Hi all, With the current user core implementation we do not include a SCIM user_id for admin users (Since SCIM is not used in all products) which prevents SCIM based CRUD operations on admin users. In order to implement this we have identified the following two approaches.
*#option 1* Generate admin users' SCIM userId in SCIM component activator at server start up (for admin users in super tenant domain). For tenant admins we can configure a listener on tenant admin creation in TenantMgtService[2] to generate user_id if SCIM is enabled. *#option 2* In AbstractUserStoreManager [1] modify addInitialAdminData() operation to apply SCIM user_id claim when adding a new admin user. For the default LDAP admin we can check the already existing claims for the user_id claim and generate a random id if it doesn't exist. For tenant admins this can be done via the above mentioned listener. In this approach we expose SCIM on all the other products which do not support SCIM since we implement this at kernel level. In my opinion, option 1 would be more suitable since in this approach we do not need to additionally provide this feature on products that do not support SCIM. Highly appreciate your suggestions on this. [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/ org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/common/ AbstractUserStoreManager.java#L3835 [2] https://github.com/wso2/carbon-multitenancy/blob/ master/components/tenant-mgt/org.wso2.carbon.tenant.mgt/ src/main/java/org/wso2/carbon/tenant/mgt/services/ TenantMgtAdminService.java#L57 Thanks, Sathya -- Sathya Bandara Software Engineer WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 <+94%2071%20411%205032> <+94%2071%20411%205032>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
