By: Theodore Sands user 22 Oct 2016 at 11:36 p.m. CDT

2 Responses
Theodore Sands gravatar
I am developing a .NET application that uses Gluu for its IdP. I've set it up the authentication as part of the OWIN pipeline in the .NET app. That pipeline gets an access_token when the user logs in. I thought I could then use this in the Authorization HTTP header when I tried to get information from the SCIM endpoints. This didn't work and said the user wasn't authorized (403). Must I use the SCIM-Client? Can I develop my own .NET client based on the java one? The use case is creating users and users changing their passwords when they want to without logging into the Gluu appliance itself.

By Valentino Pecaoco user 23 Oct 2016 at 12:46 a.m. CDT

Valentino Pecaoco gravatar
Hi Theodore, Our SCIM endpoints are [protected by UMA]( For UMA you can check the docs or search here for further info. It has already been done a couple of times I think (in Java and Python). Our SCIM also has a so-called "test mode" where instead of UMA an OAuth2 access token can be created and used, but this is just for testing and not recommended for production use. You can always use SCIM-Client as an alternative. Regards, Val

By Michael Schwartz Account Admin 23 Oct 2016 at 12:34 p.m. CDT

Michael Schwartz gravatar
You could also use LDAP as in interface for user management. This is a tighter bundling that requires the ports be opened, an account be created in LDAP with appropriate permissions, knowledge of the LDAP schema and LDAP DIT... but there is nothing you can't do in LDAP, while SCIM still has some limitations. For simple ADD / DELETE user, SCIM is fine. SCIM is just JSON / REST. A SCIM client library just makes it easier for a programmer to handle the security requirements and exact protocol.