public static void When_Extract_SCIMSchema() { var filePath = Path.Combine(Directory.GetCurrentDirectory(), "Schemas", "UserSchema.json"); var result = SCIMSchemaExtractor.Extract(filePath, SCIMConstants.SCIMEndpoints.User); Assert.NotNull(result); }
private void InitializeDatabase(IApplicationBuilder app) { using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope()) { using (var context = scope.ServiceProvider.GetService <SCIMDbContext>()) { context.Database.Migrate(); var basePath = Path.Combine(Env.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group); if (!context.SCIMSchemaLst.Any()) { context.SCIMSchemaLst.Add(userSchema.ToModel()); context.SCIMSchemaLst.Add(groupSchema.ToModel()); } if (!context.SCIMAttributeMappingLst.Any()) { var attributeMapping = new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id }; context.SCIMAttributeMappingLst.Add(attributeMapping.ToModel()); } context.SaveChanges(); } } }
public void ConfigureServices(IServiceCollection services) { var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(o => { o.EnableEndpointRouting = false; o.AddSCIMValueProviders(); }).AddNewtonsoftJson(o => { }); services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "https://localhost:60000", ValidAudiences = new List <string> { "scimClient", "gatewayClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); var schemas = new List <SCIMSchema> { userSchema, groupSchema }; services.AddSIDScim(options: _ => { _.IgnoreUnsupportedCanonicalValues = false; }) .AddSchemas(schemas) .AddAttributeMapping(new List <SCIMAttributeMapping> { new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, SourceResourceType = StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id }, }); }
public void ConfigureServices(IServiceCollection services) { var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(o => { o.EnableEndpointRouting = false; o.AddSCIMValueProviders(); }).AddNewtonsoftJson(o => { }); services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "https://localhost:60000", ValidAudiences = new List <string> { "scimClient", "gatewayClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); var schemas = new List <SCIMSchema> { userSchema, groupSchema }; services.AddSIDScim(options: _ => { _.IgnoreUnsupportedCanonicalValues = false; }); services.AddScimStoreMongoDB(opt => { opt.ConnectionString = "<<CONNECTIONSTRING>>"; opt.Database = "<<DATABASENAME>>"; opt.CollectionSchemas = "mappings"; opt.CollectionSchemas = "schemas"; opt.CollectionRepresentations = "representations"; opt.SupportTransaction = false; }, schemas); }
public void ConfigureServices(IServiceCollection services) { var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(o => { o.EnableEndpointRouting = false; o.AddSCIMValueProviders(); }).AddNewtonsoftJson(o => { }); services.AddLogging(); services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "https://localhost:60000", ValidAudiences = new List <string> { "scimClient", "gatewayClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); services.AddSIDScim(_ => { _.IgnoreUnsupportedCanonicalValues = false; }); var basePath = Path.Combine(Env.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User, true); var eidUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMConstants.SCIMEndpoints.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group, true); userSchema.SchemaExtensions.Add(new SCIMSchemaExtension { Id = Guid.NewGuid().ToString(), Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" }); var schemas = new List <SCIMSchema> { userSchema, groupSchema, eidUserSchema }; services.AddScimStoreMongoDB(opt => { opt.ConnectionString = CONNECTION_STRING; opt.Database = DATABASE_NAME; opt.CollectionMappings = MAPPINGS; opt.CollectionRepresentations = REPRESENTATIONS; opt.CollectionSchemas = SCHEMAS; opt.SupportTransaction = SUPPORT_TRANSACTION; }, schemas, new List <SCIMAttributeMapping> { new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id } }); }
public void ConfigureServices(IServiceCollection services) { var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(); services.AddLogging(); services.AddAuthorization(opts => { // By pass authorization rules. opts.AddPolicy("QueryScimResource", p => p.RequireAssertion(_ => true)); opts.AddPolicy("AddScimResource", p => p.RequireAssertion(_ => true)); opts.AddPolicy("DeleteScimResource", p => p.RequireAssertion(_ => true)); opts.AddPolicy("UpdateScimResource", p => p.RequireAssertion(_ => true)); opts.AddPolicy("BulkScimResource", p => p.RequireAssertion(_ => true)); opts.AddPolicy("UserAuthenticated", p => p.RequireAssertion(_ => true)); }); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "http://localhost:60000", ValidAudiences = new List <string> { "scimClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); services.AddSIDScim(_ => { _.IgnoreUnsupportedCanonicalValues = false; }); var basePath = Path.Combine(Env.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group); var schemas = new List <SCIMSchema> { userSchema, groupSchema }; services.AddScimStoreMongoDB(opt => { opt.ConnectionString = CONNECTION_STRING; opt.Database = DATABASE_NAME; opt.CollectionMappings = MAPPINGS; opt.CollectionRepresentations = REPRESENTATIONS; opt.CollectionSchemas = SCHEMAS; }, schemas, new List <SCIMAttributeMapping> { new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id } }); }
public void ConfigureServices(IServiceCollection services) { var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(o => { o.EnableEndpointRouting = false; o.AddSCIMValueProviders(); }).AddNewtonsoftJson(o => { }); services.AddLogging(opt => { opt.AddConsole(); opt.AddFilter((s, l) => { return(s.StartsWith("SimpleIdServer.Scim")); }); }); services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "http://localhost:60000", ValidAudiences = new List <string> { "scimClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User); var enterpriseUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUserSchema.json"), SCIMConstants.SCIMEndpoints.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group); var customResource = Builder.SCIMSchemaBuilder.Create("urn:customresource", "CustomResources", "CustomResources") .AddStringAttribute("name") .AddStringAttribute("lastname") .AddDateTimeAttribute("birthDate") .Build(); userSchema.SchemaExtensions.Add(new SCIMSchemaExtension { Id = Guid.NewGuid().ToString(), Schema = enterpriseUserSchema.Id }); var schemas = new List <SCIMSchema> { userSchema, groupSchema, enterpriseUserSchema, customResource }; services.AddSwaggerGen(c => { var currentAssembly = Assembly.GetExecutingAssembly(); var xmlDocs = currentAssembly.GetReferencedAssemblies() .Union(new AssemblyName[] { currentAssembly.GetName() }) .Select(a => Path.Combine(Path.GetDirectoryName(currentAssembly.Location), $"{a.Name}.xml")) .Where(f => File.Exists(f)).ToArray(); Array.ForEach(xmlDocs, (d) => { c.IncludeXmlComments(d); }); }); services.AddSCIMSwagger(); services.AddSIDScim(_ => { _.IgnoreUnsupportedCanonicalValues = false; }) .AddSchemas(schemas) .AddAttributeMapping(new List <SCIMAttributeMapping> { new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id } }); }
private void InitializeDatabase(IApplicationBuilder app) { using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope()) { using (var context = scope.ServiceProvider.GetService <SCIMDbContext>()) { context.Database.Migrate(); var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); var eidUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMResourceTypes.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); userSchema.SchemaExtensions.Add(new SCIMSchemaExtension { Id = Guid.NewGuid().ToString(), Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" }); if (!context.SCIMSchemaLst.Any()) { context.SCIMSchemaLst.Add(userSchema); context.SCIMSchemaLst.Add(groupSchema); context.SCIMSchemaLst.Add(eidUserSchema); } if (!context.SCIMAttributeMappingLst.Any()) { var firstAttributeMapping = new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, SourceResourceType = StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id }; var secondAttributeMapping = new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, SourceResourceType = StandardSchemas.GroupSchema.ResourceType, SourceAttributeSelector = "members", TargetResourceType = StandardSchemas.UserSchema.ResourceType, TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id }; context.SCIMAttributeMappingLst.Add(firstAttributeMapping); context.SCIMAttributeMappingLst.Add(secondAttributeMapping); } if (!context.ProvisioningConfigurations.Any()) { context.ProvisioningConfigurations.Add(new ProvisioningConfiguration { Id = Guid.NewGuid().ToString(), Type = ProvisioningConfigurationTypes.API, ResourceType = "ScimUser", UpdateDateTime = DateTime.UtcNow, Records = new List <ProvisioningConfigurationRecord> { new ProvisioningConfigurationRecord { Name = "tokenEdp", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { $"{Configuration["OpenIdUrl"]}/token" } }, new ProvisioningConfigurationRecord { Name = "targetUrl", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { $"{Configuration["OpenIdUrl"]}/management/users/scim" } }, new ProvisioningConfigurationRecord { Name = "clientId", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "provisioningClient" } }, new ProvisioningConfigurationRecord { Name = "clientSecret", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "provisioningClientSecret" } }, new ProvisioningConfigurationRecord { Name = "scopes", IsArray = true, Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "manage_users" } }, new ProvisioningConfigurationRecord { Name = "httpRequestTemplate", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "{ 'generate_otp': true, 'scim_id' : '{{id}}', 'content' : { 'sub' : '{{externalId}}', 'claims': { 'scim_id': '{{id}}', 'name': '{{userName}}', 'given_name' : '{{name.givenName}}', 'family_name': '{{name.familyName}}', 'middle_name': '{{claims.middleName}}' } } }" } }, new ProvisioningConfigurationRecord { Name = "bpmnHost", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { Configuration["BpmnUrl"] } }, new ProvisioningConfigurationRecord { Name = "bpmnFileId", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "c1aa1cd88cb94150c61f04b70795cb03646d43a8a65b4de005c2e6294b3aa1ff" } }, new ProvisioningConfigurationRecord { Name = "messageToken", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "{ 'name': 'user', 'messageContent': { 'userId': '{{externalId}}', 'email': '{{emails[0].value}}' }}" } } } }); context.ProvisioningConfigurations.Add(new ProvisioningConfiguration { Id = Guid.NewGuid().ToString(), Type = ProvisioningConfigurationTypes.API, ResourceType = "OpenIdUser", UpdateDateTime = DateTime.UtcNow, Records = new List <ProvisioningConfigurationRecord> { new ProvisioningConfigurationRecord { Name = "tokenEdp", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { $"{Configuration["OpenIdUrl"]}/token" } }, new ProvisioningConfigurationRecord { Name = "targetUrl", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { $"{Configuration["ScimUrl"]}/Users" } }, new ProvisioningConfigurationRecord { Name = "clientId", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "provisioningClient" } }, new ProvisioningConfigurationRecord { Name = "clientSecret", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "provisioningClientSecret" } }, new ProvisioningConfigurationRecord { Name = "scopes", IsArray = true, Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "add_scim_resource" } }, new ProvisioningConfigurationRecord { Name = "httpRequestTemplate", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List <string> { "{ 'schemas' : ['urn:ietf:params:scim:schemas:core:2.0:User'], 'externalId': '{{sub}}', 'userName': '******', 'name': { 'givenName': '{{given_name??sub}}', 'middleName' : '{{middle_name??sub}}', 'familyName': '{{family_name??sub}}' }, 'emails': [ { 'value' : '{{email}}' } ] }" } } } }); } context.SaveChanges(); } } }
public void ConfigureServices(IServiceCollection services) { var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(); services.AddLogging(opt => { opt.AddFilter((s, l) => { return(s.StartsWith("SimpleIdServer.Scim")); }); }); services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy()); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "http://localhost:60000", ValidAudiences = new List <string> { "scimClient" }, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); var basePath = Path.Combine(Env.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group); var customResource = Builder.SCIMSchemaBuilder.Create("urn:customresource", "CustomResources", "CustomResources") .AddStringAttribute("name") .AddStringAttribute("lastname") .Build(); var schemas = new List <SCIMSchema> { userSchema, groupSchema, customResource }; services.AddSIDScim(_ => { _.IgnoreUnsupportedCanonicalValues = false; }) .AddSchemas(schemas) .AddAttributeMapping(new List <SCIMAttributeMapping> { new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id } }); }
public void ConfigureServices(IServiceCollection services) { var json = File.ReadAllText("oauth_puk.txt"); var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json); var rsaParameters = new RSAParameters { Modulus = dic.TryGet(RSAFields.Modulus), Exponent = dic.TryGet(RSAFields.Exponent) }; var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters); services.AddMvc(o => { o.EnableEndpointRouting = false; o.AddSCIMValueProviders(); }).AddNewtonsoftJson(o => { }); services.AddAuthorization(opts => { opts.AddPolicy("QueryScimResource", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("AddScimResource", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("DeleteScimResource", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("UpdateScimResource", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("BulkScimResource", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("UserAuthenticated", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("Provison", p => p.RequireClaim("scope", "admin")); opts.AddPolicy("Authenticated", p => p.RequireAuthenticatedUser()); }); services.AddAuthentication(SCIMConstants.AuthenticationScheme) .AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg => { cfg.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = "http://localhost:5001", ValidAudiences = new List <string> { "admin", "firstOrg", "secondOrg" }, ValidateAudience = true, ValidateIssuerSigningKey = true, IssuerSigningKey = oauthRsaSecurityKey }; }); var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true); var enterpriseUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUserSchema.json"), SCIMResourceTypes.User); userSchema.SchemaExtensions.Add(new SCIMSchemaExtension { Id = Guid.NewGuid().ToString(), Schema = enterpriseUserSchema.Id }); var schemas = new List <SCIMSchema> { userSchema, groupSchema, enterpriseUserSchema }; services.AddSwaggerGen(c => { var currentAssembly = Assembly.GetExecutingAssembly(); var xmlDocs = currentAssembly.GetReferencedAssemblies() .Union(new AssemblyName[] { currentAssembly.GetName() }) .Select(a => Path.Combine(Path.GetDirectoryName(currentAssembly.Location), $"{a.Name}.xml")) .Where(f => File.Exists(f)).ToArray(); Array.ForEach(xmlDocs, (d) => { c.IncludeXmlComments(d); }); }); services.AddSCIMSwagger(); services.AddSIDScim(options: _ => { _.IgnoreUnsupportedCanonicalValues = false; }) .AddSchemas(schemas) .AddAttributeMapping(new List <SCIMAttributeMapping> { new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, SourceResourceType = StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id }, }); }
private void InitializeDatabase(IApplicationBuilder app) { using (var scope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope()) { using (var context = scope.ServiceProvider.GetService<SCIMDbContext>()) { context.Database.Migrate(); var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas"); var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User, true); var eidUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMConstants.SCIMEndpoints.User); var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group, true); userSchema.SchemaExtensions.Add(new SCIMSchemaExtension { Id = Guid.NewGuid().ToString(), Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User" }); if (!context.SCIMSchemaLst.Any()) { context.SCIMSchemaLst.Add(userSchema.ToModel()); context.SCIMSchemaLst.Add(groupSchema.ToModel()); context.SCIMSchemaLst.Add(eidUserSchema.ToModel()); } if (!context.SCIMAttributeMappingLst.Any()) { var firstAttributeMapping = new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id, SourceValueAttributeId = userSchema.Attributes.First(a => a.Name == "groups").SubAttributes.First(g => g.Name == "value").Id, SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, SourceAttributeSelector = "groups", TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id }; var secondAttributeMapping = new SCIMAttributeMapping { Id = Guid.NewGuid().ToString(), SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id, SourceValueAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(g => g.Name == "value").Id, SourceResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType, SourceAttributeSelector = "members", TargetResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType, TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").SubAttributes.First(a => a.Name == "value").Id }; context.SCIMAttributeMappingLst.Add(firstAttributeMapping.ToModel()); context.SCIMAttributeMappingLst.Add(secondAttributeMapping.ToModel()); } if (!context.ProvisioningConfigurations.Any()) { context.ProvisioningConfigurations.Add(new ProvisioningConfiguration { Id = Guid.NewGuid().ToString(), Type = ProvisioningConfigurationTypes.API, ResourceType = SCIMConstants.SCIMEndpoints.User, UpdateDateTime = DateTime.UtcNow, Records = new List<ProvisioningConfigurationRecord> { new ProvisioningConfigurationRecord { Name = "tokenEdp", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "https://localhost:60000/token" } }, new ProvisioningConfigurationRecord { Name = "targetUrl", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "https://localhost:60000/management/users/scim" } }, new ProvisioningConfigurationRecord { Name = "clientId", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "provisioningClient" } }, new ProvisioningConfigurationRecord { Name = "clientSecret", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "provisioningClientSecret" } }, new ProvisioningConfigurationRecord { Name = "scopes", IsArray = true, Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "manage_users" } }, new ProvisioningConfigurationRecord { Name = "mapping", IsArray = true, Type = ProvisioningConfigurationRecordTypes.COMPLEX, Values = new List<ProvisioningConfigurationRecord> { // subject new ProvisioningConfigurationRecord { Name = "externalId", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "sub" } }, // scim_id new ProvisioningConfigurationRecord { Name = "id", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "claims.scim_id" } }, // name new ProvisioningConfigurationRecord { Name = "userName", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "claims.name" } }, // givenName new ProvisioningConfigurationRecord { Name = "name.givenName", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "claims.given_name" } }, // familyName new ProvisioningConfigurationRecord { Name = "name.familyName", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "claims.family_name" } }, // middleName new ProvisioningConfigurationRecord { Name = "name.middleName", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "claims.middle_name" } } } }, new ProvisioningConfigurationRecord { Name = "bpmnHost", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "http://localhost:60007" } }, new ProvisioningConfigurationRecord { Name ="bpmnFileId", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "c1aa1cd88cb94150c61f04b70795cb03646d43a8a65b4de005c2e6294b3aa1ff" } }, new ProvisioningConfigurationRecord { Name = "messageToken", Type = ProvisioningConfigurationRecordTypes.STRING, ValuesString = new List<string> { "{ 'name': 'user', 'messageContent': { 'userId': '{{id}}', 'email': '{{emails[0].value}}' }}" } } } }); } context.SaveChanges(); } } }