By: thomas lee user 18 Jun 2016 at 10:25 a.m. CDT

7 Responses
thomas lee gravatar
Hi, I am new to gluu and user management area. I have couple of questions about the gluu server. I saw gluu have followed the SCIM 2.0 specification and read information in the pdf. https://github.com/GluuFederation/SCIM-Client/blob/master/doc/pdf/SCIM_Documenation.pdf It said it supports the basic authentication, so I can update the users via basic authentication. I have tried to access the following api with header Authorization Basic xxxxxxxx== https://gluu_server_2.4.3/identity/seam/resource/restv1/scim/v2/Users it said the access denied. So I want to ask if it is possible to access via basic authentication? The current implementation is oAuth2 so I can pass the username and password in the ScimClient.oAuthInstance? Thanks PS. I have followed the guide to set up the CE version and enable Enable SCIM.

By Valentino Pecaoco user 20 Jun 2016 at 12:10 a.m. CDT

Valentino Pecaoco gravatar
Hi Thomas, Gluu's SCIM now only supports UMA. Please see the latest docs at [Gluu Docs](https://gluu.org/docs/). Thanks, Val

By thomas lee user 20 Jun 2016 at 4:16 a.m. CDT

thomas lee gravatar
Just curious, is it possible to limit which user to access SCIM end point in the policy? Thanks

By Valentino Pecaoco user 20 Jun 2016 at 5:17 a.m. CDT

Valentino Pecaoco gravatar
This is not supported as this is also beyond the SCIM specs, so you may need to create your own custom intermediary layer for this.

By thomas lee user 20 Jun 2016 at 6:02 a.m. CDT

thomas lee gravatar
Custom intermediary layer means i have to create my own the UMA Authorisation Policy, right? Thanks Just curious, SCIM group scheme claims to support role based but how can i do it without saving any group permissions in gluu ?

By Valentino Pecaoco user 20 Jun 2016 at 6:22 a.m. CDT

Valentino Pecaoco gravatar
Could you list all of the use cases you have in mind so that they can be addressed altogether? Thanks.

By thomas lee user 20 Jun 2016 at 6:52 a.m. CDT

thomas lee gravatar
1. User management 2. Group/role Use case: centralize all the role permission data. So every app can fetch and get the resource permission list and block if it is unauthorized role dynamically. However, group in scim doesn't support extra attributes. And then I am thinking is it possible to set via the uma resource registration with the custom scope like manager-read and then perform in the policy for uma where I will also pass the role in claim profile as an identity.

By Valentino Pecaoco user 21 Jun 2016 at 1:10 a.m. CDT

Valentino Pecaoco gravatar
The spec says "Group" resources in SCIM may mean group-based or role-based access control model in itself. So this can be an option in an implementation. But explicitly the "Role" attribute is part of the core User schema. If you want a UMA-integrated Java client to Gluu's SCIM API, you can check out [SCIM-Client](https://github.com/GluuFederation/SCIM-Client). This uses an RP profile to access SCIM out of the box. If you want more access control via UMA, you can check out the [UMA docs](https://gluu.org/docs/integrate/uma/) or [GitHub](https://github.com/GluuFederation?utf8=%E2%9C%93&query=uma).