search

OpenLiberty / open-liberty

Open Liberty is a highly composable, fast to start, dynamic application server runtime environment
https://openliberty.io
Eclipse Public License 2.0
1.13k stars 578 forks source link

SEC 34 - Support for SCIM V2.0 #9041

Open jvanhill opened 4 years ago

jvanhill commented 4 years ago

SCIM Version 1.0, available in WebSphere Liberty, is now deprecated. We also have a number of issues with our current support not being spec compliant. We need to move our SCIM code base to Version 2 and make sure it is properly spec compliant.

Aha! Link: https://bigblue.aha.io/ideas/ideas/LIBERTY-I-59

RFEs: Finer grained authorization for SCIM REST API https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=116979 Allow mapping SCIM to PersonAccount properties https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=116983 OpenAPI/Swagger Definition for SCIM REST API https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=115776 WebSphere Liberty should support bulk mode for SCIM calls https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=126069 Finer-grained Control over SCIM REST API Response Objects https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=119725 Custom Context Roots for SCIM REST API https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=119724 Allows searches for principalName and other attributes in SCIM REST API https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=116980 OIDC Feature (SCIM): Make federated MAXSearchResults dynamic https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=108012 Enable use of SCIM without SSL https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=100498 Provide partial access to SCIM resources to non administrative users https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=100494 Programmatically acces SCIM API instead of remoting in https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=92704 Need SCIM support for SAML and OIDC in Liberty https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=79215

irobins commented 1 year ago

Just got asked about this by a Liberty-embedder - any outlook?

maulik-modi22 commented 1 year ago

As entire world is moving towards more sustainable future and have sustainability goals, EDA(Event driven architecture) is one facet to focus in the world of software architecture.

In the absence of SCIM 2.0 support in Liberty, Liberty-embedder are forced to reinvent-the-wheel by rolling out custom implementation or resort to k8 cronjob....

Gartner magic quadrant for access management: gartner Source: https://www.okta.com/resources/gartner-magic-quadrant-access-management/

I can see the top Identity Providers have already implemented SCIM 2.0 and expecting Liberty compliant applications to be SCIM 2.0 compliant to have near-realtime synchronisation of user and group.

Identity Providers supporting SCIM 2.0:

Hope to see things moving in 2023....

ThomasHurek commented 4 months ago

Is there an update on this in 2024?