scim-node

By: David Cheslow user 11 Jan 2019 at 11:34 a.m. CST

3 Responses
David Cheslow gravatar
Thanks for writing scim-node, I have a feeling it's going to save me a lot of work. var config = { keyAlg: 'XXXXX', // Algorithm type. domain: 'https://example.com/', // Gluu server URL. privateKey: 'value', // Value can be buffer or path of private key. clientId: '@!XXXX.XXXX.XXXX.XXXX!XXXX!XXXX.XXXX!XXXX!XXXX.XXXX', // UMA client id. keyId: '000xx0x0-xx00-00xx-xx00-0x000x0x000x', // oxAuth JWKS key id. }; I honestly don't know where I get any of these. I have a Gluu server installed and have created an OpenID SCIM Client (with Inum), but it's not identified as a "UMA ClientId" anywhere. I see a dozen or so endpoints... I think the config should be the applianceUrl? or maybe the baseEndpointUrl? As for keyAlg, privateKey and keyId, I am stumped. Any help you can spare is appreciated
CentOS 8.0
closed

Answers

By David Cheslow user 11 Jan 2019 at 4:33 p.m. CST

Copy
David Cheslow gravatar
Well ... I think I sorted some of this out... maybe. by going to this endpoint: https://-baseEndPoint-/oxauth/restv1/jwks I get a list of keys like this: `{"keys": [ { "kid": "21c9826c-78ea-47bd-a68b-b2f670d895a0", "kty": "RSA", "use": "sig", "alg": "RS256", "exp": 1574294666669, "n": "oA6icZNRvHdBAcSBy...B0hw", "e": "AQAB", "x5c": ["MIIDBDCCAeygAwIB...pKXnUf/fs="] }, ...` Which gives me keyId & keyAlg. I am guessing that x5c is the "privateKey"? I am not confident about any of this because... why would I enter all of these manually in the config when the app can easily collect them from the url endpoint?

By Jose Gonzalez staff 12 Jan 2019 at 10:24 a.m. CST

Copy
Jose Gonzalez gravatar
Hi there, Thanks for your interest in our product. Unfortunately SCIM-node project is not officially supported. The official client offered is the [Java](https://gluu.org/docs/ce/user-management/scim2/#testing-with-the-scim-client-uma) based. I've heard of some community members using scim-node with success in the past few monts so it's quite likely the code works well. You don't need to create open id clients when using SCIM in UMA mode. They are already bundled. The following instructions can be helpful: Login to oxTurst, navigate to `OpenID connect` > `Clients`. Grab the `inum` of "SCIM Requesting party client". This is the `clientId` you are supposed to pass. Enter to this client's detail page and locate a field labelled "JWKS". There is an array of objects there, pick the first one. Grab `kid` and `alg` attributes. Supply `alg` value for `keyAlg` of scim-node config. Login to your Gluu chroot, and run the following commands: ``` # cd /install/community-edition-setup/output/ # /opt/jre/bin/java -cp '/home/jetty/lib/*' org.xdi.oxauth.util.KeyExporter -keystore scim-rp.jks -keypasswd secret -alias {KID} -exportfile scim-private-key.pem ``` Replace `{KID}` with the `kid` you already have. Drop the first and last line of the file created (`scim-private-key.pem`), then make a one line string with those contents (no carriage returns), supply that for `privateKey`.

By David Kamer user 03 Apr 2019 at 6:54 p.m. CDT

Copy
David Kamer gravatar
I'd like to update this to say that you should do all of the steps provided by Jose Gonzalez, but instead of converting the key to a string, you need to supply it as file. Copy the key to the client machine, and provide the relative path to your `privateKey` variable. A string doesn't work, and although the npm page says it will accept a buffer, I had no such luck on node v11.

Post an answer