Azure Active Directory SCIM映射

问题描述 投票:1回答:1

我正在尝试在AAD中实现SCIM,并且很难映射字段。将用户添加到组中时。在此示例中,我希望发生以下情况:

(scim所做的几乎是什么)

  1. 已配置用户,已创建用户。

  2. 用户已取消配置,用户已删除

  3. [用户已添加到组,组更改

  4. 用户已从组中删除,组更改。

这里是api信息

getUsers

方法:get

URL:/scim/v2/Users?filter=userName+eq+%22example%40example.com%22

响应:

{
    "totalResults": 1,
    "startIndex": 1,
    "itemsPerPage": 1,
    "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ],
    "Resources": [
        {
            "emails": [ { "value": "[email protected]" } ],
            "appGroups": [ "Unicorn Team" ],
            "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ],
            "name": { "familyName": "Family", "givenName": "Given" }, // SCIM requires names, but no real names are stored; you'll always get back these placeholder values
            "active": true,
            "id": "[email protected]",
            "userName": "[email protected]",
            "status": "success"
        },
        ... // more users
    ]
}

addUsers

方法:post

url/scim/v2/Users

body

{
  "userName": "[email protected]",
  "appGroups": [ "Unicorn Team", "Rainbow Team" ],
  "active": true
}

响应:

{
    "emails": [
        {
            "value": "[email protected]"
        }
    ],
    "appGroups": [
        "Unicorn Team", 
        "Rainbow Team"

    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "name": {
        "familyName": "Family",
        "givenName": "Given"
    },
    "active": true,
    "id": "[email protected]",
    "userName": "[email protected]",
    "status": "success"
}

用户配置:

 "users": [
    {
      "email": "[email protected]",
      "groups": ["Unicorn Team", "Rainbow Team"]
    },
],
"groups": [
    {
      name: "Unicorn Team",
    },
    {
      name: "Rainbow Team",
    },
    {
      name: "X",
    },
    {
      name: "Y",
    },
    {
      name: "Z",
    },
 ]

putUsers

方法:put

URL:/scim/v2/Users/example%40example.com

正文:

{
  "userName": "[email protected]",
  "appGroups": [ "Unicorn Team", "X" ],
  "active": true
}

用户配置:

 "users": [
    {
      "email": "[email protected]",
      "groups": ["Unicorn Team", "X"]
    },
],
"groups": [
    {
      name: "Unicorn Team",
    },
    {
      name: "Rainbow Team",
    },
    {
      name: "X",
    },
    {
      name: "Y",
    },
    {
      name: "Z",
    },
 ]

patchUsers

方法:patch

URL:/scim/v2/Users/example%40example.com

正文:

{
  "active": false
}

响应:

{
    "emails": [
        {
            "value": "[email protected]"
        }
    ],
    "appGroups": [
        "Unicorn Group"
    ],
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User"
    ],
    "name": {
        "familyName": "Family",
        "givenName": "Given"
    },
    "active": false,
    "id": "[email protected]",
    "userName": "[email protected]",
    "status": "success"
}

用户配置

 "users": [

],
"groups": [
    {
      name: "Unicorn Team",
    },
    {
      name: "Rainbow Team",
    },
    {
      name: "X",
    },
    {
      name: "Y",
    },
    {
      name: "Z",
    },
 ]

Azure文件:https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups

azure azure-active-directory saml scim scim2
1个回答
0
投票

您能否描述您尝试做的事情以及收到的错误? AAD SCIM客户端支持您所描述的内容(请注意,非图库应用程序仅支持PATCH作为组成员)。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.