [
"test@soffid.com"
],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071",
"resourceType": "MailList"
},
"domainName": "soffid.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "test",
"attributes": {},
"id": 524071,
"listsBelong": "test@soffid.com"
},
{
"groupMembers": [],
"usersList": [],
"externalList": [],
"explodedUsersList": [],
"roleMembers": [],
"lists": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976100",
"resourceType": "MailList"
},
"domainName": "soffid.org",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "mailList",
"attributes": {},
"id": 1976100,
"listsBelong": ""
},
......
]
}List by filter
List all MailList with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailList?filter=description co testResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"groupMembers": [],
"usersList": [
"admin",
"test2"
],
"description": "Test email",
"externalList": [],
"explodedUsersList": [
"test2",
"admin"
],
"roleMembers": [],
"lists": [
"test@soffid.com"
],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071",
"resourceType": "MailList"
},
"domainName": "soffid.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "test",
"attributes": {},
"id": 524071,
"listsBelong": "test@soffid.com"
},
{
"groupMembers": [],
"usersList": [
"dilbert",
"admin"
],
"description": "Test email mailList",
"externalList": [],
"explodedUsersList": [
"dilbert",
"admin"
],
"roleMembers": [],
"lists": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976181",
"resourceType": "MailList"
},
"domainName": "soffid.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "mailList2",
"attributes": {},
"id": 1976181,
"listsBelong": ""
}
]
}Query by id
Query a MailList by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailList/524071Response 200 OK
{
"groupMembers": [],
"usersList": [
"admin",
"test2"
],
"description": "Test email",
"externalList": [],
"explodedUsersList": [
"test2",
"admin"
],
"roleMembers": [],
"lists": [
"test@soffid.com"
],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071",
"resourceType": "MailList"
},
"domainName": "soffid.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "test",
"attributes": {},
"id": 524071,
"listsBelong": "test@soffid.com"
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/MailListJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "billingMailList",
"domainName": "newdomain.com",
"description": "Test email mailList",
"usersList": [
"admin",
"dilbert"
]
}Response 201 Created
{
"groupMembers": [],
"usersList": [
"dilbert",
"admin"
],
"description": "Test email mailList",
"externalList": [],
"explodedUsersList": [
"dilbert",
"admin"
],
"roleMembers": [],
"lists": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957",
"resourceType": "MailList"
},
"domainName": "newdomain.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "billingMailList",
"attributes": {},
"id": 1976957,
"listsBelong": ""
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741JSON
{
"Operations": [
{
"op": "remove",
"path": "usersList",
"value": [
"admin",
"dilbert"
]
}
]
}Response 200 OK
{
"groupMembers": [],
"description": "Test email mailList",
"externalList": [],
"explodedUsersList": [
"dilbert",
"admin"
],
"roleMembers": [],
"lists": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957",
"resourceType": "MailList"
},
"domainName": "newdomain.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "billingMailList",
"attributes": {},
"id": 1976957,
"listsBelong": ""
}Update all
This operation replaces all values in the MailList.
- Note that the attribute id is required to confirm that the resource "...MailList/<id>" is the same that the JSON MailList.
- Note that all the attributes not included in the request will be cleared in the MailList type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/MailList/1976957JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"id": 1976957,
"name": "mailList",
"domainName": "newdomain.com"
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957",
"resourceType": "MailList"
},
"domainName": "newdomain.com",
"schemas": [
"urn:soffid:com.soffid.iam.api.MailList"
],
"name": "mailList",
"attributes": {},
"id": 1976957
}Delete
Please note after this delete, the mail list has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/MailList/1976957Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Network examples
Operations
This page shows the operations that can be performed for the Network object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/NetworkResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 6,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/67",
"resourceType": "Network"
},
"ip": "127.0.0.0",
"lanAccess": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "loopback",
"description": "Description",
"id": 67,
"mask": "255.255.255.128",
"dhcpSupport": false
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/505167",
"resourceType": "Network"
},
"ip": "172.0.0.0",
"lanAccess": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "int1",
"description": "Internal network 1",
"id": 505167,
"mask": "255.240.0.0",
"dhcpSupport": false
},
...............
]
}List by filter
List all Networks with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Network?filter=description co laboraResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1790267",
"resourceType": "Network"
},
"ip": "10.129.120.0",
"lanAccess": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "lab1",
"description": "Laboratory network 1",
"id": 1790267,
"mask": "255.255.255.0",
"dhcpSupport": false
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1790319",
"resourceType": "Network"
},
"ip": "10.129.121.0",
"lanAccess": false,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "lab2",
"description": "Laboratory network 2",
"id": 1790319,
"mask": "255.255.255.0",
"dhcpSupport": false
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1858961",
"resourceType": "Network"
},
"ip": "10.129.122.0",
"lanAccess": true,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "lab3",
"description": "Laboratory network",
"id": 1858961,
"mask": "255.255.255.0",
"dhcpSupport": false
}
]
}Query by id
Query a Network by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Network/1038187Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1038187",
"resourceType": "Network"
},
"ip": "192.168.133.0",
"lanAccess": true,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "internal",
"description": "Internal Network",
"loginRestriction": false,
"id": 1038187,
"mask": "255.255.255.0",
"dhcpSupport": true
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/NetworkJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "Laboratory",
"description": "Laboratory Network",
"ip": "192.168.123.0",
"mask": "255.255.255.0",
"loginRestriction": false,
"lanAccess": true,
"dhcpSupport": true
}Response 201 Created
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114",
"resourceType": "Network"
},
"ip": "192.168.123.0",
"lanAccess": true,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "Laboratory",
"description": "Laboratory Network",
"loginRestriction": false,
"id": 1977114,
"mask": "255.255.255.0",
"dhcpSupport": true
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Network/1977114JSON
{
"Operations": [
{
"op": "replace",
"path": "ip",
"value": "192.168.125.0"
}
]
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114",
"resourceType": "Network"
},
"ip": "192.168.123.0",
"lanAccess": true,
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "Laboratory",
"description": "Laboratory Network",
"loginRestriction": false,
"id": 1977114,
"mask": "255.255.255.0",
"dhcpSupport": true
}Update all
This operation replaces all values in the Network.
- Note that the attribute id is required to confirm that the resource "...Network/<id>" is the same that the JSON Network.
- Note that all the attributes not included in the request will be cleared in the Network type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Network/1977114JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"id": 1977114,
"name": "Laboratory",
"ip": "192.168.123.0",
"mask": "255.255.255.0"
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114",
"resourceType": "Network"
},
"ip": "192.168.123.0",
"schemas": [
"urn:soffid:com.soffid.iam.api.Network"
],
"name": "Laboratory",
"id": 1977114,
"mask": "255.255.255.0",
"dhcpSupport": false
}Delete
Please note after this delete, the network has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Network/1977114Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM DomainValue examples
Operations
This page shows the operations that can be performed for the DomainValue object. The DomainValue is related to Information Systems.
Role scope or domains are properties that can be assigned to some entitlements, limiting the scope of that entitlement. This can be used to limit, for instance, the maximum amount allowed for a money transfer, or the commercial zones to manage.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/DomainValueResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499623",
"resourceType": "DomainValue"
},
"domainName": "Zone",
"externalCodeDomain": "Operation",
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"description": "Twenty",
"id": 499623,
"value": "20"
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499629",
"resourceType": "DomainValue"
},
"domainName": "Zone",
"externalCodeDomain": "Operation",
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"description": "Eleven",
"id": 499629,
"value": "10"
},
.............
]
}List by filter
List all DomainValues with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/DomainValue?filter=description co TwResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499623",
"resourceType": "DomainValue"
},
"domainName": "Zone",
"externalCodeDomain": "Operation",
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"description": "Twenty",
"id": 499623,
"value": "20"
}
]
}Query by id
Query a DomainValue by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/DomainValue/802012Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/802012",
"resourceType": "DomainValue"
},
"domainName": "Company",
"externalCodeDomain": "Operation/Business 2/SOFFID",
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"description": "Soffid",
"id": 802012,
"value": "Soffid"
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/DomainValueJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"domainName": "Company",
"externalCodeDomain": "Operation/Business 2/SOFFID",
"description": "bubble",
"value": "bubble"
}Response 201 Created
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/1977131",
"resourceType": "DomainValue"
},
"domainName": "Company",
"externalCodeDomain": "Operation/Business 2/SOFFID",
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"description": "bubble",
"id": 1977131,
"value": "bubble"
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741JSON
{
"Operations": [
{
"op": "replace",
"path": "description",
"value": "Bubble description"
}
]
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/1977131",
"resourceType": "DomainValue"
},
"domainName": "Company",
"externalCodeDomain": "Operation/Business 2/SOFFID",
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"description": "Bubble description",
"id": 1977131,
"value": "bubble"
}Update all
This operation replaces all values in the DomainValue.
- Note that the attribute id is required to confirm that the resource "...DomainValue/<id>" is the same that the JSON DomainValue.
- Note that all the attributes not included in the request will be cleared in the DomainValue type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit the Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/DomainValue/1977131JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.GroupUser"
],
"id": 1976741,
"group": "it",
"groupDescription": "Help desk support team",
"user": "ckelp",
"fullName": "Casey Kelp",
"primaryGroup": true,
"attributes": {}
}Response 200 OK
{
"schemas": [
"urn:soffid:com.soffid.iam.api.DomainValue"
],
"id": 1977131,
"domainName": "Company",
"externalCodeDomain": "Operation/Business 2/SOFFID",
"description": "New bubble",
"value": "Newbubble"
}Delete
Please note after this delete, the DomainValue has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/DomainValue/1977131Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM VaultFolder examples
Operations
This page shows the operations that can be performed for the VaultFolder object
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [],
"navigateRoles": [],
"description": "Accounts that won't be shared",
"personal": true,
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/368461",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "Personal accounts",
"managerUsers": [],
"navigateGroups": [],
"id": 368461,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
},
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [
"test2",
"admin"
],
"navigateRoles": [],
"description": "Password vault",
"personal": false,
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/515461",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "vault",
"managerUsers": [],
"navigateGroups": [],
"id": 515461,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
},
............
]
}List by filter
List all VaultFolders with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/?filter=personal eq trueResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [],
"navigateRoles": [],
"description": "Accounts that won't be shared",
"personal": true,
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/368461",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "Personal accounts",
"managerUsers": [],
"navigateGroups": [],
"id": 368461,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
}
]
}Query by id
Query a VaultFolder by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/515461Response 200 OK
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [
"test2",
"admin"
],
"navigateRoles": [],
"description": "Password vault",
"personal": false,
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/515461",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "vault",
"managerUsers": [],
"navigateGroups": [],
"id": 515461,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/VaultFolderJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "Folder Billing",
"description": "Folder Billing",
"parentFolder": "vault",
"parentId": 515461,
"personal": false,
"accessLevel": "M",
"ownerUsers": [
"admin"
],
"navigateUsers": [
"admin"
]
}Response 201 Created
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [
"admin"
],
"navigateRoles": [],
"description": "Folder Billing",
"personal": false,
"parentId": 515461,
"parentFolder": "vault",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "Folder Billing",
"managerUsers": [],
"navigateGroups": [],
"id": 1977703,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/1977703JSON
{
"Operations": [
{
"op": "replace",
"path": "description",
"value": "Vault folder billing"
},
{
"op": "add",
"path": "navigateUsers",
"value": [
"dilbert",
"asea"
]
}
]
}Response 200 OK
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [
"asea",
"dilbert",
"admin"
],
"navigateRoles": [],
"description": "Vault folder billing",
"personal": false,
"parentId": 515461,
"parentFolder": "vault",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "Folder Billing",
"managerUsers": [],
"navigateGroups": [],
"id": 1977703,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
}Update all
This operation replaces all values in the VaultFolder.
- Note that the attribute id is required to confirm that the resource "...VaultFolder/<id>" is the same that the JSON VaultFolder.
- Note that all the attributes not included in the request will be cleared in the GroupUser type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/1977703JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"id": 1977703,
"name": "Folder Billing",
"description": "Folder Billing",
"parentFolder": "vault",
"parentId": 515461,
"personal": false,
"accessLevel": "M",
"ownerUsers": [
"admin"
]
}Response 200 OK
{
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"navigateUsers": [],
"navigateRoles": [],
"description": "Folder Billing",
"personal": false,
"parentId": 515461,
"parentFolder": "vault",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703",
"resourceType": "VaultFolder"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.VaultFolder"
],
"name": "Folder Billing",
"managerUsers": [],
"navigateGroups": [],
"id": 1977703,
"grantedGroups": [],
"managerGroups": [],
"grantedUsers": [],
"ownerUsers": [
"admin"
]
}Delete
Please note after this delete, the VaultFolder has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/VaultFolder/1977703Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM System examples
Operations
This page shows the operations that can be performed for the Systems object (Agents).
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/SystemResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 16,
"startIndex": 1,
"Resources": [
{
"accessControl": false,
"usersDomain": "DEFAULT",
"fullReconciliation": false,
"authoritative": false,
"description": "Soffid system",
"groups": "",
"threads": 1,
"className": "- no class -",
"userTypes": "I",
"groupsList": [],
"readOnly": false,
"passwordsDomain": "DEFAULT",
"timeStamp": "2020-04-18 19:32:37",
"rolebased": true,
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/44",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "soffid",
"id": 44,
"passwordsDomainId": 27,
"tenant": "master",
"generateTasksOnLoad": true
},
{
"accessControl": false,
"usersDomain": "DEFAULT",
"fullReconciliation": false,
"authoritative": false,
"description": "External SSO accounts",
"groups": "admingroup,enterprise",
"threads": 1,
"className": "com.soffid.iam.sync.sso.agent.SSOAgent",
"userTypes": "S,I",
"groupsList": [
"admingroup",
"enterprise"
],
"readOnly": false,
"url": "local",
"passwordsDomain": "DEFAULT",
"timeStamp": "2020-09-21 10:17:38",
"rolebased": false,
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/47",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "SSO",
"id": 47,
"manualAccountCreation": true,
"passwordsDomainId": 27,
"tenant": "master",
"generateTasksOnLoad": true
},
................
]
}List by filter
List all Systems with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/System?filter=description co 10.129.Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"accessControl": false,
"description": "Discovered host 10.129.122.22",
"className": "com.soffid.iam.sync.agent.SimpleSSHAgent",
"userTypes": "",
"passwordsDomain": "DEFAULT",
"rolebased": false,
"id": 1885153,
"manualAccountCreation": true,
"tenant": "master",
"generateTasksOnLoad": false,
"param7": "false",
"usersDomain": "DEFAULT",
"param6": "UTF-8",
"fullReconciliation": true,
"authoritative": false,
"sharedDispatcher": true,
"param0": "soffid",
"groups": "",
"threads": 1,
"groupsList": [],
"readOnly": false,
"param3": "10.129.122.22",
"param4": "true",
"url": "local",
"param2": "517y1hF40k4=",
"timeStamp": "2021-04-23 12:23:15",
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1885153",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "10.129.122.22",
"passwordsDomainId": 27
},
{
"accessControl": false,
"description": "Discovered host 10.129.122.25",
"className": "com.soffid.iam.sync.agent.SimpleWindowsAgent",
"userTypes": "",
"passwordsDomain": "DEFAULT",
"rolebased": false,
"id": 1890334,
"manualAccountCreation": true,
"tenant": "master",
"generateTasksOnLoad": false,
"param7": "false",
"usersDomain": "DEFAULT",
"fullReconciliation": true,
"authoritative": false,
"sharedDispatcher": true,
"param0": "Administrador",
"groups": "",
"threads": 1,
"groupsList": [],
"readOnly": false,
"param3": "10.129.122.25",
"param4": "true",
"url": "local",
"param2": "VFJV1pSRfE7s",
"timeStamp": "2021-04-23 20:00:34",
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1890334",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "10.129.122.25",
"passwordsDomainId": 27
}
]
}Query by id
Query a System by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/System/389082Response 200 OK
{
"accessControl": true,
"description": "Active Directory.",
"className": "com.soffid.iam.sync.agent2.CustomizableActiveDirectoryAgent",
"userTypes": "I",
"passwordsDomain": "DEFAULT",
"rolebased": true,
"id": 389082,
"manualAccountCreation": false,
"tenant": "master",
"generateTasksOnLoad": true,
"param7": "true",
"param8": "true",
"usersDomain": "DEFAULT",
"fullReconciliation": false,
"authoritative": true,
"sharedDispatcher": false,
"param0": "ad.bubu.lab",
"groups": "",
"threads": 1,
"groupsList": [],
"readOnly": false,
"param3": "C27Nv4vjbIsI",
"url": "https://soffid.bubu.lab:1760/",
"param1": "dc=ad,dc=bubu,dc=lab",
"param2": "ad\\Administrator",
"timeStamp": "2021-04-07 09:31:59",
"trusted": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/389082",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "ad",
"passwordsDomainId": 27
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/SystemJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "SQLRRHH",
"description": "SQL RRHH test",
"className": "com.soffid.iam.sync.agent.SQLAgent2",
"userTypes": "E,I",
"passwordsDomain": "DEFAULT",
"usersDomain": "DEFAULT"
}Response 201 Created
{
"accessControl": false,
"usersDomain": "DEFAULT",
"fullReconciliation": false,
"authoritative": false,
"description": "SQL RRHH test",
"groups": "",
"threads": 1,
"className": "com.soffid.iam.sync.agent.SQLAgent2",
"userTypes": "I,E",
"groupsList": [],
"readOnly": false,
"passwordsDomain": "DEFAULT",
"timeStamp": "2021-05-12 10:58:35",
"rolebased": false,
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "SQLRRHH",
"id": 1977157,
"passwordsDomainId": 27,
"tenant": "master",
"generateTasksOnLoad": false
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/System/1977157JSON
{
"Operations": [
{
"op": "replace",
"path": "param0",
"value": "user"
},
{
"op": "replace",
"path": "param1",
"value": "password"
},
{
"op": "replace",
"path": "param2",
"value": "jdbc:mysql://localhost/personal"
}
]
}Response 200 OK
{
"accessControl": false,
"description": "SQL RRHH test",
"className": "com.soffid.iam.sync.agent.SQLAgent2",
"userTypes": "I,E",
"passwordsDomain": "DEFAULT",
"rolebased": false,
"id": 1977157,
"tenant": "master",
"generateTasksOnLoad": false,
"usersDomain": "DEFAULT",
"fullReconciliation": false,
"authoritative": false,
"param0": "user",
"groups": "",
"threads": 1,
"groupsList": [],
"readOnly": false,
"param1": "password",
"param2": "jdbc:mysql://localhost/personal",
"timeStamp": "2021-05-12 10:59:44",
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "SQLRRHH",
"passwordsDomainId": 27
}Update all
This operation replace all values in the System.
- Note that the attribute id is required to confirm that the resource "...System/<id>" is the same that the JSON System.
- Note that all the attributes not included in the request will be cleared in the System type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/System/1977157JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"id": 1977157,
"name": "SQLRRHH",
"description": "SQL RRHH test",
"className": "com.soffid.iam.sync.agent.SQLAgent2",
"userTypes": "E,I",
"passwordsDomain": "DEFAULT",
"usersDomain": "DEFAULT"
}Response 200 OK
{
"accessControl": false,
"usersDomain": "DEFAULT",
"fullReconciliation": false,
"authoritative": false,
"description": "SQL RRHH test",
"groups": "",
"threads": 1,
"className": "com.soffid.iam.sync.agent.SQLAgent2",
"userTypes": "I,E",
"groupsList": [],
"readOnly": false,
"passwordsDomain": "DEFAULT",
"timeStamp": "2021-05-12 11:02:49",
"rolebased": false,
"trusted": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157",
"resourceType": "System"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.System"
],
"name": "SQLRRHH",
"id": 1977157,
"passwordsDomainId": 27,
"tenant": "master",
"generateTasksOnLoad": false
}Delete
Please note after this delete, the System has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/System/1977157Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM CustomObject examples
Operations
This page shows the operations that can be performed for the CustomObjects object
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/CustomObjectResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 6,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/CustomObject/848157",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "aa",
"description": "aaa",
"attributes": {
"address": "2"
},
"id": 848157,
"type": "building"
},
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1510208",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "ES",
"description": "Spain",
"attributes": {
"language": "English"
},
"id": 1510208,
"type": "country"
},
..........
]
}List by filter
List all CustomObjects with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/CustomObject?filter=description eq SpainResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1510208",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "ES",
"description": "Spain",
"attributes": {
"language": "English"
},
"id": 1510208,
"type": "country"
}
]
}Query by id
Query a CustomObject by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/CustomObject/848062Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/848062",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "HQ",
"description": "Headquarters",
"attributes": {
"address": "1"
},
"id": 848062,
"type": "building"
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/CustomObjectJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "IT",
"description": "Italy",
"type": "country",
"attributes": {
"language": "English"
}
}Response 201 Created
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "IT",
"description": "Italy",
"attributes": {
"language": "English"
},
"id": 1977187,
"type": "country"
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/CustomObject/1977187JSON
{
"Operations": [
{
"op": "replace",
"path": "attributes",
"value": {
"language": "German"
}
}
]
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "IT",
"description": "Italy",
"attributes": {
"language": "German"
},
"id": 1977187,
"type": "country"
}Update all
This operation replaces all values in the CustomObject.
- Note that the attribute id is required to confirm that the resource "...CustomObject/<id>" is the same that the JSON CustomObject.
- Note that all the attributes not included in the request will be cleared in the CustomObject type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/CustomObject/1977187JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"id": 1977187,
"name": "IT",
"description": "Italy",
"type": "country",
"attributes": {
"language": "English"
}
}Response 200 OK
{
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187",
"resourceType": "CustomObject"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.CustomObject"
],
"name": "IT",
"description": "Italy",
"attributes": {
"language": "English"
},
"id": 1977187,
"type": "country"
}Delete
Please note after this delete, the CustomObject has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/CustomObject/1977187Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM ProcessDefinition examples
Operations
This page shows the operations that can be performed for the ProcessDefinitions object
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessDefinitionResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 8,
"startIndex": 1,
"Resources": [
{
"author": "admin",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1474063",
"resourceType": "ProcessDefinition"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
],
"name": "User registration",
"deployed": "2021-02-11 16:42:08",
"tag": "27",
"id": 1474063,
"version": 27,
"enabled": true
},
{
"author": "admin",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694",
"resourceType": "ProcessDefinition"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
],
"name": "User request",
"deployed": "2021-04-15 16:10:11",
"tag": "19",
"id": 1857694,
"version": 19,
"enabled": true
},
.............
]
}List by filter
List all ProcessDefinitions with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessDefinition?filter=name co requestResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"author": "admin",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1946303",
"resourceType": "ProcessDefinition"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
],
"name": "Permissions request",
"deployed": "2021-04-30 08:48:58",
"tag": "23",
"id": 1946303,
"type": "RoleApproval",
"version": 23,
"enabled": true
},
{
"author": "admin",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694",
"resourceType": "ProcessDefinition"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
],
"name": "User request",
"deployed": "2021-04-15 16:10:11",
"tag": "19",
"id": 1857694,
"version": 19,
"enabled": true
}
]
}Query by id
Query a ProcessDefinition by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessDefinition/1857694Response 200 OK
{
"author": "admin",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694",
"resourceType": "ProcessDefinition"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
],
"name": "User request",
"deployed": "2021-04-15 16:10:11",
"tag": "19",
"id": 1857694,
"version": 19,
"enabled": true
}Create
This operation is not allowed.
Update partial
This operation is not allowed.
Update all
This operation is not allowed.
Delete
This operation is not allowed.
Error response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM ProcessInstance examples
Operations
This page shows the operations that can be performed for the ProcessInstances object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstanceResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 311,
"startIndex": 1,
"Resources": [
{
"dummyProcess": false,
"variables": {},
"comments": [
{
"actor": "admin Soffid Administrator",
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.Comment"
],
"time": "2020-09-30 09:57:15",
"message": "Comentario"
}
],
"processDefinition": 628635,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/626161",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2020-09-29 20:34:46",
"currentTask": "Entrada de la consulta",
"description": "Consultar la base de datos",
"end": "2020-11-11 15:05:48",
"id": 626161
},
{
"dummyProcess": false,
"variables": {},
"comments": [],
"processDefinition": 628635,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/626179",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2020-09-29 20:35:22",
"currentTask": "Entrada de la consulta",
"description": "Consultar la base de datos",
"end": "2020-11-11 15:05:44",
"id": 626179
},
..........
]
}List by filter
List all ProcessInstances with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance?filter=description co Permission and currentTask eq StartResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 8,
"startIndex": 1,
"Resources": [
{
"dummyProcess": false,
"variables": {
"requester": "admin",
"grants": [],
"requesterName": "Soffid Administrator"
},
"comments": [],
"processDefinition": 1054785,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1053984",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2020-12-14 14:49:20",
"currentTask": "Start",
"description": "Permissions request",
"end": "2021-01-29 08:25:28",
"id": 1053984
},
{
"dummyProcess": false,
"variables": {
"requester": "admin",
"grants": [],
"requesterName": "Soffid Administrator"
},
"comments": [],
"processDefinition": 1946303,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2021-01-29 08:26:30",
"currentTask": "Start",
"description": "Permissions request",
"id": 1378380
},
...........
]
}
Query by id
Query a ProcessInstance by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance/1378380Response 200 OK
{
"dummyProcess": false,
"variables": {
"requester": "admin",
"grants": [],
"requesterName": "Soffid Administrator"
},
"comments": [],
"processDefinition": 1946303,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2021-01-29 08:26:30",
"currentTask": "Start",
"description": "Permissions request",
"id": 1378380
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstanceJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"dummyProcess": false,
"variables": {
"requester": "ckelp",
"grants": [],
"requesterName": "Casey Kelp"
},
"comments": [],
"processDefinition": 1946303,
"description": "Permissions request"
}Response 201 Created
{
"dummyProcess": false,
"variables": {
"requester": "ckelp",
"grants": [],
"requesterName": "Casey Kelp"
},
"comments": [],
"processDefinition": 1946303,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2021-01-29 08:26:30",
"currentTask": "Start",
"description": "Permissions request",
"id": 1378380
}Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741JSON
{
"Operations": [
{
"op": "replace",
"path": "start",
"value": "2021-05-14 00:00:00"
}
]
}Response 200 OK
{
"dummyProcess": false,
"variables": {
"requester": "admin",
"grants": [],
"requesterName": "Soffid Administrator"
},
"comments": [],
"processDefinition": 1946303,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2021-05-14 00:00:00",
"currentTask": "Start",
"description": "Permissions request",
"id": 1378380
}Update all
This operation replaces all values in the ProcessInstance.
- Note that the attribute id is required to confirm that the resource "...ProcessInstance/<id>" is the same that the JSON ProcessInstance.
- Note that all the attributes not included in the request will be cleared in the ProcessInstance type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT - http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance/1474138JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"id": 1378380,
"dummyProcess": false,
"variables": {
"requester": "ckelp",
"grants": [],
"requesterName": "Casey Kelp"
},
"comments": ["comments"],
"processDefinition": 1946303,
"start": "2021-05-14 00:00:00",
"currentTask": "Start",
"description": "Permissions request"
}Response 200 OK
{
"dummyProcess": false,
"variables": {
"requester": "ckelp",
"grants": [],
"requesterName": "Casey Kelp"
},
"comments": [
"comments"
],
"processDefinition": 1946303,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
"resourceType": "ProcessInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
],
"start": "2021-05-14 00:00:00",
"currentTask": "Start",
"description": "Permissions request",
"id": 1378380
}Delete
When you delete a ProcessInstance, it will be disabled, but never deleted from the database, this ProcessInstance will have an end date.
Please note after this delete, the ProcessInstance has to be created again to use it in the next examples.
Request
DELETE - http://<your-domain>/webservice/scim2/v1/ProcessInstance/1977873Response 204 No Content
204 No ContentError response
For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM TaskInstance examples
Operations
This page shows the operations that can be performed for the TaskInstances object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/TaskInstanceResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 6,
"startIndex": 1,
"Resources": [
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "SOFFID_ADMIN ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"SOFFID_ADMIN"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1762656,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Container/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1762352,
"description": "Approve ",
"pooledActors": [
"SOFFID_ADMIN"
],
"priority": 3,
"transitions": [
"Rechazar",
"Aceptar"
],
"dummyTask": false,
"processName": "Modificar permisos",
"processId": 1762544,
"blocking": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-03-30 19:57:35",
"cancelled": false,
"id": 1762656,
"open": true,
"signalling": true
},
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "admin ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"admin"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1861549,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Operation/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1946303,
"description": "Approve pending permissions",
"pooledActors": [
"admin"
],
"priority": 3,
"transitions": [
"Reject",
"Approve"
],
"dummyTask": false,
"processName": "Permissions request",
"processId": 1861537,
"blocking": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-04-17 21:00:46",
"cancelled": false,
"id": 1861549,
"open": true,
"signalling": true
},
....................
]
}List by filter
List all TaskInstances with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance?count=2&filter=processName eq "Permissions request" and name eq ApproveResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "admin ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"admin"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1861549,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Operation/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1946303,
"description": "Approve pending permissions",
"pooledActors": [
"admin"
],
"priority": 3,
"transitions": [
"Reject",
"Approve"
],
"dummyTask": false,
"processName": "Permissions request",
"processId": 1861537,
"blocking": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-04-17 21:00:46",
"cancelled": false,
"id": 1861549,
"open": true,
"signalling": true
},
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "admin ",
"comments": "",
"roleId": 393103,
"userFullName": "Soffid Administrator",
"owners": [
"admin"
],
"userName": "admin",
"approved": false,
"applicationDescription": "Active Directory",
"taskInstance": 1638273,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Enterprise Administrators",
"applicationName": "Container/Business process/ad"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1946303,
"start": "2021-05-10 12:57:31",
"description": "Approve pending permissions",
"pooledActors": [
"admin"
],
"priority": 3,
"transitions": [
"Reject",
"Approve"
],
"dummyTask": false,
"actorId": "admin",
"processName": "Permissions request",
"processId": 1638261,
"blocking": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1638273",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-03-11 16:33:41",
"cancelled": false,
"id": 1638273,
"open": true,
"signalling": true
},
..............
]
}Query by id
Query a TaskInstance by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance/1861549Response 200 OK
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "admin ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"admin"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1861549,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Operation/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1946303,
"description": "Approve pending permissions",
"pooledActors": [
"admin"
],
"priority": 3,
"transitions": [
"Reject",
"Approve"
],
"dummyTask": false,
"processName": "Permissions request",
"processId": 1861537,
"blocking": false,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-04-17 21:00:46",
"cancelled": false,
"id": 1861549,
"open": true,
"signalling": true
}Create
This operation is not allowed.
Update partial
Only attributes with changes will be updated, the other will mantain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance/1762656JSON
{
"Operations": [
{
"op": "replace",
"path": "blocking",
"value": true
}
]
}Response 200 OK
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "SOFFID_ADMIN ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"SOFFID_ADMIN"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1762656,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Container/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1762352,
"description": "Approve ",
"pooledActors": [
"SOFFID_ADMIN"
],
"priority": 3,
"transitions": [
"Rechazar",
"Aceptar"
],
"dummyTask": false,
"processName": "Modificar permisos",
"processId": 1762544,
"blocking": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-03-30 19:57:35",
"cancelled": false,
"id": 1762656,
"open": true,
"signalling": true
}Update all
This operation replaces all values in the GroupUser.
- Note that the attribute id is required to confirm that the resource "...TaskInstance/<id>" is the same that the JSON TaskInstance.
- Note that all the attributes not included in the request will be cleared in the TaskInstance type and their data will be lost.
- Note that not all the attributes are updatable, for example tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/webservice/scim2/v1/TaskInstance/1762656JSON
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "SOFFID_ADMIN ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"SOFFID_ADMIN"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1762656,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Container/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1762352,
"description": "Approve ",
"pooledActors": [
"SOFFID_ADMIN"
],
"priority": 3,
"transitions": [
"Rechazar",
"Aceptar"
],
"dummyTask": false,
"processName": "Modificar permisos",
"processId": 1762544,
"blocking": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-03-30 19:57:35",
"cancelled": false,
"id": 1762656,
"open": true,
"signalling": true
}Response 200 OK
{
"variables": {
"requester": "admin",
"grants": [
{
"ownersString": "SOFFID_ADMIN ",
"comments": "",
"roleId": 393447,
"userFullName": "Soffid Administrator",
"owners": [
"SOFFID_ADMIN"
],
"userName": "admin",
"approved": false,
"applicationDescription": "SOFFID Identity Manager",
"taskInstance": 1762656,
"schemas": [
"urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
],
"denied": false,
"roleDescription": "Accounting Manager",
"applicationName": "Container/Business 2/SOFFID"
}
],
"requesterName": "Soffid Administrator"
},
"processDefinition": 1762352,
"description": "Approve ",
"pooledActors": [
"SOFFID_ADMIN"
],
"priority": 3,
"transitions": [
"Rechazar",
"Aceptar"
],
"dummyTask": false,
"processName": "Modificar permisos",
"processId": 1762544,
"blocking": true,
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
"resourceType": "TaskInstance"
},
"schemas": [
"urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
],
"name": "Approve",
"create": "2021-03-30 19:57:35",
"cancelled": false,
"id": 1762656,
"open": true,
"signalling": true
}Delete
In this case, delete operation will cancel the TaskInstace, but does not be deleted form database.
Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE - http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance/1762656Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM full examples
SCIM Issue examples
Operations
This page shows the operations that can be performed for the issue object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/IssueResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"performedActions": "2023-06-09 07:17:25 admin Created\n2023-06-09 09:46:54 admin Acknowledged\n",
"acknowledged": "2023-06-09 09:46:54",
"created": "2023-06-09 07:17:25",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44656",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user bob bobm",
"id": 44656,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
}
],
"status": "A"
},
{
"acknowledged": "2023-06-09 08:55:49",
"created": "2023-06-09 07:29:25",
"hosts": [],
"description": "Account etaylor@soffid has been locked",
"solved": "2023-06-09 08:56:09",
"type": "locked-account",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "etaylor",
"userId": 3821
}
],
"performedActions": "2023-06-09 07:29:25 $$INTERNAL$$ Created\n2023-06-09 08:49:49 admin User etaylor is disabled\n2023-06-09 08:55:09 admin The account etaylor has been locked\n2023-06-09 08:55:41 admin Notify pgarcia@soffid.com\n2023-06-09 08:55:49 admin Acknowledged\n2023-06-09 08:55:53 admin The account etaylor has been unlocked\n2023-06-09 08:56:09 admin Solved\n",
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44672",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"id": 44672,
"account": {
"lastLogin": "2023-06-09 07:28:11",
"grantedRoles": [],
"description": "Elizabeth Taylor",
"type": "U",
"lastUpdated": "2023-06-09 08:56:07",
"ownerGroups": [],
"loginName": "etaylor",
"inheritNewPermissions": false,
"disabled": false,
"id": 4994,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2023-06-09 07:28:14",
"passwordExpiration": "2024-06-08 07:28:14",
"passwordPolicy": "I",
"accessLevel": "-",
"managerRoles": [],
"created": "2023-06-02 09:14:36",
"hasSnapshot": false,
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account/4994",
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "etaylor",
"managerUsers": [],
"lastChange": "2023-06-09 08:55:53",
"attributes": {},
"status": "a",
"ownerUsers": [
"etaylor"
],
"grantedUsers": []
},
"status": "S"
},
{
"performedActions": "2023-06-14 06:56:42 admin Created\n",
"created": "2023-06-14 06:56:42",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/56710",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user cdarwin cmartin etaylor",
"id": 56710,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "cdarwin",
"userId": 4037
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "cmartin",
"userId": 3890
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "etaylor",
"userId": 3821
}
],
"status": "N"
},
{
"performedActions": "2023-06-14 07:02:55 admin Created\n",
"created": "2023-06-14 07:02:55",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/56728",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user cdarwin cmartin etaylor",
"id": 56728,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "cdarwin",
"userId": 4037
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "cmartin",
"userId": 3890
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "etaylor",
"userId": 3821
}
],
"status": "N"
}
]
}List by filter
List all Issues with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Issue?filter=type co "locked"Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"acknowledged": "2023-06-09 08:55:49",
"created": "2023-06-09 07:29:25",
"hosts": [],
"description": "Account etaylor@soffid has been locked",
"solved": "2023-06-09 08:56:09",
"type": "locked-account",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "etaylor",
"userId": 3821
}
],
"performedActions": "2023-06-09 07:29:25 $$INTERNAL$$ Created\n2023-06-09 08:49:49 admin User etaylor is disabled\n2023-06-09 08:55:09 admin The account etaylor has been locked\n2023-06-09 08:55:41 admin Notify pgarcia@soffid.com\n2023-06-09 08:55:49 admin Acknowledged\n2023-06-09 08:55:53 admin The account etaylor has been unlocked\n2023-06-09 08:56:09 admin Solved\n",
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44672",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"id": 44672,
"account": {
"lastLogin": "2023-06-09 07:28:11",
"grantedRoles": [],
"description": "Elizabeth Taylor",
"type": "U",
"lastUpdated": "2023-06-09 08:56:07",
"ownerGroups": [],
"loginName": "etaylor",
"inheritNewPermissions": false,
"disabled": false,
"id": 4994,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2023-06-09 07:28:14",
"passwordExpiration": "2024-06-08 07:28:14",
"passwordPolicy": "I",
"accessLevel": "-",
"managerRoles": [],
"created": "2023-06-02 09:14:36",
"hasSnapshot": false,
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account/4994",
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "etaylor",
"managerUsers": [],
"lastChange": "2023-06-09 08:55:53",
"attributes": {},
"status": "a",
"ownerUsers": [
"etaylor"
],
"grantedUsers": []
},
"status": "S"
}
]
}Query by id
Query an Issue by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Issue/44656Response 200 OK
{
"performedActions": "2023-06-09 07:17:25 admin Created\n2023-06-09 09:46:54 admin Acknowledged\n",
"acknowledged": "2023-06-09 09:46:54",
"created": "2023-06-09 07:17:25",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/44656",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user bob bobm",
"id": 44656,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
}
],
"status": "A"
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/IssueJSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"type" : "duplicated-user",
"status" : "N",
"created" : "2023-06-19 15:30:00",
"users" : [{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
}]
}Response 201 Created
{
"actor": "SOFFID_ADMIN@soffid",
"performedActions": "2023-06-21 08:49:22 admin Created\n2023-06-21 08:49:22 admin Executed automatic task start-workflow\n2023-06-21 08:49:22 admin Executed automatic task run-script\n2023-06-21 08:49:22 admin Executed automatic task send-email\n",
"created": "2023-06-21 08:49:22.516",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/167879",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user bob bobm",
"id": 169336,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
}
],
"status": "N"
}Update partial
Only attributes with changes will be updated, the others will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Issue/169336JSON
{
"Operations": [
{
"op": "replace",
"path": "status",
"value": "A"
}
]
}Response 200 OK
{
"performedActions": "2023-06-21 08:54:04 admin Created\n2023-06-21 08:58:59 admin Acknowledged\n",
"acknowledged": "2023-06-21 08:58:59.605",
"created": "2023-06-21 08:54:04",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/169336",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user bobm bob",
"id": 169336,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
}
],
"status": "A"
}Update all
This operation replaces all values in the Issues.
- Note that the attribute id is required to confirm that the resource "...Issue/<id>" is the same that the JSON Issue.
- Note that all the attributes not included in the request will be cleared in the Issue type and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information visit Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Issue/169336JSON
{
"performedActions": "2023-06-21 08:54:04 admin Created\n2023-06-21 08:58:59 admin Acknowledged\n",
"acknowledged": "2023-06-21 08:58:59.605",
"created": "2023-06-21 08:54:04",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/169336",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user bobm bob",
"id": 169336,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
}
],
"status": "S"
}Response 200 OK
{
"performedActions": "2023-06-21 08:54:04 admin Created\n2023-06-21 08:58:59 admin Acknowledged\n",
"acknowledged": "2023-06-21 08:58:59",
"created": "2023-06-21 08:54:04",
"hosts": [],
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue/169336",
"resourceType": "Issue"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Issue"
],
"description": "Duplicated user bobm bob",
"id": 169336,
"type": "duplicated-user",
"users": [
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bobm",
"userId": 3971
},
{
"schemas": [
"urn:soffid:com.soffid.iam.api.IssueUser"
],
"userName": "bob",
"userId": 3941
}
],
"status": "S"
}Delete
This operation is not allowed.
Error response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM for OTP devices
SCIM for OTP devices
SCIM for OTP devices
⏰ Getting Started
Introduction
Soffid allows you to combine two of the most powerful addons you can use into Soffid Console, SCIM, and OTP.
Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation
Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization
Please note that is recommended to use a REST client, please see our example in Testing tool # RESTer
Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request
Please note that the OTP addon must be installed and configured, check it in OTP Settings
OTP Device Types
OTP device types available
- TOTP: Time based HMAC Token
- HOTP: Event based HMAC Token
- SMS
- PIN: Security PIN
OTP Device Status
OTP device status available :
- C: Created
- V: Validated
- L: Locked
- D: Disabled
OTP Operations
Soffid provides an API that allows you to connect to the OTP microservices.
The available operations are the following
- List all
- List by filter
- Query by id
- Create
- Update
- Validate
- Send SMS
- Delete
You can visit the SCIM OTP devices examples page for more detailed information
Workflows
With the previous operations, using the SCIM OTP API, we can define some workflows.
You can visit the SCIM OTP devices Workflows examples page
SCIM for OTP devices
SCIM OTP devices examples
Operations
This page shows the operations that can be performed for the OTP devices object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDeviceResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 25,
"startIndex": 1,
"Resources": [
{
"lastUsed": "2021-10-14 06:57:00",
"created": "2021-10-14 06:44:43",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000001",
"id": 4022880,
"type": "TOTP",
"user": "franck",
"fails": 0,
"status": "D"
},
{
"created": "2021-10-14 08:37:38",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "Email message to pg*****@so****.co*",
"id": 4024384,
"type": "EMAIL",
"user": "patricia",
"fails": 0,
"email": "patricia@soffid.com",
"status": "D"
},
{
"created": "2021-10-14 11:17:52",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"phone": "666555444",
"name": "SMS message to 66*****44",
"id": 4024416,
"type": "SMS",
"user": "agatha",
"fails": 0,
"status": "V"
},
.............
.............
]
}List by filter
List all the OTP devices with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice?filter=type eq "TOTP"Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 7,
"startIndex": 1,
"Resources": [
{
"lastUsed": "2021-10-14 06:57:00",
"created": "2021-10-14 06:44:43",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000001",
"id": 4022880,
"type": "TOTP",
"user": "franck",
"fails": 0,
"status": "D"
},
.............
.............
]
}Query by id
Query a OTP device by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5007882Response 200 OK
{
"created": "2022-02-22 07:46:51",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000035",
"id": 5007882,
"type": "TOTP",
"user": "admin",
"fails": 0,
"status": "C"
}Create
Allows you to create a new OTP device. It is important the type of the OTP you want to create, and depending on this, it will be mandatory to add new attributes to the request.
- SMS: add to the JSON the phone attribute
- EMAIL: add to the JSON the email attribute
- PIN: add to the JSON the pin attribute
Request
http://<your-domain>/soffid/webservice/scim2/v1/OtpDeviceJSON
{
"meta": {
"location": "http://<your-domain>/webservice/scim2/v1/OtpDevice",
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"type": "TOTP",
"user": "admin"
}Response 200 OK
{
"image": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADIAQAAAACFI5MzAAAC3klEQVR4Xu2XP66jMBDGB7lwFy5gydeg40rkAoRcgFzJna+B5AtA58Ji9hueQvJWu8UbS6stMoqiwA9lrPn7Qfw3o99vnPYhHyL2L0mghhOz2Xue+tJGIltBIm9haQPdgufsButxp4LQlc1M+C5tSLt1TSWJyy26Jvipd2NfTTJPHU/kmlxariS8RX6w2fhwwt+i82OC/ER3fX2+Ze7HBJbp0iGieCQh54dpSaCBaOz8SmbukfY0C1STJAHIZkdQe947d6khkYau3KKZrNktzs77MwYawoTCuTFqEDytHY1PPxqSEQPPwY3WoOeu0WzPbGtIoNH6tTdzt1BX2ky3w7mSZAnkA95sQge3eRmfMdAQhh8pwLFL94ACR/9VkOzvbB5oX0LnuaEz9xoS/YORcNROGY7jn/nREE5bwCRwFwtveOQtBgoSJc9rnzggOWm27nUCBcnws1wI3OPgeOpVVQqCkdynqU+rLWQx+fwxEtTEEZXBLoO4KjcpzAqScZWQbczRNphZOq+CBHcNkuQmSs+hm4enHw1hXBWM9o39PS4XW161oyBhIZt2MishP/imy3kCDUEAyo3LpZe2m/BUDYlmtdjbUoDYtIQNyRUkLPj7jdNE5g4hIKVUQWK5BszRQh3PWBf0pncUJCAhRjJDGPZokbdtpiCMooYHs8rZ4WehKuIhnZqM0YIKSo+czsmnIRFKpxyyArfd8FY7GoKRzISg7gSInqsj2UwdYVZh+c+9jATMZj2J0rUi7ix0YsFsFt9qIrtR5PA9o10wYPx0nlpDjJRhD4Xi0MoP6NnTj4KEQ4WJFvNbXlDWZ+1oCCwujWhYg7S3sVQR0bDUYj3GI+3xpa81BPoah+3T/UvDygqqIShDNxIq2q8dftD7W4GGRLyBYT0ujdRRedOwOgKRgvMiS446z2JqwjKfMJUJextCm87dqCHIj+xGj0WxMbT/8v7G8mPyZ/uQDxH7n8kvJ2XgRr9Rxi0AAAAASUVORK5CYII=",
"created": "2022-02-22 07:46:51",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882",
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000035",
"id": 5007882,
"type": "TOTP",
"user": "admin",
"fails": 0,
"status": "C"
}Example JSON SMS
{
"type": "SMS",
"user": "dilbert",
"phone": "6665552222"
}Example JSON EMAIL
{
"type": "EMAIL",
"user": "dilbert",
"email": "dilbert@soffid.com"
}Example JSON PIN
{
"type": "PIN",
"user": "dilbert",
"email": "123456789"
}Update partial
Only attributes with changes will be updated, the other will mantain the same value. This example shows how to enable an OTP device.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5007882JSON
{
"Operations":
[
{
"op": "replace",
"path": "status",
"value": "V"
}
]
}Response 200 OK
{
"created": "2022-02-22 07:46:51",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000035",
"id": 5007882,
"type": "TOTP",
"user": "admin",
"fails": 0,
"status": "V"
}Request Challenge
This operation allows Soffid to obtain the PIN code for a specific OTP device. We can use this method to send an email or SMS, depending on the type of OTP device.
Request
GET http://<your-domain>//soffid/webservice/scim2/v1/OtpDevice/<OTP_ID>/requestChallengeResponse 200 OK
{
"cell": "PIN",
"cardNumber": "SMS message to 66*****22"
}Response Challenge
This operation allows you to validate a PIN code for a specific OTP device.
Request
POST http://<your-domain>//soffid/webservice/scim2/v1/OtpDevice/<OTP_ID>/responseChallengeJSON
{
"pin": "12345678"
}Response 200 OK
{
"success": false,
"locked": false
}Delete
In this case, delete operation will cancel the TaskInstace, but does not be deleted form database.
Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE - http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5007967Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM for OTP devices
SCIM OTP devices Workflows examples
Workflow Examples
Workflow 1
1. Create Email OTP device
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDeviceJSON
{
"type": "EMAIL",
"user": "dilbert",
"email": "dilbert@soffid.com"
}Response 200 OK
{
"created": "2022-03-09 13:39:52",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461",
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "Email message to di*****@so****.co*",
"id": 5099461,
"type": "EMAIL",
"user": "dilbert",
"fails": 0,
"email": "dilbert@soffid.com",
"status": "C"
}2. RequestChallenge to get the PIN code
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5099461/requestChallengeResponse 200 OK
{
"cell": "PIN",
"cardNumber": "Email message to di*****@so****.co*"
}3. ResponseChallenge to validate the PIN code
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5099461/responseChallengeJSON
{
"pin": "839231"
}Response 200 OK
{
"success": true,
"locked": false
}4. Enable OTP device
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5099461JSON
{
"Operations":
[
{
"op": "replace",
"path": "status",
"value": "V"
}
]
}Response
{
"created": "2022-03-09 13:39:52",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "Email message to di*****@so****.co*",
"id": 5099461,
"type": "EMAIL",
"user": "dilbert",
"fails": 0,
"email": "dilbert@soffid.com",
"status": "V"
}Workflow 2
1. Get TOTP devices
Obtain all unused OTP devices by 2022.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice?filter=lastUsed le "2022-01-01"Response 200 Ok
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 5,
"startIndex": 1,
"Resources": [
{
"lastUsed": "2021-10-14 06:57:00",
"created": "2021-10-14 06:44:43",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000001",
"id": 4022880,
"type": "TOTP",
"user": "admin",
"fails": 0,
"status": "E"
},
{
"lastUsed": "2021-10-14 06:59:33",
"created": "2021-10-14 06:58:05",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000002",
"id": 4022891,
"type": "TOTP",
"user": "ckelp",
"fails": 0,
"status": "C"
},
.....
]
}2. Disable OTP device
Disble the OTP devices one by one
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/4022880JSON
{
"Operations":
[
{
"op": "replace",
"path": "status",
"value": "D"
}
]
}Response 200 Ok
{
"lastUsed": "2021-10-14 06:57:00",
"created": "2021-10-14 06:44:43",
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
"links": {
"requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
"responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
},
"resourceType": "OtpDevice"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
],
"name": "TOTP00000001",
"id": 4022880,
"type": "TOTP",
"user": "admin",
"fails": 0,
"status": "D"
}
SCIM for Federation
SCIM for Service Providers
SCIM for Federation
⏰ Getting Started
Introduction
Soffid allows you to combine two of the most powerful addons you can use into Soffid Console, SCIM, and Federation.
Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation
Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization
Please note that it is recommended to use a REST client, please see our example in Testing tool # RESTer
Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request
Please note that the Federation addon must be installed and configured, check it in the Federation book.
Identify Service Provider
- classe: "S"
Service providers Types
Service providers types available
- SAML: saml
- SAML API client: soffid-saml
- OpenID Connect: openid-connect
- OpenID Dynamic Register: openid-dynamic-register
- Radius client: radius
- CAS client: cas
Open Id Mechanism
- PA: User's password
- AC: Authorization code
- PC: User's password + Client credentials
- IM: Implicit
Federation Operations
Soffid provides an API that allows you to connect to the Federation microservices.
The available operations are the following
- List all
- List by filter
- Query by id
- Create
- Update
- Delete
You can visit the SCIM Federation Member examples and the SCIM Entity Group examples page for more detailed information.
SCIM for Federation
SCIM Entity Group examples
Operations
This page shows the functions that can be performed for the Entity Group object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/EntityGroupResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6725679",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "Soffid",
"id": 6725679
},
{
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
]
}List by filter
List all entity groups with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup?filter=name co "test"Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6725679",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "Soffid",
"id": 6725679
},
{
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
]
}Query by id
Query an entity group by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/5462422Response 200 OK
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
}Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/EntityGroupJSON
{
"metadataUrl": "test-3",
"name": "test-3"
}Response 201 Created
{
"metadataUrl": "test-3",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-3",
"id": 6780695
}Update partial
Only attributes with changes will be updated, the others will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/6780695JSON
{
"Operations" : [
{
"op" : "replace",
"path" : "name",
"value": "SP Cloud"
},
{
"op" : "replace",
"path" : "metadataUrl",
"value": "SP Cloud"
}
]
}Response 200 OK
{
"metadataUrl": "SP Cloud",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "SP Cloud",
"id": 6780695
}Update all
This operation replaces all values in the entity group.
- Note that the attribute id is required to confirm that the resource "...EntityGroup/<id>" is the same that the JSON EntityGroup.
- Note that all the attributes not included in the request will be cleared in the EntityGroup and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see the Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/1976590JSON
{
"metadataUrl": "SP Cloud Test",
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "SP Cloud Test",
"id": 6780695
}Response 200 OK
{
"metadataUrl": "SP Cloud Test",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780695",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "SP Cloud Test",
"id": 6780695
}Delete
Please note, after this deletion, the entity group has to be created again to use it in the following examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/EntityGroup/6780695Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
SCIM for Federation
SCIM Federation Members examples
Operations
This page shows the functions that can be performed for the Federation Member object.
List all
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/FederationMemberResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 15,
"startIndex": 1,
"Resources": [
{
"internal": false,
"allowRecover": false,
"disableSSL": false,
"impersonations": [],
"roles": [],
"ssoCookieName": "soffid_sso_session",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"metadades": "{\n \"authorization_endpoint\": \"https://server/oauth2/auth\",\n \"token_endpoint\": \"https://server/oauth2/token\",\n \"userinfo_endpoint\": \"https://server/oauth2/userinfo\",\n \"scopes_supported\": [ \"openid\",\"email\",\"profile\"],\n \"display\": \"page\"\n}",
"authenticationMethods": "P",
"storeUser": false,
"contact": "pgarcia@soffid.com",
"loginHintScript": "loginHint",
"id": 5999758,
"enableCaptcha": false,
"classe": "I",
"idpType": "openid-connect",
"keytabs": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/5999758",
"resourceType": "FederationMember"
},
"organization": "Soffid",
"extendedAuthenticationMethods": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "OpenIDConnect_Test",
"serviceProvider": [],
"allowRegister": false,
"publicId": "OpenIDConnect_ID"
},
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [],
"registrationTokenExpiration": "2024-04-04 08:04:47",
"uidExpression": "userName",
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6798983",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6798983
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6798984",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6798984
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "http://localhost:4204",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6796706",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "OpenIDDynamicRegister-Test2",
"openidUrl": [],
"id": 6796706,
"maxRegistrations": 3,
"allowRegister": false,
"publicId": "OpenIDDynamicRegister-publicId-test2",
"serviceProviderType": "openid-dynamic-register"
},
........
]
}List by filter
List all entity groups with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/FederationMember?filter=name co "Dynamic"Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_USER@soffid"
],
"registrationTokenExpiration": "2023-11-09 07:57:20",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617980",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617980
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617977",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617977
}
],
"openidMechanism": [
"PA",
"AC"
],
"openidLogoutUrl": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6617976",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Dynamic Register SP",
"openidUrl": [],
"id": 6617976,
"maxRegistrations": 2,
"allowRegister": false,
"publicId": "DR",
"serviceProviderType": "openid-dynamic-register"
},
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_USER@soffid"
],
"registrationTokenExpiration": "2022-11-10 00:00:00",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6622593",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6622593
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6622594",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6622594
}
],
"openidMechanism": [],
"openidLogoutUrl": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6622589",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Dynamic Register SP 2",
"openidUrl": [],
"id": 6622589,
"maxRegistrations": 1,
"allowRegister": false,
"publicId": "DR2",
"serviceProviderType": "openid-dynamic-register"
}
]
}Query by id
Query a federation member by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/FederationMember/6617976Response 200 OK
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_USER@soffid"
],
"registrationTokenExpiration": "2023-11-09 07:57:20",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/5462422",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-demoIdP",
"id": 5462422
},
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617980",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617980
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6617977",
"resourceType": "AllowedScope"
},
"scope": "*",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6617977
}
],
"openidMechanism": [
"PA",
"AC"
],
"openidLogoutUrl": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6617976",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Dynamic Register SP",
"openidUrl": [],
"id": 6617976,
"maxRegistrations": 2,
"allowRegister": false,
"publicId": "DR",
"serviceProviderType": "openid-dynamic-register"
}Create (SAML)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMemberJSON
{
"name": "App SAML Cloud" ,
"publicId" : "http://<YOUR-SERVER>:8090/apps/user_saml/saml/metadata",
"classe": "S",
"serviceProviderType": "saml",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
}Response 201 Created
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6798992",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "App SAML Cloud",
"id": 6798992,
"allowRegister": false,
"publicId": "http://<YOUR-SERVER>:8090/apps/user_saml/saml/metadata",
"serviceProviderType": "saml"
}Create (SAML API client)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMemberJSON
{
"name": "Test-IdP" ,
"publicId" : "https://some.idp.com/identifier/",
"classe": "S",
"serviceProviderType": "soffid-saml",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
}Response 201 Created
{
"classe": "S",
"internal": true,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787237",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "Test-IdP",
"id": 6787237,
"allowRegister": false,
"publicId": "https://some.idp.com/identifier/",
"serviceProviderType": "soffid-saml"
}Create (OpenID Connect)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMemberJSON
{
"name": "AngularAppOpenID",
"publicId": "AngularAppOpenID",
"classe": "S",
"serviceProviderType": "openid-connect",
"roles": [
"SOFFID_HRMANAGER@soffid",
"SOFFID_MUSIC@soffid"
],
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"allowedScopes": [
{
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
},
{
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidUrl": [
"http://localhost:4204"
],
"openidClientId" : "angularClientID",
"openidSecret": "XXXXXXX",
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"openidLogoutUrlBack": "",
"openidLogoutUrl" : [],
"openidSectorIdentifierUrl": ""
}📌 openidMechanism
- PA: User's password
- AC: Authorization code
- PC: User's password + Client credentials
- IM: Implicit
Response 201 Created
{
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidSecret": {
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.api.Digest"
]
},
"id": 6787194,
"serviceProviderType": "openid-connect",
"classe": "S",
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
},
{
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"allowRegister": false,
"publicId": "AngularAppOpenID"
}Create (Radius)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMemberJSON
{
"name": "SP-RADIUS" ,
"publicId" : "SP-RADIUS-publicId",
"classe": "S",
"serviceProviderType" : "radius",
"radiusSecret" : "XXxxzzaasssDD",
"sourceIps": "127.0.01,192.168.133.0/24",
"roles": ["SOFFID_HRMANAGER@soffid",
"SOFFID_MUSIC@soffid"],
"system": "BABELTEST",
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
}
}Response 201 Created
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"sourceIps": "127.0.01,192.168.133.0/24",
"system": "BABELTEST",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787250",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "SP-RADIUS",
"radiusSecret": "5GsnYxLvT0D0W4GQ9Zae",
"id": 6787250,
"allowRegister": false,
"publicId": "SP-RADIUS-publicId",
"serviceProviderType": "radius"
}Create (Cas)
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/FederationMemberJSON
{
"name": "CAS",
"publicId": "CAS-publicId",
"classe": "S",
"serviceProviderType": "cas",
"roles": [
"SOFFID_HRMANAGER@soffid",
"SOFFID_MUSIC@soffid"
],
"system": "BABELTEST",
"consent": true,
"entityGroup": {
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidUrl": [
"https://www.testcasserver.lab/cas/"
],
"openidLogoutUrl": [
"https://www.testcasserver.lab/cas/logout?service=<redirect_url>"
]
}Response 201 Created
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"consent": true,
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"keytabs": [],
"system": "BABELTEST",
"openidLogoutUrl": [
"https://www.testcasserver.lab/cas/logout?service=<redirect_url>"
],
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6804777",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "CAS",
"openidUrl": [
"https://www.testcasserver.lab/cas/"
],
"id": 6804777,
"allowRegister": false,
"publicId": "CAS-publicId",
"serviceProviderType": "cas"
}Create (OpenID Dynamic Register)
The OpenID Dynamic Register has to be created in the Soffid console
For more information, you can visit the Openid-connect Dynamic Register documentation
Update partial
Only attributes with changes will be updated, the others will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/FederationMember/6787388JSON
{
"Operations" : [
{
"op" : "replace",
"path" : "openidMechanism",
"value": ["AC", "PC"]
},
{
"op" : "replace",
"path" : "consent",
"value": "true"
}
]
}Response 200 OK
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
},
{
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidMechanism": [
"AC",
"PC"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"id": 6787194,
"allowRegister": false,
"publicId": "AngularAppOpenID",
"serviceProviderType": "openid-connect"
}Update all
This operation replaces all values in the entity group.
- Note that the attribute id is required to confirm that the resource "...EntityGroup/<id>" is the same that the JSON EntityGroup.
- Note that all the attributes not included in the request will be cleared in the EntityGroup and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see the Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/EntityGroup/6787194JSON
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
},
{
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
]
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"allowRegister": false,
"publicId": "AngularAppOpenID",
"serviceProviderType": "openid-connect"
}Response 200 OK
{
"classe": "S",
"internal": false,
"allowRecover": false,
"disableSSL": false,
"openidLogoutUrlFront": "http://demolab.soffid.pat.lab:8080/soffid/anonymuuslogout.zul",
"virtualIdentityProvider": [],
"impersonations": [],
"roles": [
"SOFFID_MUSIC@soffid",
"SOFFID_HRMANAGER@soffid"
],
"entityGroup": {
"metadataUrl": "test-2",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/EntityGroup/6780683",
"resourceType": "EntityGroup"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.EntityGroup"
],
"name": "test-2",
"id": 6780683
},
"openidLogoutUrlBack": "",
"keytabs": [],
"allowedScopes": [
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6802723",
"resourceType": "AllowedScope"
},
"scope": "openid",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6802723
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787199",
"resourceType": "AllowedScope"
},
"scope": "email",
"roles": [],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787199
},
{
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/AllowedScope/6787197",
"resourceType": "AllowedScope"
},
"scope": "profile",
"roles": [
"SOFFID_MUSIC@soffid"
],
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.AllowedScope"
],
"id": 6787197
}
],
"openidMechanism": [
"PA",
"AC",
"PC",
"IM"
],
"openidLogoutUrl": [],
"openidSectorIdentifierUrl": "",
"meta": {
"location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/FederationMember/6787194",
"resourceType": "FederationMember"
},
"schemas": [
"urn:soffid:com.soffid.iam.addons.federation.common.FederationMember"
],
"name": "AngularAppOpenID",
"openidClientId": "angularClientID",
"openidUrl": [
"http://localhost:4204"
],
"id": 6787194,
"allowRegister": false,
"publicId": "AngularAppOpenID",
"serviceProviderType": "openid-connect"
}Delete
Please note, after this deletion, the entity group has to be created again to use it in the following examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/FederationMember/6784722Response 204 No Content
204 No ContentError response
For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response
Cross-Origin Resource Sharing (CORS)
By default, for security reasons, the SCIM interface is published for any server application, but not for client-side (javascript) applications.
In order to allow client-side applications to query or modify SCIM objects, the CORS protocol states how to define the restrictions that apply to client-side applications. CORS settings can be tuned adding two parameters:
| Parameter | Value |
| soffid.scim.cors.origin |
Set a comma separated list of DNS domains allowed to perform SCIM operations. Set to * to allow access from any domain |
| soffid.scim.cors.methods |
Set a comma-separated list of allowed operations. By default, it is set to GET, OPTIONS, HEAD To allow any operation, set it to GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
|
These parameters can be changed in real-time for any tenant. Mind that setting these values for the master tenant applies to master tenant, but also applies as default values for any child tenant.
Textual Index
Textual Index
Textual Index
Introduction
A textual index is a data structure used in database systems to facilitate efficient search and retrieval of text-based information. It is designed to handle large volumes of textual data and provide quick access to relevant documents or records based on specified search criteria.
When a search query is performed on a database with a textual index, the index is queried to identify relevant documents or records that match the search terms. The index provides information about the location and relevance of the documents, which enables the database system to retrieve and present the results in a timely manner.
Textual indexes play a crucial role in enabling efficient search and retrieval of textual information in databases, making them an essential component in applications that handle large volumes of textual data, such as search engines, content management systems, and document repositories.
Soffid incorporates the textual index from version 3.5 using the Apache Lucene library.
Index configuration
Soffid allows you to configure the objects you want to use in the textual index. To do this, you must select the proper object from the metadata page and enable the option "Use textual index". Once you enable this option, the textual index will be applied to the attributes of this object that have been included in the quick search.
Notice, from the user interface, it is not interpreted as a Lucene expression.
Example
1. Enable the "Use textual index" on the User object and save the changes.
2. Check the attributes included in the quick search.
How does the user interface search work?
Once you have configured the textual index for a specific object, Soffid will apply it when you use Quick Search on this object.
Example 1
1. If you search for users using the text "frankin", then Soffid will display all the users whose userName, firstName, lastName, or middleName match, to some degree, with the typed text following the textual index rules.
2. If you include the attribute manager in the quick search:
3. And search for "frankin", then Soffid will display all the users whose userName, firstName, lastName, middleName, or manager match with the typed text following the textual index rules.
Example 2
1. If you search for users using the text "manager:frank" Soffid will display all users whose manager matches the text "frank".
Notice the difference by searching "manager:frank?":
And by searching "manager:frank*":
And also by searching "manager:fr*"
Example 3
1. If you search for users using the text "userName:frank*" Soffid will display all users whose user name matches the text "frank" followed by any other text.
Notice the difference by searching the text "userName:frank?":
Example 4
1. If you search for users using the text "frank" plus the wildcard "?", Soffid will display all users whose userName, firstName, lastName, middleName, or manager match the typed text as long as it has variation in the characters where the wildcard has been used.
Notice the difference by searching "fran?"
How does the SCIM interface search work?
1. First of all, you must install the SCIM addon in Soffid.
For more information, you can visit the How to install SCIM in Soffid? page.
2. Then, you can use any REST client to test and consume our SCIM REST web service.
For more information, you can visit the Testing tool page.
3. Finally, you can start to use the SCIM interface search by using Lucene syntaxis
Lucene syntaxis
Please browse the standard specifications in this link: https://bookstack.soffid.com/books/soffid-3-reference-guide/page/lucene-query-parser-syntax
Term Modifiers
Lucene supports modifying query terms to provide a wide range of search options. Here are the most common ones:
| Wildcard Searches |
To perform a single character wildcard search use the "?" symbol. To perform a multiple character wildcard search use the "*" symbol. |
| Regular Expression Searches | Lucene supports regular expression searches matching a pattern between forward slashes "/" |
| Fuzzy Searches |
To do a fuzzy search use the tilde, "~", symbol at the end of a Single word Term Soffid Console <= 3.4 version ~0.8: stricter search ~0.1: more lax search Soffid Console > 3.4 version An additional (optional) parameter can specify the maximum number of edits allowed. The value is between 0 and 2. |
| Range Searches | Range Queries allow one to match documents whose field(s) values are between the lower and upper bound specified by the Range Query |
| Boosting a Term | To boost a term use the caret, "^", symbol with a boost factor (a number) at the end of the term you are searching. The higher the boost factor, the more relevant the term will be. |
Boolean Operators
| OR | The OR operator links two terms and finds a matching document if either of the terms exist in a document. This is equivalent to a union using sets |
| AND | The AND operator matches documents where both terms exist anywhere in the text of a single document. This is equivalent to an intersection using sets. |
| + | The "+" or required operator requires that the term after the "+" symbol exist somewhere in a the field of a single document. |
| NOT | The NOT operator excludes documents that contain the term after NOT. This is equivalent to a difference using sets. |
| - | The "-" or prohibit operator excludes documents that contain the term after the "-" symbol. |
Escaping Special Characters
Lucene supports escaping special characters that are part of the query syntax.
The current list of special characters are + - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
Examples
Example 1
1. Use the wildcard search
1.1. *
Request
GET http://<domain>/webservice/scim2/v1/User?textFilter=fran*Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"lastName": "Franklin",
"createdByUser": "ActiveDirectory",
"fullName": "Rosalind Franklin",
"active": true,
"userName": "rfranklin",
"mailAlias": "",
"firstName": "Rosalind",
"createdDate": "2023-08-08 14:26:14",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2862",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'rfranklin'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'rfranklin'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'rfranklin'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'rfranklin'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2862/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-08-08 14:26:14",
"attributes": {},
"id": 2862,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
},
{
"lastName": "Franklin",
"createdByUser": "ActiveDirectory",
"fullName": "Aretha Franklin",
"active": true,
"userName": "aretha",
"mailAlias": "",
"firstName": "Aretha",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276397",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'aretha'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'aretha'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'aretha'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'aretha'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276397/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:54",
"attributes": {},
"id": 276397,
"userType": "I",
"primaryGroupDescription": "World",
"primaryGroup": "world"
},
{
"lastName": "Sinatra",
"createdByUser": "ActiveDirectory",
"fullName": "Frank Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:55",
"attributes": {},
"id": 276435,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
},
{
"lastName": "Sherwood",
"createdByUser": "pgarcia",
"fullName": "Frank Sherwood",
"active": true,
"userName": "franks",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-10-05 15:32:40",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'franks'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'franks'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'franks'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'franks'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 15:32:40",
"attributes": {},
"id": 432644,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
}
]
}1.2. ?
Request
http://<domain>/webservice/scim2/v1/User?textFilter=fran?Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"lastName": "Sinatra",
"createdByUser": "ActiveDirectory",
"fullName": "Frank Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:55",
"attributes": {},
"id": 276435,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
},
{
"lastName": "Sherwood",
"createdByUser": "pgarcia",
"fullName": "Frank Sherwood",
"active": true,
"userName": "franks",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-10-05 15:32:40",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'franks'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'franks'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'franks'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'franks'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 15:32:40",
"attributes": {},
"id": 432644,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
}
]
}Example 2
1. Use the wildcard search in a specific attribute
Request
GET http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=userName:frankResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"lastName": "Sinatra",
"profileServer": "Void host",
"createdByUser": "admin",
"fullName": "Frankaaa Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"mailServer": "Void host",
"firstName": "Frankaaa",
"emailAddress": "pgarcia@soffid.com",
"mailDomain": "soffid.com",
"createdDate": "2023-06-02 07:41:47",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/3910",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/3910/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-06-02 07:41:47",
"attributes": {
"picture": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHCBYWFRgVFRYYGRgaGhkYGhgaGBoYGhoYHBkaGhgZGhgcIS4lHB4rIRgYJjgmKy8xNTU1GiQ7QDs0Py40NTEBDAwMBgYGEAYGEDEdFh0xMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAABBQEBAQAAAAAAAAAAAAADAQIEBQYABwj/xABFEAACAQIDBAcECAQFAgcBAAABAgADEQQSIQUxQVEGEyJhcYGRMkKhsQcjUnKSwdHwFGKCoiQzY7LhU3NDZIOTo8LxFf/EABQBAQAAAAAAAAAAAAAAAAAAAAD/xAAUEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwDeqIVZwEcBAQQiCIBHqIDgItogjwICWiqIto4CAqiZn6ScNnwDn7DI/wAcp/3TUKJX9JcNnwldOdNj5qMw+UD5zcQYh6qG+gPpGrQblAdThBHUsK3MfEw4wR5n5QG4dtd8t8JU3DT0/wCZBpYVRvI9ZMpqg97ytxgTi44n8zz3D9+k4G+4ee79iR/4pF3C/iY2rtIAakD0gT6WHOlz4/v97oZEpL7RzHu5/nM/U2wg3Fm+Eh1NsN7oA+MDWfxir7Kj975FxO0re04Xuvb+0a+kyVTaDtvc+ANh6CANQwNFW2wg3ZnP4R6nX4SFV2y59kKv9x9Tp8JUXMab3gS62MZvaYnxOnpI7Vo0oeAJiVKLAXINoCl41njAJzixsdPnAUNEZpY7H2FiMSbUabMOLnsoPFzp6XM9G6O/R/SpEPiCKrjULb6tT906ue86d0DLdEuhz4krVqhkob+IaoOSclP2vTmPWqNFUUIihVUBVUCwAG4AQw3RpEBhEYVhjGkQAOsCZJYQbLAjO0ZeFqLBQNAqwgSKphFgMCRwSEAhVWAFUsCToBqSdwHEmUmI6YYJCQapJH2Uc/G0r/pH2y1FEpLcBwSx5gaBfz9J4/isWzHfaB61ivpKwqexTrP32RB8Wv8ACU2J+lVrkU8MgHAvULf2qo+c8xZol4G1xn0kY5/ZdKY/00F/V80pMX0jxNX/ADMTVYHeM5VfwrYfCUmaITAmCoI7r5BzTrmBYDFGDav3yJaKtNjwgGOJPjGHFNFXCkyTR2cDqxPgIEA12PExERmPZBPgCZd0cIgOiE+MtKeznb2QQDwtv/esDLjBPxGXx/SOTB8zfwm2w/Rose1eXOH6PUltm3wMBhtiM5si+usu8N0KdvaNvKwm/wAFhUQjIl7d36y1COfcC+JEDzE9Csu8mFodF1G+3pN9XRuQ+cjFLDUQMvh+j6BtRbyhdq7DTJu56j9JatvvFxL9gg3/AHxgeYYjZ6qWPLlu8ZsuhfRzDPSGIemHcsw7faUZTYWTdfxvKNkzswtcA30F766D4fGekbCw4TD01At2Qbd51J8TeBNRQAABYDcBuHlHho2dAfeJmgyY0mATNGs0YzRmeA8tBu0VngWeAjtBZo4vB5oGlQwimAVo4PAkq0KryIHjg8CJ0k2DSxtLq6hZWGqOp7SHjpuIPEGeN9IuhWKwpLMhqU+FRAWFv5l3p56d89yDxy1IHzNEn0BtTozg8QSalBMx3ul0bzKWv5zM4z6L8M2tOtVp9zZXHyB+MDyOJPRqv0VVPcxKH71Nl+TGQNofRzWoI9Z61Iog1Az5iScqgXHMiBjUp3498lrhlG+DanlPwlmaV0Q/y/L/APIEXIL6CEWnynDfJ2BVScpNoDMNgGYiwB85ZJsuotiU08QZabMwigg38949RNKmFDLrYwMxgKS3CurKeFx++c02GwAt2XBHDSSKOFKqLi45b/Cd1AGqi3h+kB38Jbe/oJJpBFGm+N0y8z6RmGIBvx5wDde5PZB8bWkoI1u03kJyMOJnVsQAL6Ad/OAKpSHf6yvxNhuvFq7U1IW1++RhXz3vpADm3yJjn7DW0IBsYdjyOm6QsShyt90/KBUbOw/YVt9xmJ14k6fAes3+DZcqoHViqqDYi+gHDhMLhELhETQMoGhsQNM5PLfaW+MxaU6iJTUllIuw9lRbUM3EnlA1BE6DLxM8B5Ea0b1k7NAY4g4UxpEATGBYw7iDKwAxmWHIEbpAv1hAIJYQGA4R4jBHKYBBFiAziYCGKI0mKIDxKHp4p/gnt9unfwzj87S+WVnSxL4Kv3Jn/Awb8oHi+LpAtpwCmTqVH6pL8j/uMFTp7yfD0AEnYpciIOBRfjrAqkoXa1o9sMyG/wCWnpCqLax+P2oEAAAzHXUcOEBuG2w9M3yg25f8S2wnTNcwDIV4XHw0mTxWIe/bsugPAWvz7+6Ds9sxW4G/mLgEEjkQQbwPYdnbdpOtlYa+nfLBmVhpuni2G2nk5ibjox0jD9g+1A09OoBmEitj0Q9owi4RzrKDaxdWsqFiONtLwJe1Nt1stqKgXF8zfvTjKHE9o3r4nX71hfmBI2JNUkK1xfQKDqSeQ4eJg2Z8Ndy6U7OEuEzszWubs29R690C1wGKw6nLnDHd2jL1KiMNDfvvYD0kKjgKuJpO2alXZGKulSmACAAVNNxYrcHiN8yiYoo/1QqBNzI3a6sg20f3l+UDb1TcaayG99YLDVibZuUk110vAhbBpXJHHMU8r3NvIXlxWpAOVAFrgj9+szmA26uHxLoVuxF8xPshgCQB4W9Zf5y75h7639bpf+4QLmn7I8B8opESLAQRSZxEYRAW84xVE5lgBYxpjmSMcQBuYO8c0HaBqFEdaIojhA60UCdaKIC3nTohMDoojLxYBVMbjsP1lGpT+2jp+JSBOWSKZgeB1Kp0Oul7jkbk/vwlli6oegjjgSvkDp8CI/pbs/qcXWp7lc51+6/at4A3HlImFX6t6ZG7tr8j+UAlLCO40F4zEbH7S52sx0vb2eXjNL0VIZATb/n9/KWu19kBxmXQj98IGOTYFU5lennDEMHVwpzDQWO+1uGnHnNbsvolSSiyOLs5zWXUILAKoYgXsANe+Q8Hh6yEAG/jrL6i1S3bbTugYXaXQ1kVnDLZbm2rE6nyGhHpM9sZiuJS2mtp6ltrFKtJgd1tTPLqFT65SN94HsuGfsAnu+Ufhgt75QfLjIuz+1RvxtHYapAj4/C02a5WxBBvoDod17eMqcZsNajEq+W9iylQwJGgOp0PfNTXoh1uN8rv4fnp++cBcFhkw6ZFYm9yxvqzHS5t4W8pG/gUe5YAchbcJMTBrvzEwopiBUrg8h/4lZtB7dkbyQB56TQ4phaZjFDNUQd9/Td8bQI229jI9RKiXznsuP5V7Kn0EvcEgzKo1ChU89Xb/avrCVqJVLKbE72tckHSwHG5Mk7OweRdd9txNyL6knmx4+AECTOvHGNIgcTEvEvHgQODTs04iNJgKRBOsfnjWeBHcRto52gs8DUARwjVMdA4CLEvEJgLmiXnRsB0VYwQloDhDI0AIRTAxP0o7PNqWJUaLenUI4Am6E+eYeYmDw9UBh37/Oe5VqSujI6hkYZWU6gg8JgdrdBEo5qwxGSiNSGQu4/lQgjOeAvr4wM1sXH9VVKndfT4zd0cfmE80xrIxFSncKb2DEFhY21K6E7t3OXuwto7lJ8PlA2Ard3nO6y5sYGlVBj0S8Cg6Z4oCnkHEzE7Io56qjvvL/ppibsEXgLmM6G4G5LnU7v1gej7Jp2pnw/f78JGXeRLHZOnZ5iQ8ahDHxgHwb8L/v8AZkhwDvEqkdl13jjJlDFBhA51I3QLsRvk1jIWJ4wKjG4nWU+GrMa6sqlramys1hY6kKCQOEtMYmhJ/fKO6LJ2qrfcF/xE/lAs8Iju2dxlA0VbWPiV90b9DrrraTTFtOgDjSsIREgCyx6xWEEzQFcwbGNZ4wtAdeNaNBjjAG8FDNBWgaVIVYNBCCAtowwgEaywEnRLR0DgI4CII4QHARwWcsKggKizyb6SuknWv1CEdWhsbnss/E2Gr24DcOPdrun3SL+HpGjTI611Nze2SnuJJ4E7v+bTxqtUN81wt9c7DtH7icB+7wJWz3GQ7rF2IsLC4VLi3C418pJw1TIwPCQcC+dKiBizLaqtxY2HZf4FT5Q9B8ynmNfKBv8AAV8wUjWWO0topRpFjvI0HMzObBq2S54CUO2tqmq1+A3DugQ8XiC7Mx1JMteiWOCVCjGwOovzmezzkuzALcnhaB7LhMcpbRh6ynx/SJDV6tFeq17HIhZVPe268pNh7EZSHrs1j7oNvWbzB00RQEUKOAAAgOw1AhbuLE7xy7ryn2jQek3WJdk3uo3gfaHdLt60jjFKDraBFwe0VdbqZ1epbUyi21hjSb+IoeyT9YnAX94Dh3jvklMVnTN3XgLjDmU21PLvgMBtE4cMhpliTc62bcBfLa5XvGmshPisis53LZv7h+svMLthHUHQ8bwOo9JUb3G13ZSGv929s3leSqe26De/bhqDv46jSGQYeotmRCDvuo1MhbU6NKwLJdWt97dqAQfbHc3kRAnjF0yLiolueYTqeJRjZXRjyDAn0BmAqsyOUcEMBmsLtdQdXS+rqOK+2ttcwgXRDe9gGs5INldRufMpF1ud+4ccu6B6SwgnWYXCbfq4dsrl3UvlyN1aJTW1xZyBw58LTZbO2lTrpnpsDb2gGBKnkcpIgPYRhEKyxloAwJ0JlnZYAmg80M6wVoGlURyiDVo9WgEUzmiRYDZ1o4LHBYAwIRRHBI9afpA5Fld0g22mFplmILkHIv8A9jyUSDtXpfQpBshFRl35TdR4kanyE8l25t56zl3bUm4JF2HIIl7IOV9YAdtY96jmo7asbl21uearvbkCQAOHOVYJOqIW/nqaj46R5ze0EAv79Q3Y9/a/SMrFTrUqM55LrbuudPSBKwGOenVR3emQDZl7PsEWYaC24mWO1MAcPUsuqPc025rxUnmNPKxmeDJuWmW8ST8BN30bdMVhuoqqQUsNfaAt2HUnlqPLvgR9m1s1F1XeFOg4ixmeqLlAvLV6L4StkfVT7LcGXn+o4SHj6gZrj0gRKKK28i3jNVsJcOhzM6X7yJjqyEbxLXZWyKdXXPc8V9lh+vH1gennFUKlO6upAtexBt6RKG0aIATrVuObCZzBdEcPa+errycDcByGssE6MYNd6FiL+3UbXfwB8IFliNoU1FzUQD74/WQ6rmqv1Op0IY6KdeHP5QB2bhUYFKNPNwsoNvM6k+Mt6LhBfjAr8ArglKo9rnuInbSpBFsDpu/WO2lWLLpvGt5SYmpUqsiXsSQo8WNh5m8CJjaud0QA5ew5W2joHAbXkCJXdSp60K/VFKpSmST1be2VVrjsaL7V7a6jjLPpIow2ITLotHEVKZ/7bpTqW/C7yp2jh7L1V7t1qlydNVZqRPhYo3/qXgEo4qrTdHd2K0zldCMrI/DOOIPBhoZ6XsnaiuoN73nmW0axavinDG1IBRfVWBdaZpsOKntaeYtJOysU9FkKezUynIWGZMwzDxUjc3rY7w3nSHYi10upKPcMjrvVx7LDv+YnntXOjMjjqyHGew0pVW0TEU/9J9zLuveeobLrFls2t5lOm2FAIrBc2VWWon/Uot/mKOZA7Y+6YGXF7dWUANygQ3KrUHabDk7zTcdpD7p3RNlY16Lq9JaRQDsgkU6zpftIdbOym6kHiNN8FVXQqXuAEps/NG7WExPipshPIyLinS4esjFHZg6Icpp11stS3DWwax/KB6xhMStRFqJqrC4594I4EboRhMj0Hx62egHzrq9Jjo2XQOjD7amxP3r8Zq2eAhMS8S8SBzmBzwjiDtA0Aj1M4COtAVWhVMCBCKIBRHARiiRNq7XTDrdu05BKotyzd9hqB3wD7R2hToJnqNbkPeY8gPz3Cefbb6Q1MV2EJCfYp1aYc/eBBznuB8oLaWJq1nNR1qDk3ULUVV5atoB4CQEqVGPZGGxAPuZFV/JLIw8rwKDGk7hUL2YDIyZKwN9ymx1vyPlK50ZfdWn3sbufz+E021aYrLlCZKo0FOr7R5CnVNmBvuV9OR4SrOAFuxg3J+1UZiPSyiBRsyX1Lufwj8zHpm9ykB3kFj6tJGIp1UOuSn3Bk09CZFc39qrfuAY/OwgPdXPtOq92YD4LJmwdonD1lfrMynsuNTdTvI7xv8u+Vl6Y4OfML+s4svBP7mMD1fauAXE0SgIv7dN+Aa2mv2Tx9eE87VGRzTcFWU5WB3gzRdCtsAr/AA7XBXVNd68VvzHyPdLHpPsXrl62mPrUH/uKPdP8w4engFDiMASugvpKhsM6nshr915ouju0Vaytv3WPxmjQICCANf3+/CBisM2ONsgqW3bv1Es8NsrHsczs4B3gkCbZKigX+EmJXUiBQbP2a6bxr6n1lg1Mrv3yfUrASqx+LAHfuA4k8LCBWba2itJc7nTlxJ5DmZA6C4tsTjKebgxcjkEBK/HLKfpc5Y6nQbhy5zQ/Q3hO3WrHgqovmczH4CAP6SFHW4pbah8NVH9aGkf9qiE2bsF6/wBY3YLomZSAe2qKGPgSin+kS8x2CTEYypiASUKU0A91shJzeFybeF5Z136pVYaWdAfBjl+ZEDzTpXQqUi6OEyuVLMihCxW5UtbedTIH8cGxKuoIRVRFB3gKoFj33BM3PTvCipTzDhr+v5TzzDUi7qote/tW1sPnA9d2HUBUGQemastPrE1ZCHA+0FN3XzXMPOSdh0cqAdwndKCwoO6i7IpcDmV7VvO0Dzg0kVsl70xZM3PC4jWm39Dnfwgu0wdH9tlI3X/xOGNhod5en63hCiEZfcQ5Cf8AyuJ7VNv6HIgqrsCKje2pV3H+rQcUq/4kZWgM2btIJUTEU1C9pespjQB7WLIPsuuYW4G3dPUetDAMpupAIPMEXE8uxRp1M9RRlKXSqqjUoHHV107xZcwm56J4o1MMoNsyMyG27TVSO4gi0C2Dzs84rGEQH5oy8WMtA0itHgwSiFUQHrDoINU4zGdIek3WXo4c3QGzuC/a5gdWpIXzF/DeFztjpMlO6Uu2/wBoK7IvgUUhjMJjHaqxLujltSr1alIn8YRYF6ii1+qB/mOLuPMyRQqZtFBb/s1s/wD8Fa5bwgREwrUzmFDEp/NScOO7ULb4yQtRa182WsRvV16rEabyrrcOd+hJPdEZFQK9xlL5M6B8PURt5zpqmnd6wjJUc5Hb/E02z0yQt6iWuAHHtEAZhqQdYA8QV6tTmaphnOVs4+sovpoDztqOBA3XlXicJTRnTE1atwQaZUB1dCLhrsRv/MS4p4hAGqZPqqnYxFIb0YnR0HAX1XkbjlB1kdCEV1z01vSqEArUwzm7C5BtYdsb9zCBncSuEX2RWfvZkXX+mV75T7FEkcNWf8psHbEnQYnDaaAhqY9Oxf4SsxeHrn28ZT8qxPwUAQKEdYNyZf6Lf7o1jV4sB/Uo+XhCYvCoNTXVj3Bm+N5DyJ9o+SwDU69VHV1cZlII7SnX9P1nqGx9pJWpo67yO0L+y3vCeTOE4FvSXHRnaYo1At+w5AJ3Wf3Tv47vTlA1u2+jpZzXw1g+903BjxZTuDcxuO/TjQrtipSbI6spG9WFj6H5zbUsRcSPjXUizqGHJgGHxgRMN0ipMmrWPIx9Hb6D3x6yH/8AzqbGwo0/wLNBszohhaq2enlb7SGx9LW9RArK/SBdynOeAGvryjMCjM2dzdzcADco7uZ75dYno3h6JP1yIBpeoMgNt4DAENbQHdaRa+TIWoulWxCk03R+0QSq2U3zEA2HceUCsw1Km1Zmex6u1g1rDjmN+QmgwLtUzCklkIKs9ygdTvAG8i3Ezz7Z2MV8Qrkgrmtl4HS4J5ier7LqLYeEBlNcgHYJUb8upHlxHhrIfSHFKcJWdWBC0y6nvWzD4iX7rxEwfTqkiISzMqVDcqpsrOpv6nTTja8Cg2p0g69FppfddzyEi7FT64abpV0WBHYBuxsANSeQ75othbJc1O2xVtDlWxIHedwgegbLY2F5Kx9MMpHAjXzkbD0coGpPiZIfVbwPLsVhVpv1TaJrh3v/ANGsSabX5JUVvK0hKC5AbewGcfz64asfU03mk6V0Q532zjqSeRftU2Pg6IP6zM2WLHNuNTK/eDUU0qg7stVEPnAFg665ErFRmpDqcQm7rKT9gP4i+U94Uy96A1slSpSvcG4/qT2GH3lLfglFtHDhLOvsYijUvbXtg3YfiVJJ2VieorLWJy5KjUqwIJ3lijEDXUZlvwtxgemMIwiSaRV1V0IZWAII1BB3WIiMkCPaDtJBgvOBoEWFd1RS7sFUbyTYTp0DC9Iekj1wUpgrR5nKvWcLl3ITL/KA/eAZQI/86eeKcHw7ChR6Tp0Agruuod7aC9PGo1rm2qtra54+sI6Z2am7KtVWVqfWU6ahxbRS677k6Xup011iToBqdRsz5UIc/wCdhXvapzemTx423jeMwjKioEUhyaOb6up/4mHqb8j21tfXTxHI9OgdUZyzOFXrkU9fT9yvSPtOoGhuLE27mG6MWmjotLP2HzNh6jWBR/foudwBNvPKdxnToFfhKN1KnCO7U2NNyr1PbXmoBANiDbviVqCa5sFWHi9QfNPGLOgVmKRPdwr373qH4BRKmop4Ubd1nPznToAWY/YH4W/WNKnflsNxGtjOnQNv0Y2pnQKx7SaG/EcD+veJpKeEaoQBOnQNJs3YoWxI1/f6SZtnGU8Jh3rsAci3VLhc77kQHvNok6B5JT2saH+ISun8TUqVC6OjMtMPmcvncZb3IAABOp7xM2+LZ83ZA7CltWIZlv23Gt3OY2JtlvpaLOgDw+Is2lgBusLcbi/E8tZ6p0a2mHRTfXd5zp0DV0sRKjpdsX+ModWrhGDBwxGYXAIsRcEXvvE6dAotl9HqeDQsVNSqB7ZsLE7gg90X85Z7D2aEGdtXY3J8Yk6BdVGAtIuKJtp8506BjNvIztkU+32A2mj5WZCP60UTO583aC2LXcDgpqA51/pr0x+KLOgBwo6xBTJ0FSoi62s1VCafkXQjzkps9UU61NVZ3BpVUYLlNSmAwJDGxLIN3MGdOgazoNtEWfDFSjKSwpNe6X9oITqUvrY6i54Wmqczp0ATiAnToH//2Q=="
},
"id": 3910,
"userType": "I",
"homeServer": "Void host",
"shortName": "pgarcia",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
}
]
}Example 3
1. Use the Fuzzy Searches
Request
GET http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=fran~Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"lastName": "Sinatra",
"createdByUser": "ActiveDirectory",
"fullName": "Frank Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:55",
"attributes": {},
"id": 276435,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
},
{
"lastName": "Sherwood",
"createdByUser": "pgarcia",
"fullName": "Frank Sherwood",
"active": true,
"userName": "franks",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-10-05 15:32:40",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'franks'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'franks'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'franks'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'franks'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 15:32:40",
"attributes": {},
"id": 432644,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
}
]
}2. Use the Fuzzy Searches: specify the maximum number of edits allowed
Request
GET http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=frankl~2Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"startIndex": 1,
"Resources": [
{
"lastName": "Franklin",
"createdByUser": "ActiveDirectory",
"fullName": "Rosalind Franklin",
"active": true,
"userName": "rfranklin",
"mailAlias": "",
"firstName": "Rosalind",
"createdDate": "2023-08-08 14:26:14",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2862",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'rfranklin'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'rfranklin'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'rfranklin'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'rfranklin'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2862/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-08-08 14:26:14",
"attributes": {},
"id": 2862,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
},
{
"lastName": "Franklin",
"createdByUser": "ActiveDirectory",
"fullName": "Aretha Franklin",
"active": true,
"userName": "aretha",
"mailAlias": "",
"firstName": "Aretha",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276397",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'aretha'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'aretha'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'aretha'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'aretha'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276397/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:54",
"attributes": {},
"id": 276397,
"userType": "I",
"primaryGroupDescription": "World",
"primaryGroup": "world"
},
{
"lastName": "Sinatra",
"createdByUser": "ActiveDirectory",
"fullName": "Frank Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:55",
"attributes": {},
"id": 276435,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
},
{
"lastName": "Sherwood",
"createdByUser": "pgarcia",
"fullName": "Frank Sherwood",
"active": true,
"userName": "franks",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-10-05 15:32:40",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'franks'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'franks'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'franks'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'franks'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 15:32:40",
"attributes": {},
"id": 432644,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
}
]
}Example 4
1. Use the boolean operator AND
Request
GET http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=fran~ AND SinatraResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"lastName": "Sinatra",
"profileServer": "Void host",
"createdByUser": "admin",
"fullName": "Frankaaa Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"mailServer": "Void host",
"firstName": "Frankaaa",
"emailAddress": "pgarcia@soffid.com",
"mailDomain": "soffid.com",
"createdDate": "2023-06-02 07:41:47",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/3910",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/3910/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "admin",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-06-02 07:41:47",
"attributes": {
"picture": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHCBYWFRgVFRYYGRgaGhkYGhgaGBoYGhoYHBkaGhgZGhgcIS4lHB4rIRgYJjgmKy8xNTU1GiQ7QDs0Py40NTEBDAwMBgYGEAYGEDEdFh0xMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMf/AABEIAKgBKwMBIgACEQEDEQH/xAAcAAABBQEBAQAAAAAAAAAAAAADAQIEBQYABwj/xABFEAACAQIDBAcECAQFAgcBAAABAgADEQQSIQUxQVEGEyJhcYGRMkKhsQcjUnKSwdHwFGKCoiQzY7LhU3NDZIOTo8LxFf/EABQBAQAAAAAAAAAAAAAAAAAAAAD/xAAUEQEAAAAAAAAAAAAAAAAAAAAA/9oADAMBAAIRAxEAPwDeqIVZwEcBAQQiCIBHqIDgItogjwICWiqIto4CAqiZn6ScNnwDn7DI/wAcp/3TUKJX9JcNnwldOdNj5qMw+UD5zcQYh6qG+gPpGrQblAdThBHUsK3MfEw4wR5n5QG4dtd8t8JU3DT0/wCZBpYVRvI9ZMpqg97ytxgTi44n8zz3D9+k4G+4ee79iR/4pF3C/iY2rtIAakD0gT6WHOlz4/v97oZEpL7RzHu5/nM/U2wg3Fm+Eh1NsN7oA+MDWfxir7Kj975FxO0re04Xuvb+0a+kyVTaDtvc+ANh6CANQwNFW2wg3ZnP4R6nX4SFV2y59kKv9x9Tp8JUXMab3gS62MZvaYnxOnpI7Vo0oeAJiVKLAXINoCl41njAJzixsdPnAUNEZpY7H2FiMSbUabMOLnsoPFzp6XM9G6O/R/SpEPiCKrjULb6tT906ue86d0DLdEuhz4krVqhkob+IaoOSclP2vTmPWqNFUUIihVUBVUCwAG4AQw3RpEBhEYVhjGkQAOsCZJYQbLAjO0ZeFqLBQNAqwgSKphFgMCRwSEAhVWAFUsCToBqSdwHEmUmI6YYJCQapJH2Uc/G0r/pH2y1FEpLcBwSx5gaBfz9J4/isWzHfaB61ivpKwqexTrP32RB8Wv8ACU2J+lVrkU8MgHAvULf2qo+c8xZol4G1xn0kY5/ZdKY/00F/V80pMX0jxNX/ADMTVYHeM5VfwrYfCUmaITAmCoI7r5BzTrmBYDFGDav3yJaKtNjwgGOJPjGHFNFXCkyTR2cDqxPgIEA12PExERmPZBPgCZd0cIgOiE+MtKeznb2QQDwtv/esDLjBPxGXx/SOTB8zfwm2w/Rose1eXOH6PUltm3wMBhtiM5si+usu8N0KdvaNvKwm/wAFhUQjIl7d36y1COfcC+JEDzE9Csu8mFodF1G+3pN9XRuQ+cjFLDUQMvh+j6BtRbyhdq7DTJu56j9JatvvFxL9gg3/AHxgeYYjZ6qWPLlu8ZsuhfRzDPSGIemHcsw7faUZTYWTdfxvKNkzswtcA30F766D4fGekbCw4TD01At2Qbd51J8TeBNRQAABYDcBuHlHho2dAfeJmgyY0mATNGs0YzRmeA8tBu0VngWeAjtBZo4vB5oGlQwimAVo4PAkq0KryIHjg8CJ0k2DSxtLq6hZWGqOp7SHjpuIPEGeN9IuhWKwpLMhqU+FRAWFv5l3p56d89yDxy1IHzNEn0BtTozg8QSalBMx3ul0bzKWv5zM4z6L8M2tOtVp9zZXHyB+MDyOJPRqv0VVPcxKH71Nl+TGQNofRzWoI9Z61Iog1Az5iScqgXHMiBjUp3498lrhlG+DanlPwlmaV0Q/y/L/APIEXIL6CEWnynDfJ2BVScpNoDMNgGYiwB85ZJsuotiU08QZabMwigg38949RNKmFDLrYwMxgKS3CurKeFx++c02GwAt2XBHDSSKOFKqLi45b/Cd1AGqi3h+kB38Jbe/oJJpBFGm+N0y8z6RmGIBvx5wDde5PZB8bWkoI1u03kJyMOJnVsQAL6Ad/OAKpSHf6yvxNhuvFq7U1IW1++RhXz3vpADm3yJjn7DW0IBsYdjyOm6QsShyt90/KBUbOw/YVt9xmJ14k6fAes3+DZcqoHViqqDYi+gHDhMLhELhETQMoGhsQNM5PLfaW+MxaU6iJTUllIuw9lRbUM3EnlA1BE6DLxM8B5Ea0b1k7NAY4g4UxpEATGBYw7iDKwAxmWHIEbpAv1hAIJYQGA4R4jBHKYBBFiAziYCGKI0mKIDxKHp4p/gnt9unfwzj87S+WVnSxL4Kv3Jn/Awb8oHi+LpAtpwCmTqVH6pL8j/uMFTp7yfD0AEnYpciIOBRfjrAqkoXa1o9sMyG/wCWnpCqLax+P2oEAAAzHXUcOEBuG2w9M3yg25f8S2wnTNcwDIV4XHw0mTxWIe/bsugPAWvz7+6Ds9sxW4G/mLgEEjkQQbwPYdnbdpOtlYa+nfLBmVhpuni2G2nk5ibjox0jD9g+1A09OoBmEitj0Q9owi4RzrKDaxdWsqFiONtLwJe1Nt1stqKgXF8zfvTjKHE9o3r4nX71hfmBI2JNUkK1xfQKDqSeQ4eJg2Z8Ndy6U7OEuEzszWubs29R690C1wGKw6nLnDHd2jL1KiMNDfvvYD0kKjgKuJpO2alXZGKulSmACAAVNNxYrcHiN8yiYoo/1QqBNzI3a6sg20f3l+UDb1TcaayG99YLDVibZuUk110vAhbBpXJHHMU8r3NvIXlxWpAOVAFrgj9+szmA26uHxLoVuxF8xPshgCQB4W9Zf5y75h7639bpf+4QLmn7I8B8opESLAQRSZxEYRAW84xVE5lgBYxpjmSMcQBuYO8c0HaBqFEdaIojhA60UCdaKIC3nTohMDoojLxYBVMbjsP1lGpT+2jp+JSBOWSKZgeB1Kp0Oul7jkbk/vwlli6oegjjgSvkDp8CI/pbs/qcXWp7lc51+6/at4A3HlImFX6t6ZG7tr8j+UAlLCO40F4zEbH7S52sx0vb2eXjNL0VIZATb/n9/KWu19kBxmXQj98IGOTYFU5lennDEMHVwpzDQWO+1uGnHnNbsvolSSiyOLs5zWXUILAKoYgXsANe+Q8Hh6yEAG/jrL6i1S3bbTugYXaXQ1kVnDLZbm2rE6nyGhHpM9sZiuJS2mtp6ltrFKtJgd1tTPLqFT65SN94HsuGfsAnu+Ufhgt75QfLjIuz+1RvxtHYapAj4/C02a5WxBBvoDod17eMqcZsNajEq+W9iylQwJGgOp0PfNTXoh1uN8rv4fnp++cBcFhkw6ZFYm9yxvqzHS5t4W8pG/gUe5YAchbcJMTBrvzEwopiBUrg8h/4lZtB7dkbyQB56TQ4phaZjFDNUQd9/Td8bQI229jI9RKiXznsuP5V7Kn0EvcEgzKo1ChU89Xb/avrCVqJVLKbE72tckHSwHG5Mk7OweRdd9txNyL6knmx4+AECTOvHGNIgcTEvEvHgQODTs04iNJgKRBOsfnjWeBHcRto52gs8DUARwjVMdA4CLEvEJgLmiXnRsB0VYwQloDhDI0AIRTAxP0o7PNqWJUaLenUI4Am6E+eYeYmDw9UBh37/Oe5VqSujI6hkYZWU6gg8JgdrdBEo5qwxGSiNSGQu4/lQgjOeAvr4wM1sXH9VVKndfT4zd0cfmE80xrIxFSncKb2DEFhY21K6E7t3OXuwto7lJ8PlA2Ard3nO6y5sYGlVBj0S8Cg6Z4oCnkHEzE7Io56qjvvL/ppibsEXgLmM6G4G5LnU7v1gej7Jp2pnw/f78JGXeRLHZOnZ5iQ8ahDHxgHwb8L/v8AZkhwDvEqkdl13jjJlDFBhA51I3QLsRvk1jIWJ4wKjG4nWU+GrMa6sqlramys1hY6kKCQOEtMYmhJ/fKO6LJ2qrfcF/xE/lAs8Iju2dxlA0VbWPiV90b9DrrraTTFtOgDjSsIREgCyx6xWEEzQFcwbGNZ4wtAdeNaNBjjAG8FDNBWgaVIVYNBCCAtowwgEaywEnRLR0DgI4CII4QHARwWcsKggKizyb6SuknWv1CEdWhsbnss/E2Gr24DcOPdrun3SL+HpGjTI611Nze2SnuJJ4E7v+bTxqtUN81wt9c7DtH7icB+7wJWz3GQ7rF2IsLC4VLi3C418pJw1TIwPCQcC+dKiBizLaqtxY2HZf4FT5Q9B8ynmNfKBv8AAV8wUjWWO0topRpFjvI0HMzObBq2S54CUO2tqmq1+A3DugQ8XiC7Mx1JMteiWOCVCjGwOovzmezzkuzALcnhaB7LhMcpbRh6ynx/SJDV6tFeq17HIhZVPe268pNh7EZSHrs1j7oNvWbzB00RQEUKOAAAgOw1AhbuLE7xy7ryn2jQek3WJdk3uo3gfaHdLt60jjFKDraBFwe0VdbqZ1epbUyi21hjSb+IoeyT9YnAX94Dh3jvklMVnTN3XgLjDmU21PLvgMBtE4cMhpliTc62bcBfLa5XvGmshPisis53LZv7h+svMLthHUHQ8bwOo9JUb3G13ZSGv929s3leSqe26De/bhqDv46jSGQYeotmRCDvuo1MhbU6NKwLJdWt97dqAQfbHc3kRAnjF0yLiolueYTqeJRjZXRjyDAn0BmAqsyOUcEMBmsLtdQdXS+rqOK+2ttcwgXRDe9gGs5INldRufMpF1ud+4ccu6B6SwgnWYXCbfq4dsrl3UvlyN1aJTW1xZyBw58LTZbO2lTrpnpsDb2gGBKnkcpIgPYRhEKyxloAwJ0JlnZYAmg80M6wVoGlURyiDVo9WgEUzmiRYDZ1o4LHBYAwIRRHBI9afpA5Fld0g22mFplmILkHIv8A9jyUSDtXpfQpBshFRl35TdR4kanyE8l25t56zl3bUm4JF2HIIl7IOV9YAdtY96jmo7asbl21uearvbkCQAOHOVYJOqIW/nqaj46R5ze0EAv79Q3Y9/a/SMrFTrUqM55LrbuudPSBKwGOenVR3emQDZl7PsEWYaC24mWO1MAcPUsuqPc025rxUnmNPKxmeDJuWmW8ST8BN30bdMVhuoqqQUsNfaAt2HUnlqPLvgR9m1s1F1XeFOg4ixmeqLlAvLV6L4StkfVT7LcGXn+o4SHj6gZrj0gRKKK28i3jNVsJcOhzM6X7yJjqyEbxLXZWyKdXXPc8V9lh+vH1gennFUKlO6upAtexBt6RKG0aIATrVuObCZzBdEcPa+errycDcByGssE6MYNd6FiL+3UbXfwB8IFliNoU1FzUQD74/WQ6rmqv1Op0IY6KdeHP5QB2bhUYFKNPNwsoNvM6k+Mt6LhBfjAr8ArglKo9rnuInbSpBFsDpu/WO2lWLLpvGt5SYmpUqsiXsSQo8WNh5m8CJjaud0QA5ew5W2joHAbXkCJXdSp60K/VFKpSmST1be2VVrjsaL7V7a6jjLPpIow2ITLotHEVKZ/7bpTqW/C7yp2jh7L1V7t1qlydNVZqRPhYo3/qXgEo4qrTdHd2K0zldCMrI/DOOIPBhoZ6XsnaiuoN73nmW0axavinDG1IBRfVWBdaZpsOKntaeYtJOysU9FkKezUynIWGZMwzDxUjc3rY7w3nSHYi10upKPcMjrvVx7LDv+YnntXOjMjjqyHGew0pVW0TEU/9J9zLuveeobLrFls2t5lOm2FAIrBc2VWWon/Uot/mKOZA7Y+6YGXF7dWUANygQ3KrUHabDk7zTcdpD7p3RNlY16Lq9JaRQDsgkU6zpftIdbOym6kHiNN8FVXQqXuAEps/NG7WExPipshPIyLinS4esjFHZg6Icpp11stS3DWwax/KB6xhMStRFqJqrC4594I4EboRhMj0Hx62egHzrq9Jjo2XQOjD7amxP3r8Zq2eAhMS8S8SBzmBzwjiDtA0Aj1M4COtAVWhVMCBCKIBRHARiiRNq7XTDrdu05BKotyzd9hqB3wD7R2hToJnqNbkPeY8gPz3Cefbb6Q1MV2EJCfYp1aYc/eBBznuB8oLaWJq1nNR1qDk3ULUVV5atoB4CQEqVGPZGGxAPuZFV/JLIw8rwKDGk7hUL2YDIyZKwN9ymx1vyPlK50ZfdWn3sbufz+E021aYrLlCZKo0FOr7R5CnVNmBvuV9OR4SrOAFuxg3J+1UZiPSyiBRsyX1Lufwj8zHpm9ykB3kFj6tJGIp1UOuSn3Bk09CZFc39qrfuAY/OwgPdXPtOq92YD4LJmwdonD1lfrMynsuNTdTvI7xv8u+Vl6Y4OfML+s4svBP7mMD1fauAXE0SgIv7dN+Aa2mv2Tx9eE87VGRzTcFWU5WB3gzRdCtsAr/AA7XBXVNd68VvzHyPdLHpPsXrl62mPrUH/uKPdP8w4engFDiMASugvpKhsM6nshr915ouju0Vaytv3WPxmjQICCANf3+/CBisM2ONsgqW3bv1Es8NsrHsczs4B3gkCbZKigX+EmJXUiBQbP2a6bxr6n1lg1Mrv3yfUrASqx+LAHfuA4k8LCBWba2itJc7nTlxJ5DmZA6C4tsTjKebgxcjkEBK/HLKfpc5Y6nQbhy5zQ/Q3hO3WrHgqovmczH4CAP6SFHW4pbah8NVH9aGkf9qiE2bsF6/wBY3YLomZSAe2qKGPgSin+kS8x2CTEYypiASUKU0A91shJzeFybeF5Z136pVYaWdAfBjl+ZEDzTpXQqUi6OEyuVLMihCxW5UtbedTIH8cGxKuoIRVRFB3gKoFj33BM3PTvCipTzDhr+v5TzzDUi7qote/tW1sPnA9d2HUBUGQemastPrE1ZCHA+0FN3XzXMPOSdh0cqAdwndKCwoO6i7IpcDmV7VvO0Dzg0kVsl70xZM3PC4jWm39Dnfwgu0wdH9tlI3X/xOGNhod5en63hCiEZfcQ5Cf8AyuJ7VNv6HIgqrsCKje2pV3H+rQcUq/4kZWgM2btIJUTEU1C9pespjQB7WLIPsuuYW4G3dPUetDAMpupAIPMEXE8uxRp1M9RRlKXSqqjUoHHV107xZcwm56J4o1MMoNsyMyG27TVSO4gi0C2Dzs84rGEQH5oy8WMtA0itHgwSiFUQHrDoINU4zGdIek3WXo4c3QGzuC/a5gdWpIXzF/DeFztjpMlO6Uu2/wBoK7IvgUUhjMJjHaqxLujltSr1alIn8YRYF6ii1+qB/mOLuPMyRQqZtFBb/s1s/wD8Fa5bwgREwrUzmFDEp/NScOO7ULb4yQtRa182WsRvV16rEabyrrcOd+hJPdEZFQK9xlL5M6B8PURt5zpqmnd6wjJUc5Hb/E02z0yQt6iWuAHHtEAZhqQdYA8QV6tTmaphnOVs4+sovpoDztqOBA3XlXicJTRnTE1atwQaZUB1dCLhrsRv/MS4p4hAGqZPqqnYxFIb0YnR0HAX1XkbjlB1kdCEV1z01vSqEArUwzm7C5BtYdsb9zCBncSuEX2RWfvZkXX+mV75T7FEkcNWf8psHbEnQYnDaaAhqY9Oxf4SsxeHrn28ZT8qxPwUAQKEdYNyZf6Lf7o1jV4sB/Uo+XhCYvCoNTXVj3Bm+N5DyJ9o+SwDU69VHV1cZlII7SnX9P1nqGx9pJWpo67yO0L+y3vCeTOE4FvSXHRnaYo1At+w5AJ3Wf3Tv47vTlA1u2+jpZzXw1g+903BjxZTuDcxuO/TjQrtipSbI6spG9WFj6H5zbUsRcSPjXUizqGHJgGHxgRMN0ipMmrWPIx9Hb6D3x6yH/8AzqbGwo0/wLNBszohhaq2enlb7SGx9LW9RArK/SBdynOeAGvryjMCjM2dzdzcADco7uZ75dYno3h6JP1yIBpeoMgNt4DAENbQHdaRa+TIWoulWxCk03R+0QSq2U3zEA2HceUCsw1Km1Zmex6u1g1rDjmN+QmgwLtUzCklkIKs9ygdTvAG8i3Ezz7Z2MV8Qrkgrmtl4HS4J5ier7LqLYeEBlNcgHYJUb8upHlxHhrIfSHFKcJWdWBC0y6nvWzD4iX7rxEwfTqkiISzMqVDcqpsrOpv6nTTja8Cg2p0g69FppfddzyEi7FT64abpV0WBHYBuxsANSeQ75othbJc1O2xVtDlWxIHedwgegbLY2F5Kx9MMpHAjXzkbD0coGpPiZIfVbwPLsVhVpv1TaJrh3v/ANGsSabX5JUVvK0hKC5AbewGcfz64asfU03mk6V0Q532zjqSeRftU2Pg6IP6zM2WLHNuNTK/eDUU0qg7stVEPnAFg665ErFRmpDqcQm7rKT9gP4i+U94Uy96A1slSpSvcG4/qT2GH3lLfglFtHDhLOvsYijUvbXtg3YfiVJJ2VieorLWJy5KjUqwIJ3lijEDXUZlvwtxgemMIwiSaRV1V0IZWAII1BB3WIiMkCPaDtJBgvOBoEWFd1RS7sFUbyTYTp0DC9Iekj1wUpgrR5nKvWcLl3ITL/KA/eAZQI/86eeKcHw7ChR6Tp0Agruuod7aC9PGo1rm2qtra54+sI6Z2am7KtVWVqfWU6ahxbRS677k6Xup011iToBqdRsz5UIc/wCdhXvapzemTx423jeMwjKioEUhyaOb6up/4mHqb8j21tfXTxHI9OgdUZyzOFXrkU9fT9yvSPtOoGhuLE27mG6MWmjotLP2HzNh6jWBR/foudwBNvPKdxnToFfhKN1KnCO7U2NNyr1PbXmoBANiDbviVqCa5sFWHi9QfNPGLOgVmKRPdwr373qH4BRKmop4Ubd1nPznToAWY/YH4W/WNKnflsNxGtjOnQNv0Y2pnQKx7SaG/EcD+veJpKeEaoQBOnQNJs3YoWxI1/f6SZtnGU8Jh3rsAci3VLhc77kQHvNok6B5JT2saH+ISun8TUqVC6OjMtMPmcvncZb3IAABOp7xM2+LZ83ZA7CltWIZlv23Gt3OY2JtlvpaLOgDw+Is2lgBusLcbi/E8tZ6p0a2mHRTfXd5zp0DV0sRKjpdsX+ModWrhGDBwxGYXAIsRcEXvvE6dAotl9HqeDQsVNSqB7ZsLE7gg90X85Z7D2aEGdtXY3J8Yk6BdVGAtIuKJtp8506BjNvIztkU+32A2mj5WZCP60UTO583aC2LXcDgpqA51/pr0x+KLOgBwo6xBTJ0FSoi62s1VCafkXQjzkps9UU61NVZ3BpVUYLlNSmAwJDGxLIN3MGdOgazoNtEWfDFSjKSwpNe6X9oITqUvrY6i54Wmqczp0ATiAnToH//2Q=="
},
"id": 3910,
"userType": "I",
"homeServer": "Void host",
"shortName": "pgarcia",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
}
]
}2. Use the boolean operator +
Request
GET http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=fran~ +bacallResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"lastName": "Bacall",
"createdByUser": "ActiveDirectory",
"fullName": "Lauren Bacall",
"active": true,
"userName": "lbacall",
"mailAlias": "",
"firstName": "Lauren",
"createdDate": "2023-08-08 14:26:14",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2844",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'lbacall'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'lbacall'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'lbacall'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'lbacall'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2844/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-08-22 17:34:07",
"attributes": {},
"id": 2844,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
},
{
"lastName": "Sinatra",
"createdByUser": "ActiveDirectory",
"fullName": "Frank Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:55",
"attributes": {},
"id": 276435,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
},
{
"lastName": "Sherwood",
"createdByUser": "pgarcia",
"fullName": "Frank Sherwood",
"active": true,
"userName": "franks",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-10-05 15:32:40",
"multiSession": false,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'franks'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'franks'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'franks'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'franks'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/432644/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 15:32:40",
"attributes": {},
"id": 432644,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
}
]
}3. Use the boolean operator -
Request
GET http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=fran~ -SherwoodResponse 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"lastName": "Sinatra",
"createdByUser": "ActiveDirectory",
"fullName": "Frank Sinatra",
"active": true,
"userName": "frank",
"mailAlias": "",
"firstName": "Frank",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'frank'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'frank'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'frank'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'frank'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276435/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "ActiveDirectory",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-09-06 13:12:55",
"attributes": {},
"id": 276435,
"userType": "I",
"primaryGroupDescription": "Music",
"primaryGroup": "Music"
}
]
}Example 5
1. U
Request
GET
http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User?textFilter=(firstName:aretha OR firstName:Rosalind)
AND lastName:Franklin AND birthDate:1979-01-01Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"startIndex": 1,
"Resources": [
{
"lastName": "Franklin",
"createdByUser": "ActiveDirectory",
"fullName": "Aretha Franklin",
"active": true,
"userName": "aretha",
"mailAlias": "",
"firstName": "Aretha",
"createdDate": "2023-09-06 13:12:54",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276397",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'aretha'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'aretha'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'aretha'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'aretha'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/276397/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 16:02:40",
"attributes": {
"birthDate": "1979-01-01 00:00:00"
},
"id": 276397,
"userType": "I",
"primaryGroupDescription": "World",
"primaryGroup": "world"
},
{
"lastName": "Franklin",
"createdByUser": "ActiveDirectory",
"fullName": "Rosalind Franklin",
"active": true,
"userName": "rfranklin",
"mailAlias": "",
"firstName": "Rosalind",
"createdDate": "2023-08-08 14:26:14",
"multiSession": true,
"meta": {
"location": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2862",
"links": {
"roleAccounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'rfranklin'+and+enabled+eq+true",
"groupUsers": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'rfranklin'+and+disabled+eq+false",
"accounts": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'rfranklin'",
"issues": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/Issue?filter=user.userName+eq+'rfranklin'",
"effectiveGrants": "http://soffid.35x.lab:8089/soffid/webservice/scim2/v1/User/2862/effectiveGrants"
},
"resourceType": "User"
},
"modifiedByUser": "pgarcia",
"schemas": [
"urn:soffid:com.soffid.iam.api.User"
],
"modifiedDate": "2023-10-05 16:03:02",
"attributes": {
"birthDate": "1979-01-01 00:00:00"
},
"id": 2862,
"userType": "I",
"primaryGroupDescription": "scientist",
"primaryGroup": "scientist"
}
]
}Textual Index
Operation
Operation
The Lucene index information is stored in files arranged in a folder structure. This folder structure is replicated in every Soffid Console and every Sync Server and also is saved in the database.
In case an instance (Docker, Kubernetes, or stand-alone) detects an inconsistency, the information will be overwritten with the database data.
When you update an object, marked as the textual index, a task will be created. The soffid agent will execute this task and the Sync Server will update the database tables related to the textual index.
Folder structure
The folder structure is the following:
- ../index/<TENANT>/<SOFFID_OBJECT>
Example
1. Here you are the folder structure for the Soffid Console
2. And the folder structure for the Sync Server
Database
The database tables involved:
- SC_LUINPA
- SC_LUNIND
Example
1. The database structure
soffid agent
You can check the soffid agent status by visiting the Sync Server monitoring page:
Example
1. A soffid agent pending task:
Step-by-step
Example 1
1. You update one user's data and save the changes.
2. New tasks are created and executed.
3. Then Sync Server indexes the updated text and places the index file.
4. Then Sync Server and updates the database table SC_LUNIND by upgrading the LIP_TIMSTA field of the User object or by creating a new record if it did not previously exist.
5. When the following search will be performed, the very first thing to do is check the database file. If it is necessary update the file system and finally perform the search.
Example 2
1. The task engine mode is Read only
2. You update one user's data and save the changes.
3. A new task is created and executed
4. Then Sync Server indexes the updated text and places the index file.
5. Then Sync Server and updates the database table SC_LUNIND by upgrading the LIP_TIMSTA field of the User object or by creating a new record if it did not previously exist.
6. When the following search will be performed, the very first thing to do is check the database file. If it is necessary update the file system and finally perform the search.