Hi Sathya, On Thu, Jul 20, 2017 at 2:34 PM, Sathya Bandara <[email protected]> wrote:
> Hi all, > > With the current user core implementation we do not include a SCIM user_id > for admin users (Since SCIM is not used in all products) which prevents > SCIM based CRUD operations on admin users. In order to implement this we > have identified the following two approaches. > > *#option 1* > > Generate admin users' SCIM userId in SCIM component activator at server > start up (for admin users in super tenant domain). For tenant admins we can > configure a listener on tenant admin creation in TenantMgtService[2] to > generate user_id if SCIM is enabled. > The super tenant case is fine, but when you use a listener for tenants, if someone enable SCIM later, existing tenant admins will not be SCIM compatible. To avoid that, can't we skip the "if SCIM is enabled" part of your suggestion? Will that be a problem? Another option is to use the same approach as super tenant. Get all active tenants at component activation and set them SCIM ids. But I don't think that's a good idea as it can slow down the server startup (unless you do that in a seperate thread). Thanks, Bhathiya > > *#option 2* > > In AbstractUserStoreManager [1] modify addInitialAdminData() operation to > apply SCIM user_id claim when adding a new admin user. For the default LDAP > admin we can check the already existing claims for the user_id claim and > generate a random id if it doesn't exist. For tenant admins this can be > done via the above mentioned listener. In this approach we expose SCIM on > all the other products which do not support SCIM since we implement this at > kernel level. > > In my opinion, option 1 would be more suitable since in this approach we > do not need to additionally provide this feature on products that do not > support SCIM. > > Highly appreciate your suggestions on this. > > [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org. > wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/ > core/common/AbstractUserStoreManager.java#L3835 > [2] https://github.com/wso2/carbon-multitenancy/blob/master/ > components/tenant-mgt/org.wso2.carbon.tenant.mgt/src/ > main/java/org/wso2/carbon/tenant/mgt/services/TenantMgtAdmin > Service.java#L57 > > > Thanks, > Sathya > -- > Sathya Bandara > Software Engineer > WSO2 Inc. http://wso2.com > Mobile: (+94) 715 360 421 <+94%2071%20411%205032> > > <+94%2071%20411%205032> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Bhathiya Jayasekara* *Associate Technical Lead,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
