SCIM service
The System for Cross-Domain Identity Management (SCIM) service is an assembly line that acts as a server in SDI providing:
- An interface to the IBM Security Directory Server
- An HTTP connector for servers that use the SCIM protocol
The backend to the SCIM server must be an IBM Security Directory Server that contains the identity data. The SCIM server receives the requests and connects to the IBM Security Directory Server to access the data to serve the requests. The SCIM connector implements the SCIM protocol using JavaScript and an HTTP Client Connector.
Supported software
The SCIM service provided with SDI v7.2 supports IBM Security Directory Server Version 6.3.1 and adheres to the SCIM 1.1 specification.
Supported features
- Use IBM Security Directory Server as the backend directory
- Enterprise user schema extension
- JSON data type
- GET/PUT/POST/DELETE requests
- The modify with PATCH (HTTP) request allows consumers to send only the attributes that require modification
- Pagination
- HTTP Basic authentication
- Use the filter query parameter to request a subset of resources.
- Partial resources allows use of the attributes query parameter to specify attributes that must be returned
- Sorting to specify the order in which the resources are returned.
The current version of the SCIM server does not support:
- OAuth authentication
- Bulk updates
- Automatic limitation of number of resources returned.
Note that the password policy must be turned on in the IBM Security Directory Server. To turn on the password policy, set ibm-pwdPolicy to true under cn=pwdpolicy,cn=ibmpolicies. This setting allows SCIM to read the ibm-pwdAccountLocked setting from IBM Security Directory Server. For more information about setting the password policy, see the IBM Security Directory Server documentation and search for Setting password policy.
Parent topic:
System for Cross-Domain Identity Management