The SCIM service in IBM® Security Directory
Integrator provides
a SCIM interface to the IBM Security Directory Server and a
SCIM connector for servers that use the SCIM protocol.
The SCIM service is built by using IBM Security Directory
Integrator itself.
It is actually an IBM Security Directory
Integrator assembly line
that acts as a server. The backend to the SCIM server must be an IBM Security Directory Server that
contains the identity data. The SCIM server receives the SCIM requests
and internally connects to the IBM Security Directory Server to access
the data to serve the requests.
The SCIM connector implements the SCIM protocol by using JavaScript and an HTTP Client
Connector.
Supported software
The SCIM service that
is provided with IBM Security Directory
Integrator Version 7.2 supports IBM Security Directory Server Version
6.3.1.
The
SCIM service that is implemented in IBM Security Directory
Integrator Version 7.2 adheres to the SCIM 1.1 specification.
For more information, see the SCIM website at http://www.simplecloud.info/ and search
for specifications.
Supported features
The SCIM service in IBM Security Directory
Integrator supports most of operation of SCIM
version 1.1 with appropriate attention to changes in version 2.0.
The
following features are supported in the current version of the SCIM
service:
- Management of users and groups with IBM Security Directory Server as the
backend directory
- Schema: Enterprise user schema extension
- JSON data type
- GET/PUT/POST/DELETE requests
- PATCH: Modifying with PATCH (HTTP) request helps consumers to
send only the attributes that require modification
- Pagination
- Authentication scheme: HTTP Basic
- Filtering enables consumers to use the filter query
parameter to request a subset of resources.
- Partial resources enable consumers to use the attributes query
parameter to specify the attributes that must be returned in resource
representations
- Sorting allows consumers to specify the order in which the resources
are returned.
The current version of the SCIM server does not support:
- OAuth authentication
- Bulk updates
- Automatic limitation of number of resources returned.
Note: To get the SCIM parameter
active to
work as intended, the password policy must be turned on in the
IBM Security Directory Server. To turn
on the password policy, set
ibm-pwdPolicy to
true under
cn=pwdpolicy,cn=ibmpolicies.
This setting allows SCIM to read the
ibm-pwdAccountLocked setting
from
IBM Security Directory Server.
For more information about setting the password policy, see the
IBM Security Directory Server documentation
at
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc_6.3.1.doc/welcome.htm and search for
Setting password policy.