Like most digital identity platforms, Gluu persists user data. How can you manage this data?
SCIM, or the System for Cross-domain Identity Management specification, is an open standard API which defines RESTful endpoints, a schema and a protocol to manage user identity information. For example, you can POST to the SCIM /Users endpoint to add a user, or perform a GET to that endpoint to search users. The SCIM component of Gluu is a server implementation of SCIM. By calling this API, you can add, delete and edit user information in the Gluu platform. For example, if you are implementing a registration website, you would call the SCIM endpoint to add the user to your Gluu Server.
This document provides definitions and an overview of the System for
Cross-domain Identity Management (SCIM). It lays out the system’s
concepts, models, and flows, and it includes user scenarios, use
cases, and requirements.
The System for Cross-domain Identity Management (SCIM) specifications
are designed to make identity management in cloud-based applications
and services easier. The specification suite builds upon experience
with existing schemas and deployments, placing specific emphasis on
simplicity of development and integration, while applying existing
authentication, authorization, and privacy models. Its intent is to
reduce the cost and complexity of user management operations by
providing a common user schema and extension model as well as binding
documents to provide patterns for exchanging this schema using HTTP.
This document provides a platform-neutral schema and extension model
for representing users and groups and other resource types in JSON
format. This schema is intended for exchange and use with cloud
service providers.
The System for Cross-domain Identity Management (SCIM) specification
is an HTTP-based protocol that makes managing identities in multi-
domain scenarios easier to support via a standardized service.
Examples include, but are not limited to, enterprise-to-cloud service
providers and inter-cloud scenarios. The specification suite seeks
to build upon experience with existing schemas and deployments,
placing specific emphasis on simplicity of development and
integration, while applying existing authentication, authorization,
and privacy models. SCIM’s intent is to reduce the cost and
complexity of user management operations by providing a common user
schema, an extension model, and a service protocol defined by this
document.
The SCIM API should never be accessed anonymously. However, the standard itself doesn’t define a mechanism to prevent unauthorized requests to endpoints. There are just a few guidelines for authentication and authorization in section 2 of RFC 7644.
In the Gluu Server, the default protection mechanism for SCIM APIs is UMA, a profile of OAuth 2.0. This means you’re software will need to obtain an UMA access token before you call the SCIM API. Gluu also provides a “Test Mode” static token, which like its name suggests, can be used for testing (but don’t use static tokens for production!)
API for user, group and FIDO device management
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
The heart of the Janssen Project, this is the server that provides the OpenID Connect and OAuth endpoints.
The configuration API is required to configure Jans Auth Server
Self-service web portal for end-users to manage devices and other multi-factor authentication.
Interface to simplify the management and configuration of Jans Auth Server
The Command Line Interface provides an interactive menu-driven mode for admins who don’t want to struggle with lengthy curl commands.
API for user, group and FIDO device management
Open Provider / OAuth Authorization Server
oxTrust is a single-point of administration for all components of Gluu 4.x servers.
Another core component, this server provides the enrollment and authentication endpoints which enable people to use USB, bluetooth or platform FIDO credentials.
Enables social login.
SAML IDP
Self-service web portal for end-users to manage devices and other multi-factor authentication.
OAuth / OpenID client middleware service