Expose attributes via the SCIM endpoint

[chaen]

Could the attributes (like nickname) be exposed via the SCIM interface please ? Thanks !

[federicaagostini]

Hi, by attributes you mean the ones listed on the bottom-right part of the IAM homepage (also visible at /iam/account/<uuid>/attributes)? If yes, you can query that endpoint to get your attributes either fom web interface (indicating your uuid) or with a token where the sub claim is your uuid.

[chaen]

Hi, thanks for your answer ! The /iam/account/<uuid>/attributes requires the admin.read scope, and I'd prefer to stick to the scim:read. Moreover, the scim api allows for a bulk query, while otherwise I'd need to query each user individually

[chaen]

Can I bump this issue please. This would be really important for LHCb migration

[enricovianello]

Hi @chaen , I'm including this feature request into another PR which will be included in next IAM release. #764 The logic will be the same of SCIM labels inclusions into SCIM User object:

scim:
  include_attributes:
  - name: Affiliation

If this configuration parameter is not present, no attributes will be added to the user. Example of output:

"urn:indigo-dc:scim:schemas:IndigoUser": {
    attributes: [
      {
        "name": "Affiliation",
        "value": "INFN-CNAF"
      }
    ],
  ...
}

Can this fix be enough?

[chaen]

Ciao @enricovianello, Thanks for the follow up ! Do I understand correctly that a configuration change of the IAM instance will be enough to expose the nickname when listing the users ? If so, yes, that should be enough thanks !

[enricovianello]

Exactly. Perfect! The idea is to allow administrators to select which attributes are exposed through SCIM endpoint.