Scim provisioning, configure multiple Scim servers/targets

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Scim provisioning, configure multiple Scim servers/targets

Fotis M
Hello to everyone,

Right now only one scim server/target can be configured in cas via the following properties

# cas.scim.version=2
# cas.scim.target=
# cas.scim.oauthToken=
# cas.scim.username=
# cas.scim.password=


Ηοwever that creates two problems.
1)  All services must use the same scim server/target
2) Data from services that we do not want to have a relationship with scim, are being sent
to the scim server.

In order to fix these two problems, we would like to implement  scim, based  on a per service configuration.

We are currently thinking two different approaches to accomplish  that.

1) add the scim properties(version,target,oauthToken,username,password)  as fields to  AbstractRegisteredService.java. Then, refactor the scim module to read the necessary scim properties to contact the scim target from the properties of the specific service, instead of trying to call the same scim target regardless of which service actually used cas.

2) change the scim cas properties to a list so multiple server/targets can be configured via cas. properties.
For example the scim part of cas.properties could look like that.
cas.scim[0]version=2
cas.scim[0].target= GoogleServerHere
cas.scim[0].oauthToken= ASecretToken
cas.scim[0].username= OurCompanyUsername
cas.scim[0].password= OneCompanyPassword


cas.scim[1]version=2
cas.scim[1].target= WebexServerHere
cas.scim[1].oauthToken= AnotherVerySecretToken
cas.scim[1].username= OurCompanyUsername
cas.scim[1].password= SecondCompanyPassword

After that add a single new field-property to AbstractRegisteredService.java, for example
String ScimTargetChoice, in order to allow each service to pick whichever server/target ti wants, among the choices listed in cas.properties. Then refactor the scim module to accommodate for the changes.

We are leaning towards the second approach.
Do you find one of the approaches preferable to the other? Is there a better way to implement the new functionality that we haven't thought?

Best regards,
Fotis



--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/1948f264-963d-4437-8822-9f3257ebd71en%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Scim provisioning, configure multiple Scim servers/targets

Fotis M
Kind reminder.

Any thoughts??

Στις Δευτέρα, 30 Νοεμβρίου 2020 στις 3:03:40 μ.μ. UTC+2, ο χρήστης Fotis M έγραψε:
Hello to everyone,

Right now only one scim server/target can be configured in cas via the following properties

# cas.scim.version=2
# cas.scim.target=
# cas.scim.oauthToken=
# cas.scim.username=
# cas.scim.password=


Ηοwever that creates two problems.
1)  All services must use the same scim server/target
2) Data from services that we do not want to have a relationship with scim, are being sent
to the scim server.

In order to fix these two problems, we would like to implement  scim, based  on a per service configuration.

We are currently thinking two different approaches to accomplish  that.

1) add the scim properties(version,target,oauthToken,username,password)  as fields to  AbstractRegisteredService.java. Then, refactor the scim module to read the necessary scim properties to contact the scim target from the properties of the specific service, instead of trying to call the same scim target regardless of which service actually used cas.

2) change the scim cas properties to a list so multiple server/targets can be configured via cas. properties.
For example the scim part of cas.properties could look like that.
cas.scim[0]version=2
cas.scim[0].target= GoogleServerHere
cas.scim[0].oauthToken= ASecretToken
cas.scim[0].username= OurCompanyUsername
cas.scim[0].password= OneCompanyPassword


cas.scim[1]version=2
cas.scim[1].target= WebexServerHere
cas.scim[1].oauthToken= AnotherVerySecretToken
cas.scim[1].username= OurCompanyUsername
cas.scim[1].password= SecondCompanyPassword

After that add a single new field-property to AbstractRegisteredService.java, for example
String ScimTargetChoice, in order to allow each service to pick whichever server/target ti wants, among the choices listed in cas.properties. Then refactor the scim module to accommodate for the changes.

We are leaning towards the second approach.
Do you find one of the approaches preferable to the other? Is there a better way to implement the new functionality that we haven't thought?

Best regards,
Fotis



--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/4b21a372-dab4-4334-a013-9b0bd7f85bb5n%40apereo.org.