Skip to main content

Full examples

Previous steps

Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation

Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization

Please note that is recommended to use a REST client, please see our example in Testing tool # RESTer

Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request


SCIM Examples

SCIM Account examples

List all

List all accounts. Disabled or not. For example after the Soffid installation these are the available account.

GET http://<domain>/webservice/scim/Account
 
HTTP 200
{
    "totalResults": 1,
    "resources": [
        {
            "grantedRoles": [],
            "roles": [
                {
                    "role": 30
                }
            ],
            "description": "Admin Admin",
            "type": "U",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 69,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://<domain>/webservice/scim/Account/69",
                "resourceType": "Account"
            },
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": []
        }
}

List by id

List an account by its id (primary key). For example the previous account.

GET http://<domain>/webservice/scim/Account/60
 
HTTP 200
{
    "grantedRoles": [],
    "roles": [
        {
            "role": 30
        }
    ],
    "description": "Admin Admin",
    "type": "U",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 69,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "http://<domain>/webservice/scim/Account/69",
        "resourceType": "Account"
    },
    "name": "admin",
    "managerUsers": [],
    "attributes": {},
    "grantedUsers": []
}

List by filter

List all accounts with a filter expression. For example, one can search the account with different operators.

GET http://<domain>/webservice/scim/Account?filter=id ge 69 and description co "min" and passwordPolicy pr
 
HTTP 200
{
    "totalResults": 1,
    "resources": [
        {
            "grantedRoles": [],
            "roles": [
                {
                    "role": 30
                }
            ],
            "description": "Admin Admin",
            "type": "U",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 69,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://<domain>/webservice/scim/Account/69",
                "resourceType": "Account"
            },
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": []
        }
    ]
}

Create

One can create an account . We will use this account for the following examples.

POST http://<domain>/webservice/scim/Account
 
Put the user JSON in the body of the request:
{
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest user",
    "inheritNewPermissions": false,
    "disabled": false
}
 
HTTP 201
{
    "grantedRoles": [],
    "roles": [],
    "description": "Guest user",
    "type": "I",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 15455,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "http://<domain>/webservice/scim/Account/15455",
        "resourceType": "Account"
    },
    "name": "Guest",
    "managerUsers": [],
    "grantedUsers": [],
    "ownerUsers": []
}

Update partial

Update only of the attributes with changes, only these atrributes will be updated in the account, the rest will maintain the same value.

For example we will update the description.

PATCH http://<domain>/webservice/scim/Account/15455
 
Put the user JSON in the body of the request:
{
    "description": "Guest user account"
}
 
HTTP 200
{
    "grantedRoles": [],
    "roles": [],
    "description": "Guest user account",
    "type": "I",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 15455,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "<domain>/webservice/scim/Account/15455",
        "resourceType": "Account"
    },
    "name": "Guest",
    "managerUsers": [],
    "attributes": {},
    "grantedUsers": [],
    "ownerUsers": []
}

Update all

This operation replace all values in the account. For example we will update the description.

  • Note that the attribute id is required to confirm that the resource "...Account/<id>" is the same that the JSON account.
  • Note that all the attributes not included in the request will be cleared in the account and their data will be lost.
  • Note that not all the attributes are updatable, for example tag meta, avoid these tags. For more information see Resource data model page
PUT http://<domain>/webservice/scim/Account/15455
 
Put the user JSON in the body of the request:
{
    "id": 15455,
    "description": "Guest user account all updated",
    "type": "I",
    "inheritNewPermissions": false,
    "disabled": false,
    "passwordPolicy": "I",
    "system": "soffid",
    "name": "Guest"
}
 
HTTP 200
{
    "grantedRoles": [],
    "roles": [],
    "description": "Guest user account all updated",
    "type": "I",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 15455,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "http://<domain>/webservice/scim/Account/15455",
        "resourceType": "Account"
    },
    "name": "Guest",
    "managerUsers": [],
    "grantedUsers": [],
    "ownerUsers": []
}

Delete

Delete an account.

  • Please note after this delete, the account has to be created again to use it in the next examples.
DELETE http://<domain>/webservice/scim/Account/15455
 
HTTP 204

Note: use of roles with domain values

In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:

{
            "grantedRoles": [],
            "roles": [
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236442,
                    "roleDescription": "Business unit manager",
                    "domainValue": "D2"
                },
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236447,
                    "roleDescription": "Business unit manager",
                    "domainValue": "enterprise"
                }
            ],
            "description": "faith - faith MUYOYO",
            "type": {
                "value": "U"
            },
            "lastUpdated": "2019-07-16T10:35:01+02:00",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 1727122,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "created": "2019-07-16T10:26:16+02:00",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://bubu-thinkpad:8080/webservice/scim/Account/1727122",
                "resourceType": "Account"
            },
            "name": "faith",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": [],
            "ownerUsers": [
                {
                    "lastName": "Smith",
                    "createdByUser": "csv",
                    "mailServer": "null",
                    "nationalID": "",
                    "multiSession": false,
                    "modifiedByUser": "admin",
                    "id": 1727113,
                    "homeServer": "null",
                    "primaryGroupDescription": "Entrprise",
                    "primaryGroup": "enterprise",
                    "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
                    "profileServer": "null",
                    "active": true,
                    "fullName": "faith MUYOYO",
                    "userName": "faith",
                    "mailAlias": "",
                    "firstName": "faith",
                    "createdDate": "2019-07-16T10:26:16+02:00",
                    "phoneNumber": "",
                    "modifiedDate": "2019-12-12T17:06:42+01:00",
                    "userType": "I"
                }
            ]
        }

SCIM Application examples

List all

List all applications.

GET http://<domain>/webservice/scim/Application
 
HTTP 200
{
    "totalResults": 3,
    "resources": [
        {
            "description": "AD",
            "singleRole": false,
            "bpmEnforced": false,
            "database": "ad",
            "meta": {
                "location": "http://bubu-thinkpad:8080/webservice/scim/Application/1573127",
                "resourceType": "Application"
            },
            "name": "ad",
            "attributes": {},
            "id": 1573127
        },
        {
            "description": "Test linux host",
            "singleRole": false,
            "bpmEnforced": true,
            "database": "LinuxHost",
            "meta": {
                "location": "http://bubu-thinkpad:8080/webservice/scim/Application/1623994",
                "resourceType": "Application"
            },
            "name": "LINUX",
            "attributes": {},
            "id": 1623994
        },
        {
            "description": "SOFFID Identity Manager",
            "singleRole": true,
            "bpmEnforced": false,
            "database": "",
            "meta": {
                "location": "http://bubu-thinkpad:8080/webservice/scim/Application/28",
                "resourceType": "Application"
            },
            "name": "SOFFID",
            "attributes": {
                "owner": [
                    "ppig"
                ]
            },
            "id": 28
        }
    ]
}

Retrieve by id

Retrive by its id (primary key). For instance, the admin user listed previously.

GET http://<domain>/webservice/scim/Application/28
 
HTTP 200
 
{
    "description": "SOFFID Identity Manager",
    "singleRole": true,
    "bpmEnforced": false,
    "database": "",
    "meta": {
        "location": "http://bubu-thinkpad:8080/webservice/scim/Application/28",
        "resourceType": "Application"
    },
    "name": "SOFFID",
    "attributes": {
        "owner": [
            "ppig"
        ]
    },
    "id": 28
}

List by filter

List all application with a filter expression. For example, one can search roles for system SOFFID.


GET http://<domain>/webservice/scim/Application?filter=name eq "SOFFID"
 
HTTP 200
 
{
    "totalResults": 1,
    "resources": [
        {
            "description": "SOFFID Identity Manager",
            "singleRole": true,
            "bpmEnforced": false,
            "database": "",
            "meta": {
                "location": "http://bubu-thinkpad:8080/webservice/scim/Application/28",
                "resourceType": "Application"
            },
            "name": "SOFFID",
            "attributes": {
                "owner": [
                    "ppig"
                ]
            },
            "id": 28
        }
    ]
}

Create

 

Update partial

 

Update all

 

Delete

 

 

SCIM Group examples

 

SCIM Role examples

 

SCIM User examples