Skip to main content
Version: ADONIS 16-17/ADOIT 17/ADOGRC 13

SCIM 2.0

Available with ADOXX 29.4 and higher!

SCIM (System for Cross-domain Identity Management) is a standard for the exchange of user identity information between identity domains or IT systems (https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management). This document explains how ADOXX-based products support SCIM and explain the available functionality and how to configure it.

Technical Overview

Like the ADOXX RESTful services, also the SCIM implementation is based on "JAX-RS". For more information, refer to REST API.

The addresses for SCIM endpoints exposed by ADOXX-based products use the following pattern:
https://<SERVER_NAME>:<PORT>/<PRODUCT><VERSION>/scim/2.0/[endpoint name]

Where everything before [endpoint name] is the fixed path and the part(s) afterwards are defined by the relevant endpoint.

Example

You are configuring ADOXX. You are running the ADOXX web application locally. The ADOXX web application exposes the SCIM endpoint to fetch the available schemas. The URL should look like this:
https://localhost:8000/ADOXX/scim/2.0/Schemas

OpenAPI Specification

The SCIM API Specification for ADOXX is documented with the standard Open API Specification (OAS), and can be downloaded directly from Github (coming soon!)

We provide a comprehensive overview of SCIM API endpoints which shows the documentation.

Getting started with the SCIM services

BOC products offer a generic and extensible REST API that allows autehnticated acces to exposed functionality. The REST API can be used to e.g. send GET request to query for data.

note

Instructions on how to activate and configure access to the SCIM services are covered in the Administration Manual (coming soon!).

Authentication

Similar to the ADOXX RESTful services, the ADOXX SCIM services support the following authentication mechanisms:

  • Token Based Authentication Each request is accompanied by a hashed security token to ensure validity of the request. Requests are executed in the context of a technical user.
  • Basic authentication: Each request contains the header "Authorization" where the value is the username and password separated by a single colon (:) character, within a base64 encoded string. Requests may be executed in the context of any standard product user.
  • OAuth 2.0: Each request is accompanied by an access token to ensure validity of the request. Two OAuth 2.0 flows are supported:
  • JWT: JWT authentication enables the use of an external identity provider (IdP) for user authentication. A JSON Web Token (JWT) acquired from the IdP is used for authentication as well as for the optional transport of user properties via claims encoded in the token. Requests may be executed in the context of any standard product user.