Skip to main content

SCIM Operations

HTTP Method

 

GET

Retrieves one or more complete or partial resources.

POST

Depending on the endpoint, creates new resources, creates a search request, or MAY be used to bulk-modify resources.

PUT

Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT MUST NOT be used to create new resources.

PATCH

Modifies a resource with a set of client-specified changes

(partial update).

DELETE

Deletes a resource.

Get

A HTTP Get request is used to fetch a resource or a set of resources.

Read
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
  • id: is the identifier of a specific resource
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/?filter={attribute}{op}{value}&sortBy={attributeName}&sortOrder={ascending|descending}&attributes={attributes}
  • filter: allows you to add filter to query.
    • attribute
    • op: SCIM has support for the filter operations equals, contains, starts with, and more.
    • value
  • sortBy: the attribute used to sort the response.
  • sortOrder: order to sort, ascending or descending. Ascending is the default order.

Also, you can asl for specific attributes of the resource

  • attributes={attributes}

Get Example: 

http://<your-domain>/soffid/webservice/scim2/v1/User?filter=lastName co ada and active eq true &sortOrder=descending&sortBy=userName&attributes=userName,lastName&filter=userName co admin

Post

A HTTP Post request is used to create a new resource

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}
Content-Type: application/json

You must send the JSON with the attributes of the resource you want to create.

{
  "schemas":[{schema}],
  "attribute1":"value1",
  "attribute2":"value2",
  "attribute3":{
    "subattribute1":"valueX",
    "subattribute1":"valueX",
  },
  .......
}
  • schema: is the schema url of the resource you are creating.
  • attributes: name of the resource attributes.
  • values: values for each attribute.

Put

A HTTP Put request is used to update resources. This operation replace all values of the resource

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
Content-Type: application/json

You must send the JSON with the attributes of the resource you want to update, which includes the ID.

{
  "schemas":[{schema}],
  "id": "idValue",
  "attribute1":"value1",
  "attribute2":"value2",
  "attribute3":{
    "subattribute1":"valueX",
    "subattribute1":"valueX",
  },
  .......
}
  • schema: is the schema url of the resource you are creating.
  • id: identifier of the resource
  • attributes: name of the resource attributes.
  • values: values for each attribute.

Patch

A HTTP Patch request is used to update partial resources

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
{
    "Operations": [
        {
            "op": "operation",
            "path": "attribute",
            "value": "value"
        },
        ............
    ]
}
  • op: operation to realize:
    • add
    • remove
    • replace
    • move
    • copy
    • test

More information about the operations on https://www.rfc-editor.org/rfc/rfc6902

  • path: to indicate the attribute on which the operation is to be performed.
  • value: the new value for the attribute.

Delete

A HTTP Delete request is used to delete a resource.

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
  • id: is the identifier of a specific resource

Request

In the PUT and PATCH methods, a JSON stream with the data model is required (please see this format in the following link:  Resource data model).

Response

The response format will be represented as a SCIM JSON response, but all the keys in the response will depend on the method requested and the result of the operation.

&&TODO&& Meta y Schemas

HTTP Status

The most commons responses

Successful Responses

200

OK
201

Created
204 

No Content

Error Response

400

Bad Request
401

Unauthorized

403

Forbidden

404

Not Found

500
Internal Server Error

For example, when you search by id but no resource is found, only a 404 HTTP code is included in the response (the body is empty, no JSON is provided).

User cases:

  • Search by id but no resource is found (404 code).
  • Update all, the id is not found (404 code).
  • Update partial, the id is not found (404 code).
  • Delete, the id is not found (404 code).
  • A "/<resource>" (in the URL) not exist (404 code).
  • Other errors (404 or 500 code).

More detail about SCIM JSON error

SCIM JSON Response

    SCIM JSON list

    For example, when a list of resources is requested, this is the JSON output format:

    Note, to simplify the JSON output every resource has been replaced by {...}

    {
  "totalResults": 3,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "resources": [
    {...},
    {...},
    {...}
  ]
}

    This is the description of this type of response:

    Attribute
    Description
    totalResults Number of the resources returned in the response
    schemas Defined by SCIM protocl. Always: "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    resources  List of resources returned

    User cases:

    • A list all operation (200 code).
    • A search by filter operation  (200 code).
    • The delete operation (204 code).

    SCIM JSON resource

    For example, when a resource by id is requested, this is the JSON format:

    Note, to simplify the JSON output every resource has been replaced by {...}

    {
  "id": 11345
  "organizational": true,
  ...
}

    In this case, the JSON stream of the resource is included directly in the response.

    User cases:

    • Search by id operations (200 code).
    • Successful create operations (201 code).
    • Successful complete update operations (200 code).
    • Successful partial update operations (200 code).

    SCIM JSON error

    For example, if an attempt to delete a resource is made, but this resource is not found the following JSON response will be obtained:

    {
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "User 1234 not found",
  "status": "404"
}

    This is the description of this type of response:

    Attribute
    Description
    schemas Defined by SCIM protocl. Always: "urn:ietf:params:scim:api:messages:2.0:Error"
    detail Returns the description on the validation, problem, error, etc
    status Is the HTTP status, that is the same that the HTTP code of the HTTP response

    User cases:

    • When you try to delete a resource but it's not found (404 code).
    • When you try to delete a group, the solution is to disable it by PATCH (500 code).
    • Generic errors (500 code).
    Back to top