Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keep Identities in Sync the SCIMple Way - ApacheCon NA 2022

Matt Raible
PRO
October 03, 2022
Programming
0
240

Keep Identities in Sync the SCIMple Way - ApacheCon NA 2022

What if keeping your user stores in sync across domains was as simple as running "java -jar"? With Apache SCIMPle, it is!

Apache SCIMple is a SCIM 2.0-compliant server powered by Spring Boot 3. You can run it standalone or embedded in your existing app. It exposes user management REST endpoints and handles the hassle of user synchronization for you. If your identity provider supports SCIM, use the simple way!

GitHub example: https://github.com/mraible/okta-scim-spring-boot-example
Demo script: https://github.com/mraible/okta-scim-spring-boot-example/blob/main/demo.adoc

Matt Raible
PRO

October 03, 2022
Tweet

More Decks by Matt Raible

See All by Matt Raible
Comparing Native Java REST API Frameworks - Chicago JUG 2023
mraible
PRO
3
1k
Micro Frontends for Java Microservices - Denver Microservices 2023
mraible
PRO
2
220
OAuth for Java Developers - JCON 2023
mraible
PRO
1
250
Comparing Native Java REST API Frameworks - JCON 2023
mraible
PRO
0
690
Reactive Java Microservices with Spring Boot and JHipster - Kansas City JUG 2023
mraible
PRO
1
100
Reactive Microservices with Spring Boot and JHipster - Omaha JUG 2023
mraible
PRO
0
360
Micro Frontends for Java Developers - Devoxx UK 2023
mraible
PRO
1
270
OAuth for Java Developers - Codemotion Madrid 2023
mraible
PRO
0
360
OAuth for Java Developers - IntelliJ IDEA Live Stream 2023
mraible
PRO
0
480

Other Decks in Programming

See All in Programming
なぜ自社ではスクラムがうまくいかないのか アジャイルコーチと考える、スクラムのアンチパターン / Why Scrum doesn't work in my company?
daipresents
1
340
Next.js × AWS App Runner × AWS AppSyncで進めるクライアントファーストのWEB開発
okaharuna
6
2.8k
Domain-Driven Design (Tutorial)
hschwentner
13
18k
Unit of Workパターンで永続化とトランザクションを制御する
shimabox
7
1.5k
The PHP Revolution Is Underway: FrankenPHP 1.0 Beta
dunglas
1
8.9k
Compose で Android/iOS アプリを作る
m_coder
0
2k
Gradle Convention Plugins
jmatsu
1
530
OpenTelemetryのバックエンドを作ってparquetと戯れている話
mrasu
0
100
第1回 AWSとGitHub勉強会 - キックオフ -
ogiwarat
0
150
Twillio SDKをFlutterアプリに統合した話/twilio-in-flutter
minma_curama
0
120
Google Apps Scriptを使いこなさない方法
efbmzwyk999
0
120
Chatwork プロダクト本部 紹介資料(エンジニア向け)
chatwork_hr
1
3k

Featured

See All Featured
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
36
22k
Fashionably flexible responsive web design (full day workshop)
malarkey
395
64k
RailsConf 2023
tenderlove
0
240
Raft: Consensus for Rubyists
vanstee
130
5.9k
Docker and Python
trallard
31
2.3k
Faster Mobile Websites
deanohume
296
29k
The Mythical Team-Month
searls
212
41k
Fireside Chat
paigeccino
18
2.2k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Building Adaptive Systems
keathley
29
1.6k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.6k
The Pragmatic Product Professional
lauravandoore
23
4k

Transcript

  1. Keep Identities in Sync
    The SCIMple Way
    Brian Demers and Matt Raible
    @briandemers / @mraible
    October 3, 2022

    View Slide

  2. @briandemers / @mraible
    Who are we?
    Brian Demers
    Open Source Developer and Java
    Champion
    Fun facts: likes to snowboard; into 🐝
    @bdemers
    Matt Raible
    Open Source Developer and Java
    Champion
    Fun facts: likes to ski; into classic VWs ✌
    @mraible

    View Slide

  3. @briandemers / @mraible
    Today's Agenda
    What is SCIM?
    01
    Best Practices
    02
    Apache SCIMple
    03
    Demo
    Apache SCIMple + Spring Boot
    04
    Action!
    How to get involved!
    05
    @briandemers / @mraible

    View Slide

  4. @briandemers / @mraible
    01
    What is SCIM?
    @briandemers / @mraible

    View Slide

  5. @briandemers / @mraible
    System for Cross-domain
    Identity Management

    View Slide

  6. @briandemers / @mraible
    TL;DR
    Standardized User &
    Groups REST API

    View Slide

  7. @briandemers / @mraible
    REST Endpoints
    https://example.com/api/v1/Parts
    https://example.com/api/v1/Orders
    https://example.com/api/v1/Users
    https://example.com/api/v1/Groups
    https://example.com/api/v1/Users
    https://example.com/api/v1/Groups
    Imagine you are building an API for an auto parts store:

    View Slide

  8. @briandemers / @mraible
    User Object
    { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "id":"2819c223-7f76-453a-919d-413861904646",
    "externalId":"dschrute",
    "userName":"dschrute",
    "name":{
    "formatted": "Mr. Dwight K Schrute, III",
    "familyName": "Schrute",
    "givenName": "Dwight",
    "middleName": "Kurt",
    "honorificPrefix": "Mr.",
    "honorificSuffix": "III"
    },
    "phoneNumbers":[{
    "value":"555-555-8377", "type": "work"}],
    "emails":[{
    "value":"[email protected]", "type":"work", "primary": true}],
    "meta":{
    "resourceType": "User",
    "created":"2011-08-01T18:29:49.793Z",
    "lastModified":"2011-08-01T18:29:49.793Z",
    "location":"https:./example.com/v2/Users/2819c223..."}}
    application/scim+json

    View Slide

  9. @briandemers / @mraible
    What about other
    attributes?

    View Slide

  10. @briandemers / @mraible
    SCIM Extensions
    "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:scim:schemas:extension:srd:1.0:ability"],
    "urn:scim:schemas:extension:srd:1.0:ability": {
    "charisma": 14,
    "constitution": 12,
    "dexterity": 15,
    "intelligence": 8,
    "strength": 10,
    "wisdom": 13}

    View Slide

  11. @briandemers / @mraible
    SCIM Schemas Endpoint - /Schemas
    {
    "id": "urn:scim:schemas:extension:srd:1.0:ability",
    "name": "SDR-OGL",
    "description": "Systems Reference Document - Ability Scores",
    "attributes": [{
    "name": "charisma",
    "description": "Charisma, measuring force of personality",
    "required": true,
    "type": "integer",
    "uniqueness": "none",
    "caseExact": false,
    "multiValued": false,
    "mutability": "readWrite",
    "returned": "default"}
    ...

    View Slide

  12. @briandemers / @mraible
    SCIM Endpoints
    /Users[/{id}]
    /Groups[/{id}]
    /Schemas[/{id}]
    /ResourceTypes[/{id}]
    /Bulk
    /ServiceProviderConfig

    View Slide

  13. @briandemers / @mraible
    Why use SCIM?

    View Slide

  14. @briandemers / @mraible
    Why should you use SCIM?
    ● Standardized RESTful API
    ● Covers >90% of use cases
    ● Integrate with other services

    View Slide

  15. @briandemers / @mraible
    When to avoid SCIM?

    View Slide

  16. @briandemers / @mraible
    02
    Best Practices

    View Slide

  17. @briandemers / @mraible
    ● Store the "source" of the user
    ● Store the "ID" of the user's source
    ● Emails are not good IDs
    ● The status of a user is a boolean.
    ● SCIM supports a SQL like expression language
    User Model Best Practices
    /Users?filter=emails.value EQ "[email protected]"
    /Users?filter=userName EQ "bob"

    View Slide

  18. @briandemers / @mraible
    User data is sensitive!
    I Am Not A Lawyer!

    View Slide

  19. @briandemers / @mraible
    03
    Apache
    SCIMple
    @briandemers / @mraible

    View Slide

  20. @briandemers / @mraible
    ApacheDS
    Apache Directory Studio
    Apache LDAP API
    Apache Fortress
    Apache Kerby
    Apache SCIMple

    View Slide

  21. Apache SCIMple History
    @briandemers / @mraible
    2013: Started at
    PennState
    2018: Moved to
    Apache Directory
    2015: SCIM RFCs
    2020:
    Something
    happened
    2022:
    Jakarta APIs

    View Slide

  22. @briandemers / @mraible
    04
    Demo
    @briandemers / @mraible
    github.com/mraible/okta-scim-spring-boot-example

    View Slide

  23. @briandemers / @mraible
    05
    Action!
    @briandemers / @mraible

    View Slide

  24. @briandemers / @mraible
    Action
    Get Involved with
    Apache SCIMple
    @briandemers / @mraible
    { }
    YOUR
    LOGO
    HERE

    View Slide

  25. @briandemers / @mraible
    Action
    Get Involved with
    SCIMple
    @briandemers / @mraible
    directory.apache.org/scimple
    apache/directory-scimple
    [email protected]

    View Slide

  26. @briandemers / @mraible
    Thanks!
    Brian Demers
    @briandemers @bdemers
    @bdemers
    [email protected]
    Matt Raible
    @mraible @mraible
    @mraible
    [email protected]
    https://speakerdeck.com/mraible

    View Slide

  27. developer.okta.com

    View Slide