Hi Sathya, On Thu, Jul 20, 2017 at 2:34 PM, Sathya Bandara <[email protected]> wrote:
> Hi all, > > With the current user core implementation we do not include a SCIM user_id > for admin users (Since SCIM is not used in all products) which prevents > SCIM based CRUD operations on admin users. In order to implement this we > have identified the following two approaches. > > *#option 1* > > Generate admin users' SCIM userId in SCIM component activator at server > start up (for admin users in super tenant domain). For tenant admins we can > configure a listener on tenant admin creation in TenantMgtService[2] to > generate user_id if SCIM is enabled. > +1 to this approach. For tenant admins, we can create a TenantMgtListener and use onTenantCreate operation to create SCIM ID. With the SCIM ID, it is required add following claims as well - urn:scim:schemas:core:1.0:meta.created - urn:scim:schemas:core:1.0:meta.lastModified - urn:scim:schemas:core:1.0:userName Thanks Isura. > *#option 2* > > In AbstractUserStoreManager [1] modify addInitialAdminData() operation to > apply SCIM user_id claim when adding a new admin user. For the default LDAP > admin we can check the already existing claims for the user_id claim and > generate a random id if it doesn't exist. For tenant admins this can be > done via the above mentioned listener. In this approach we expose SCIM on > all the other products which do not support SCIM since we implement this at > kernel level. > > In my opinion, option 1 would be more suitable since in this approach we > do not need to additionally provide this feature on products that do not > support SCIM. > > Highly appreciate your suggestions on this. > > [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org. > wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/ > core/common/AbstractUserStoreManager.java#L3835 > [2] https://github.com/wso2/carbon-multitenancy/blob/master/ > components/tenant-mgt/org.wso2.carbon.tenant.mgt/src/ > main/java/org/wso2/carbon/tenant/mgt/services/TenantMgtAdmin > Service.java#L57 > > > Thanks, > Sathya > -- > Sathya Bandara > Software Engineer > WSO2 Inc. http://wso2.com > Mobile: (+94) 715 360 421 <+94%2071%20411%205032> > > <+94%2071%20411%205032> > -- *Isura Dilhara Karunaratne* Senior Software Engineer | WSO2 Email: [email protected] Mob : +94 772 254 810 Blog : http://isurad.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
