wso2 charon
DESCRIPTION
WSO2 Charon is an open source implementation of System for Cross-Domain Identity Management specification.TRANSCRIPT
![Page 1: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/1.jpg)
WSO2 Charon
Open Source SCIM Implementation offered under Apache 2.0 license.
![Page 2: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/2.jpg)
Overview
![Page 3: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/3.jpg)
Charon-Core
This is the library that implements the SCIM specification and provides user-friendly APIs for implementing SCIM Consumers and Service Providers.
i). SCIM Consumer
API – SCIMClient
API used to:→ Create, Encode SCIM objects→ Set attributes→ Decode responses (resources, exceptions)
![Page 4: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/4.jpg)
Charon-Core
ii). SCIM Service Provider
API – ResourceEndpoints
API provides:→ Endpoints that performs CRUD operations on resources→ Self contained SCIM responses→ Easy to handle i/p and o/p by any REST implementation.→ Extension points→ JSON encoding/decoding
![Page 5: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/5.jpg)
Charon-Core
Design of Core
→ Creation of SCIM Objects & Attributes in a generic way s.t :
→ Can be encoded/decoded in a generic way→ Adhering to schema.
![Page 6: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/6.jpg)
Charon-Core
Design of Core (Cont ..)
![Page 7: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/7.jpg)
Charon-Core
Extension Points (You can plugin your own implementations for the following extension points to be used with charon-core)
→ CharonManager
→ AuthenticationHandler
→ UserManager
→ AbstractSCIMObject
→ AbstractAttribute
→ Encoder/Decoder
![Page 8: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/8.jpg)
Charon-Utils
This module provides default implementations for the extension points and some utils for reference implementation of WSO2 Charon project- which is charon-impl.
→ JAXRS ResponseBuilder
→ DefaultCharonManager
→ BasicAuthHandler
→ InMemoryUserManager
→ CharonConfig
![Page 9: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/9.jpg)
Charon-Impl
→ JAXRS based Resources.→ UserResource→ GroupResource
→ DefaultCharonManager for initializing extension points through configuration.
![Page 10: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/10.jpg)
SCIM Endpoints
SCIM endpoints based on Charon-Impl:
(When Charon-Impl is hosted in a servlet container like Apache Tomcat)
http://localhost:8080/charonDemoApp/scim/Usershttp://localhost:8080/charonDemoApp/scim/Groups
SCIM endpoints based on WSO2 Identity Server 4.0.0:
http://localhost:9443/wso2/scim/Usershttp://localhost:9443/wso2/scim/Groups
![Page 11: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/11.jpg)
Charon-Samples
→ Apache Wink based client which uses SCIMClient API of Charon-Core.
→ CharonResponseHandler – implementing wink ClientHandler to intercept responses and decode exceptions.
→ Separate sample clients for all most all the operations supported by Charon-Core
![Page 12: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/12.jpg)
Features of Milestone 1 of 1.0 Release:
• Client: Y• Server: Y• Supported version: 1.0• Represenation: JSON• Authentication: HTTP Basic Authentication• Supported User Operations
Create (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)
• Supported Group OperationsCreate (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)
•Other considerations:User Name is required when creating a user.At least one existing member id should be provided when creating a group.
![Page 13: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/13.jpg)
Features of 1.0.0 Release:
• Client: Y, Server: Y• Represenation: JSON• Supported version: 1.1• Authentication: HTTP Basic Authentication • Supported User Operations
Create (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)Filter based on user name
• Supported Group OperationsCreate (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)Filter based on group name
• Other features/improvements:Configuration file for registering SCIM Providers/ConsumersAttribute URI supportImproved Unit tests
![Page 14: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/14.jpg)
WSO2 Charon – Success Story
→ Participated in two interoperability events: - at IETF - 83rd meeting - at IIW 14and successfully inter-operated with other SCIM implementations.
→ Integrated with WSO2 Identity Server 4.0.0 in its identity provisioning feature, with multi-tenancy support as well for cloud deployments.
![Page 15: WSO2 Charon](https://reader031.vdocuments.us/reader031/viewer/2022020116/556c0b1bd8b42a852a8b4795/html5/thumbnails/15.jpg)
Internal apps
Provisioning system
Other cloud apps/services
LDAP
Integration with WSO2 Identity Server and Stratos – Identity Service in Cloud