WSO2 Charon

Open Source SCIM Implementation offered under Apache 2.0 license.

Overview

Charon-Core

This is the library that implements the SCIM specification and provides user-friendly APIs for implementing SCIM Consumers and Service Providers.

i). SCIM Consumer

API – SCIMClient

API used to:→ Create, Encode SCIM objects→ Set attributes→ Decode responses (resources, exceptions)

Charon-Core

ii). SCIM Service Provider

API – ResourceEndpoints

API provides:→ Endpoints that performs CRUD operations on resources→ Self contained SCIM responses→ Easy to handle i/p and o/p by any REST implementation.→ Extension points→ JSON encoding/decoding

Charon-Core

Design of Core

→ Creation of SCIM Objects & Attributes in a generic way s.t :

→ Can be encoded/decoded in a generic way→ Adhering to schema.

Charon-Core

Design of Core (Cont ..)

Charon-Core

Extension Points (You can plugin your own implementations for the following extension points to be used with charon-core)

→ CharonManager

→ AuthenticationHandler

→ UserManager

→ AbstractSCIMObject

→ AbstractAttribute

→ Encoder/Decoder

Charon-Utils

This module provides default implementations for the extension points and some utils for reference implementation of WSO2 Charon project- which is charon-impl.

→ JAXRS ResponseBuilder

→ DefaultCharonManager

→ BasicAuthHandler

→ InMemoryUserManager

→ CharonConfig

Charon-Impl

→ JAXRS based Resources.→ UserResource→ GroupResource

→ DefaultCharonManager for initializing extension points through configuration.

SCIM Endpoints

SCIM endpoints based on Charon-Impl:

(When Charon-Impl is hosted in a servlet container like Apache Tomcat)

http://localhost:8080/charonDemoApp/scim/Usershttp://localhost:8080/charonDemoApp/scim/Groups

SCIM endpoints based on WSO2 Identity Server 4.0.0:

http://localhost:9443/wso2/scim/Usershttp://localhost:9443/wso2/scim/Groups

Charon-Samples

→ Apache Wink based client which uses SCIMClient API of Charon-Core.

→ CharonResponseHandler – implementing wink ClientHandler to intercept responses and decode exceptions.

→ Separate sample clients for all most all the operations supported by Charon-Core

Features of Milestone 1 of 1.0 Release:

• Client: Y• Server: Y• Supported version: 1.0• Represenation: JSON• Authentication: HTTP Basic Authentication• Supported User Operations

Create (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)

• Supported Group OperationsCreate (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)

•Other considerations:User Name is required when creating a user.At least one existing member id should be provided when creating a group.

Features of 1.0.0 Release:

• Client: Y, Server: Y• Represenation: JSON• Supported version: 1.1• Authentication: HTTP Basic Authentication • Supported User Operations

Create (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)Filter based on user name

• Supported Group OperationsCreate (POST)Update (PUT)Retrieve (GET)List (GET)Delete (DELETE)Filter based on group name

• Other features/improvements:Configuration file for registering SCIM Providers/ConsumersAttribute URI supportImproved Unit tests

WSO2 Charon – Success Story

→ Participated in two interoperability events: - at IETF - 83rd meeting - at IIW 14and successfully inter-operated with other SCIM implementations.

→ Integrated with WSO2 Identity Server 4.0.0 in its identity provisioning feature, with multi-tenancy support as well for cloud deployments.

Internal apps

Provisioning system

Other cloud apps/services

LDAP

Integration with WSO2 Identity Server and Stratos – Identity Service in Cloud