public static void When_Extract_SCIMSchema()
{
var filePath = Path.Combine(Directory.GetCurrentDirectory(), "Schemas", "UserSchema.json");
var result = SCIMSchemaExtractor.Extract(filePath, SCIMConstants.SCIMEndpoints.User);
Assert.NotNull(result);
}
private void InitializeDatabase(IApplicationBuilder app)
{
using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
using (var context = scope.ServiceProvider.GetService <SCIMDbContext>())
{
context.Database.Migrate();
var basePath = Path.Combine(Env.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group);
if (!context.SCIMSchemaLst.Any())
{
context.SCIMSchemaLst.Add(userSchema.ToModel());
context.SCIMSchemaLst.Add(groupSchema.ToModel());
}
if (!context.SCIMAttributeMappingLst.Any())
{
var attributeMapping = new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
};
context.SCIMAttributeMappingLst.Add(attributeMapping.ToModel());
}
context.SaveChanges();
}
}
}
public void ConfigureServices(IServiceCollection services)
{
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc(o =>
{
o.EnableEndpointRouting = false;
o.AddSCIMValueProviders();
}).AddNewtonsoftJson(o => { });
services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy());
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://localhost:60000",
ValidAudiences = new List <string>
{
"scimClient", "gatewayClient"
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true);
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema
};
services.AddSIDScim(options: _ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
})
.AddSchemas(schemas)
.AddAttributeMapping(new List <SCIMAttributeMapping>
{
new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id,
SourceResourceType = StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id
},
});
}
public void ConfigureServices(IServiceCollection services)
{
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc(o =>
{
o.EnableEndpointRouting = false;
o.AddSCIMValueProviders();
}).AddNewtonsoftJson(o => { });
services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy());
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://localhost:60000",
ValidAudiences = new List <string>
{
"scimClient", "gatewayClient"
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true);
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema
};
services.AddSIDScim(options: _ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
});
services.AddScimStoreMongoDB(opt =>
{
opt.ConnectionString = "<<CONNECTIONSTRING>>";
opt.Database = "<<DATABASENAME>>";
opt.CollectionSchemas = "mappings";
opt.CollectionSchemas = "schemas";
opt.CollectionRepresentations = "representations";
opt.SupportTransaction = false;
}, schemas);
}
public void ConfigureServices(IServiceCollection services)
{
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc(o =>
{
o.EnableEndpointRouting = false;
o.AddSCIMValueProviders();
}).AddNewtonsoftJson(o => { });
services.AddLogging();
services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy());
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "https://localhost:60000",
ValidAudiences = new List <string>
{
"scimClient", "gatewayClient"
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
services.AddSIDScim(_ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
});
var basePath = Path.Combine(Env.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User, true);
var eidUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group, true);
userSchema.SchemaExtensions.Add(new SCIMSchemaExtension
{
Id = Guid.NewGuid().ToString(),
Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User"
});
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema,
eidUserSchema
};
services.AddScimStoreMongoDB(opt =>
{
opt.ConnectionString = CONNECTION_STRING;
opt.Database = DATABASE_NAME;
opt.CollectionMappings = MAPPINGS;
opt.CollectionRepresentations = REPRESENTATIONS;
opt.CollectionSchemas = SCHEMAS;
opt.SupportTransaction = SUPPORT_TRANSACTION;
}, schemas,
new List <SCIMAttributeMapping>
{
new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id,
SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
}
});
}
public void ConfigureServices(IServiceCollection services)
{
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc();
services.AddLogging();
services.AddAuthorization(opts =>
{
// By pass authorization rules.
opts.AddPolicy("QueryScimResource", p => p.RequireAssertion(_ => true));
opts.AddPolicy("AddScimResource", p => p.RequireAssertion(_ => true));
opts.AddPolicy("DeleteScimResource", p => p.RequireAssertion(_ => true));
opts.AddPolicy("UpdateScimResource", p => p.RequireAssertion(_ => true));
opts.AddPolicy("BulkScimResource", p => p.RequireAssertion(_ => true));
opts.AddPolicy("UserAuthenticated", p => p.RequireAssertion(_ => true));
});
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "http://localhost:60000",
ValidAudiences = new List <string>
{
"scimClient"
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
services.AddSIDScim(_ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
});
var basePath = Path.Combine(Env.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group);
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema
};
services.AddScimStoreMongoDB(opt =>
{
opt.ConnectionString = CONNECTION_STRING;
opt.Database = DATABASE_NAME;
opt.CollectionMappings = MAPPINGS;
opt.CollectionRepresentations = REPRESENTATIONS;
opt.CollectionSchemas = SCHEMAS;
}, schemas,
new List <SCIMAttributeMapping>
{
new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
}
});
}
public void ConfigureServices(IServiceCollection services)
{
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc(o =>
{
o.EnableEndpointRouting = false;
o.AddSCIMValueProviders();
}).AddNewtonsoftJson(o => { });
services.AddLogging(opt =>
{
opt.AddConsole();
opt.AddFilter((s, l) =>
{
return(s.StartsWith("SimpleIdServer.Scim"));
});
});
services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy());
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "http://localhost:60000",
ValidAudiences = new List <string>
{
"scimClient"
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var enterpriseUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group);
var customResource = Builder.SCIMSchemaBuilder.Create("urn:customresource", "CustomResources", "CustomResources")
.AddStringAttribute("name")
.AddStringAttribute("lastname")
.AddDateTimeAttribute("birthDate")
.Build();
userSchema.SchemaExtensions.Add(new SCIMSchemaExtension
{
Id = Guid.NewGuid().ToString(),
Schema = enterpriseUserSchema.Id
});
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema,
enterpriseUserSchema,
customResource
};
services.AddSwaggerGen(c =>
{
var currentAssembly = Assembly.GetExecutingAssembly();
var xmlDocs = currentAssembly.GetReferencedAssemblies()
.Union(new AssemblyName[] { currentAssembly.GetName() })
.Select(a => Path.Combine(Path.GetDirectoryName(currentAssembly.Location), $"{a.Name}.xml"))
.Where(f => File.Exists(f)).ToArray();
Array.ForEach(xmlDocs, (d) =>
{
c.IncludeXmlComments(d);
});
});
services.AddSCIMSwagger();
services.AddSIDScim(_ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
})
.AddSchemas(schemas)
.AddAttributeMapping(new List <SCIMAttributeMapping>
{
new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
}
});
}
private void InitializeDatabase(IApplicationBuilder app)
{
using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope())
{
using (var context = scope.ServiceProvider.GetService <SCIMDbContext>())
{
context.Database.Migrate();
var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true);
var eidUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMResourceTypes.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true);
userSchema.SchemaExtensions.Add(new SCIMSchemaExtension
{
Id = Guid.NewGuid().ToString(),
Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User"
});
if (!context.SCIMSchemaLst.Any())
{
context.SCIMSchemaLst.Add(userSchema);
context.SCIMSchemaLst.Add(groupSchema);
context.SCIMSchemaLst.Add(eidUserSchema);
}
if (!context.SCIMAttributeMappingLst.Any())
{
var firstAttributeMapping = new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id,
SourceResourceType = StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id
};
var secondAttributeMapping = new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id,
SourceResourceType = StandardSchemas.GroupSchema.ResourceType,
SourceAttributeSelector = "members",
TargetResourceType = StandardSchemas.UserSchema.ResourceType,
TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id
};
context.SCIMAttributeMappingLst.Add(firstAttributeMapping);
context.SCIMAttributeMappingLst.Add(secondAttributeMapping);
}
if (!context.ProvisioningConfigurations.Any())
{
context.ProvisioningConfigurations.Add(new ProvisioningConfiguration
{
Id = Guid.NewGuid().ToString(),
Type = ProvisioningConfigurationTypes.API,
ResourceType = "ScimUser",
UpdateDateTime = DateTime.UtcNow,
Records = new List <ProvisioningConfigurationRecord>
{
new ProvisioningConfigurationRecord
{
Name = "tokenEdp",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
$"{Configuration["OpenIdUrl"]}/token"
}
},
new ProvisioningConfigurationRecord
{
Name = "targetUrl",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
$"{Configuration["OpenIdUrl"]}/management/users/scim"
}
},
new ProvisioningConfigurationRecord
{
Name = "clientId",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"provisioningClient"
}
},
new ProvisioningConfigurationRecord
{
Name = "clientSecret",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"provisioningClientSecret"
}
},
new ProvisioningConfigurationRecord
{
Name = "scopes",
IsArray = true,
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"manage_users"
}
},
new ProvisioningConfigurationRecord
{
Name = "httpRequestTemplate",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"{ 'generate_otp': true, 'scim_id' : '{{id}}', 'content' : { 'sub' : '{{externalId}}', 'claims': { 'scim_id': '{{id}}', 'name': '{{userName}}', 'given_name' : '{{name.givenName}}', 'family_name': '{{name.familyName}}', 'middle_name': '{{claims.middleName}}' } } }"
}
},
new ProvisioningConfigurationRecord
{
Name = "bpmnHost",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
Configuration["BpmnUrl"]
}
},
new ProvisioningConfigurationRecord
{
Name = "bpmnFileId",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"c1aa1cd88cb94150c61f04b70795cb03646d43a8a65b4de005c2e6294b3aa1ff"
}
},
new ProvisioningConfigurationRecord
{
Name = "messageToken",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"{ 'name': 'user', 'messageContent': { 'userId': '{{externalId}}', 'email': '{{emails[0].value}}' }}"
}
}
}
});
context.ProvisioningConfigurations.Add(new ProvisioningConfiguration
{
Id = Guid.NewGuid().ToString(),
Type = ProvisioningConfigurationTypes.API,
ResourceType = "OpenIdUser",
UpdateDateTime = DateTime.UtcNow,
Records = new List <ProvisioningConfigurationRecord>
{
new ProvisioningConfigurationRecord
{
Name = "tokenEdp",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
$"{Configuration["OpenIdUrl"]}/token"
}
},
new ProvisioningConfigurationRecord
{
Name = "targetUrl",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
$"{Configuration["ScimUrl"]}/Users"
}
},
new ProvisioningConfigurationRecord
{
Name = "clientId",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"provisioningClient"
}
},
new ProvisioningConfigurationRecord
{
Name = "clientSecret",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"provisioningClientSecret"
}
},
new ProvisioningConfigurationRecord
{
Name = "scopes",
IsArray = true,
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"add_scim_resource"
}
},
new ProvisioningConfigurationRecord
{
Name = "httpRequestTemplate",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List <string>
{
"{ 'schemas' : ['urn:ietf:params:scim:schemas:core:2.0:User'], 'externalId': '{{sub}}', 'userName': '******', 'name': { 'givenName': '{{given_name??sub}}', 'middleName' : '{{middle_name??sub}}', 'familyName': '{{family_name??sub}}' }, 'emails': [ { 'value' : '{{email}}' } ] }"
}
}
}
});
}
context.SaveChanges();
}
}
}
public void ConfigureServices(IServiceCollection services)
{
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc();
services.AddLogging(opt =>
{
opt.AddFilter((s, l) =>
{
return(s.StartsWith("SimpleIdServer.Scim"));
});
});
services.AddAuthorization(opts => opts.AddDefaultSCIMAuthorizationPolicy());
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "http://localhost:60000",
ValidAudiences = new List <string>
{
"scimClient"
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
var basePath = Path.Combine(Env.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group);
var customResource = Builder.SCIMSchemaBuilder.Create("urn:customresource", "CustomResources", "CustomResources")
.AddStringAttribute("name")
.AddStringAttribute("lastname")
.Build();
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema,
customResource
};
services.AddSIDScim(_ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
})
.AddSchemas(schemas)
.AddAttributeMapping(new List <SCIMAttributeMapping>
{
new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
}
});
}
public void ConfigureServices(IServiceCollection services)
{
var json = File.ReadAllText("oauth_puk.txt");
var dic = JsonConvert.DeserializeObject <Dictionary <string, string> >(json);
var rsaParameters = new RSAParameters
{
Modulus = dic.TryGet(RSAFields.Modulus),
Exponent = dic.TryGet(RSAFields.Exponent)
};
var oauthRsaSecurityKey = new RsaSecurityKey(rsaParameters);
services.AddMvc(o =>
{
o.EnableEndpointRouting = false;
o.AddSCIMValueProviders();
}).AddNewtonsoftJson(o => { });
services.AddAuthorization(opts =>
{
opts.AddPolicy("QueryScimResource", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("AddScimResource", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("DeleteScimResource", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("UpdateScimResource", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("BulkScimResource", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("UserAuthenticated", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("Provison", p => p.RequireClaim("scope", "admin"));
opts.AddPolicy("Authenticated", p => p.RequireAuthenticatedUser());
});
services.AddAuthentication(SCIMConstants.AuthenticationScheme)
.AddJwtBearer(SCIMConstants.AuthenticationScheme, cfg =>
{
cfg.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = "http://localhost:5001",
ValidAudiences = new List <string>
{
"admin", "firstOrg", "secondOrg"
},
ValidateAudience = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = oauthRsaSecurityKey
};
});
var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMResourceTypes.User, true);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMResourceTypes.Group, true);
var enterpriseUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EnterpriseUserSchema.json"), SCIMResourceTypes.User);
userSchema.SchemaExtensions.Add(new SCIMSchemaExtension
{
Id = Guid.NewGuid().ToString(),
Schema = enterpriseUserSchema.Id
});
var schemas = new List <SCIMSchema>
{
userSchema,
groupSchema,
enterpriseUserSchema
};
services.AddSwaggerGen(c =>
{
var currentAssembly = Assembly.GetExecutingAssembly();
var xmlDocs = currentAssembly.GetReferencedAssemblies()
.Union(new AssemblyName[] { currentAssembly.GetName() })
.Select(a => Path.Combine(Path.GetDirectoryName(currentAssembly.Location), $"{a.Name}.xml"))
.Where(f => File.Exists(f)).ToArray();
Array.ForEach(xmlDocs, (d) =>
{
c.IncludeXmlComments(d);
});
});
services.AddSCIMSwagger();
services.AddSIDScim(options: _ =>
{
_.IgnoreUnsupportedCanonicalValues = false;
})
.AddSchemas(schemas)
.AddAttributeMapping(new List <SCIMAttributeMapping>
{
new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id,
SourceResourceType = StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id
},
});
}
private void InitializeDatabase(IApplicationBuilder app)
{
using (var scope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
{
using (var context = scope.ServiceProvider.GetService<SCIMDbContext>())
{
context.Database.Migrate();
var basePath = Path.Combine(_webHostEnvironment.ContentRootPath, "Schemas");
var userSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "UserSchema.json"), SCIMConstants.SCIMEndpoints.User, true);
var eidUserSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "EIDUserSchema.json"), SCIMConstants.SCIMEndpoints.User);
var groupSchema = SCIMSchemaExtractor.Extract(Path.Combine(basePath, "GroupSchema.json"), SCIMConstants.SCIMEndpoints.Group, true);
userSchema.SchemaExtensions.Add(new SCIMSchemaExtension
{
Id = Guid.NewGuid().ToString(),
Schema = "urn:ietf:params:scim:schemas:extension:eid:2.0:User"
});
if (!context.SCIMSchemaLst.Any())
{
context.SCIMSchemaLst.Add(userSchema.ToModel());
context.SCIMSchemaLst.Add(groupSchema.ToModel());
context.SCIMSchemaLst.Add(eidUserSchema.ToModel());
}
if (!context.SCIMAttributeMappingLst.Any())
{
var firstAttributeMapping = new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = userSchema.Attributes.First(a => a.Name == "groups").Id,
SourceValueAttributeId = userSchema.Attributes.First(a => a.Name == "groups").SubAttributes.First(g => g.Name == "value").Id,
SourceResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
SourceAttributeSelector = "groups",
TargetResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
TargetAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(a => a.Name == "value").Id
};
var secondAttributeMapping = new SCIMAttributeMapping
{
Id = Guid.NewGuid().ToString(),
SourceAttributeId = groupSchema.Attributes.First(a => a.Name == "members").Id,
SourceValueAttributeId = groupSchema.Attributes.First(a => a.Name == "members").SubAttributes.First(g => g.Name == "value").Id,
SourceResourceType = SCIMConstants.StandardSchemas.GroupSchema.ResourceType,
SourceAttributeSelector = "members",
TargetResourceType = SCIMConstants.StandardSchemas.UserSchema.ResourceType,
TargetAttributeId = userSchema.Attributes.First(a => a.Name == "groups").SubAttributes.First(a => a.Name == "value").Id
};
context.SCIMAttributeMappingLst.Add(firstAttributeMapping.ToModel());
context.SCIMAttributeMappingLst.Add(secondAttributeMapping.ToModel());
}
if (!context.ProvisioningConfigurations.Any())
{
context.ProvisioningConfigurations.Add(new ProvisioningConfiguration
{
Id = Guid.NewGuid().ToString(),
Type = ProvisioningConfigurationTypes.API,
ResourceType = SCIMConstants.SCIMEndpoints.User,
UpdateDateTime = DateTime.UtcNow,
Records = new List<ProvisioningConfigurationRecord>
{
new ProvisioningConfigurationRecord
{
Name = "tokenEdp",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"https://localhost:60000/token"
}
},
new ProvisioningConfigurationRecord
{
Name = "targetUrl",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"https://localhost:60000/management/users/scim"
}
},
new ProvisioningConfigurationRecord
{
Name = "clientId",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"provisioningClient"
}
},
new ProvisioningConfigurationRecord
{
Name = "clientSecret",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"provisioningClientSecret"
}
},
new ProvisioningConfigurationRecord
{
Name = "scopes",
IsArray = true,
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"manage_users"
}
},
new ProvisioningConfigurationRecord
{
Name = "mapping",
IsArray = true,
Type = ProvisioningConfigurationRecordTypes.COMPLEX,
Values = new List<ProvisioningConfigurationRecord>
{
// subject
new ProvisioningConfigurationRecord
{
Name = "externalId",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"sub"
}
},
// scim_id
new ProvisioningConfigurationRecord
{
Name = "id",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"claims.scim_id"
}
},
// name
new ProvisioningConfigurationRecord
{
Name = "userName",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"claims.name"
}
},
// givenName
new ProvisioningConfigurationRecord
{
Name = "name.givenName",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"claims.given_name"
}
},
// familyName
new ProvisioningConfigurationRecord
{
Name = "name.familyName",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"claims.family_name"
}
},
// middleName
new ProvisioningConfigurationRecord
{
Name = "name.middleName",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"claims.middle_name"
}
}
}
},
new ProvisioningConfigurationRecord
{
Name = "bpmnHost",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"http://localhost:60007"
}
},
new ProvisioningConfigurationRecord
{
Name ="bpmnFileId",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"c1aa1cd88cb94150c61f04b70795cb03646d43a8a65b4de005c2e6294b3aa1ff"
}
},
new ProvisioningConfigurationRecord
{
Name = "messageToken",
Type = ProvisioningConfigurationRecordTypes.STRING,
ValuesString = new List<string>
{
"{ 'name': 'user', 'messageContent': { 'userId': '{{id}}', 'email': '{{emails[0].value}}' }}"
}
}
}
});
}
context.SaveChanges();
}
}
}
