From 64c51a8668887037d9b2390f86838fc1245c1c80 Mon Sep 17 00:00:00 2001 From: UdeshAthukorala Date: Thu, 16 May 2024 21:39:08 +0530 Subject: [PATCH 1/2] Provide recommendation to use Custom User Schema to add custom attributes --- .../provisioning/extend-scim2-user-schemas.md | 17 ++++++++++++++++- .../provisioning/extend-scim2-user-schemas.md | 17 ++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md b/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md index 2494f339cc..ca55224183 100644 --- a/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md +++ b/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md @@ -11,7 +11,22 @@ The System for Cross-domain Identity Management (SCIM) is a specification that i The SCIM 2.0 (System for Cross-Domain Identity Management) specification defines a [fixed set of default attributes](https://tools.ietf.org/html/rfc7643#section-8.2){:target="_blank"} for the user object. This set is defined to ensure the interoperability and it can cater to most of the industry's identity management requirements. However, in reality, organizations have their own attributes defined for their users which have already been used in their LDAP schemas. Therefore, SCIM is extensible enough to cope with custom attributes and uses the [Enterprise User Extension](https://tools.ietf.org/html/rfc7643#section-8.3){:target="_blank"} to support extra attributes for the SCIM user object. -WSO2 Identity Server allows users to define their own user schema in addition to the core user schema. These configured schema are then used while creating or validating user objects. This means that custom user attributes can be passed using SCIM for identity management requirements. Follow the steps given below to add a custom attribute.  +WSO2 Identity Server allows users to define their own user schema in addition to the core user schema. These configured schema are then used while creating or validating user objects. This means that custom user attributes can be passed using SCIM for identity management requirements. + +!!! Note + From 6.0.0 onwards, we can use the [SCIM2 Custom User Schema]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings) to add custom attributes of the user. + + Reasons why we introduced custom schema to add custom attributes: + 1. According to the current model, Enterprise User Extension attributes are in a file, and those configurations are applicable at the server level. + 2. Enterprise User Extension is a defined schema, and it should not be allowed to be modified. + + So it is recommended to use the SCIM2 Custom User Schema to add custom attributes of the user instead of Enterprise User Schema. + +--- + +## Extend the SCIM 2.0 API using the Enterprise User Extension + +Follow the steps given below to add a custom attribute using the Enterprise User Extension.  1. Open the `scim2-schema-extension.config` file located in the `/repository/conf/` folder. diff --git a/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md b/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md index 2494f339cc..25a05e5047 100644 --- a/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md +++ b/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md @@ -11,7 +11,22 @@ The System for Cross-domain Identity Management (SCIM) is a specification that i The SCIM 2.0 (System for Cross-Domain Identity Management) specification defines a [fixed set of default attributes](https://tools.ietf.org/html/rfc7643#section-8.2){:target="_blank"} for the user object. This set is defined to ensure the interoperability and it can cater to most of the industry's identity management requirements. However, in reality, organizations have their own attributes defined for their users which have already been used in their LDAP schemas. Therefore, SCIM is extensible enough to cope with custom attributes and uses the [Enterprise User Extension](https://tools.ietf.org/html/rfc7643#section-8.3){:target="_blank"} to support extra attributes for the SCIM user object. -WSO2 Identity Server allows users to define their own user schema in addition to the core user schema. These configured schema are then used while creating or validating user objects. This means that custom user attributes can be passed using SCIM for identity management requirements. Follow the steps given below to add a custom attribute.  +WSO2 Identity Server allows users to define their own user schema in addition to the core user schema. These configured schema are then used while creating or validating user objects. This means that custom user attributes can be passed using SCIM for identity management requirements. + +!!! Note + From 6.0.0 onwards, we can use the [SCIM2 Custom User Schema]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings) to add custom attributes of the user. + + Reasons why we introduced custom schema to add custom attributes: + 1. According to the current model, Enterprise User Extension attributes are in a file, and those configurations are applicable at the server level. + 2. Enterprise User Extension is a defined schema, and it should not be allowed to be modified. + + So it is recommended to use the SCIM2 Custom User Schema to add custom attributes of the user instead of Enterprise User Schema. + +--- + +## Extend the SCIM 2.0 API using the Enterprise User Extension + +Follow the steps given below to add a custom attribute using the Enterprise User Extension.  1. Open the `scim2-schema-extension.config` file located in the `/repository/conf/` folder. From 1eeb79cb3618689ba3216361d1cd3caddd7b30de Mon Sep 17 00:00:00 2001 From: UdeshAthukorala Date: Mon, 20 May 2024 09:20:33 +0530 Subject: [PATCH 2/2] Addressing comments --- .../provisioning/extend-scim2-user-schemas.md | 12 +++++------- .../provisioning/extend-scim2-user-schemas.md | 12 +++++------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md b/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md index ca55224183..3e6c78f181 100644 --- a/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md +++ b/en/identity-server/7.0.0/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md @@ -13,14 +13,12 @@ The SCIM 2.0 (System for Cross-Domain Identity Management) specification defines WSO2 Identity Server allows users to define their own user schema in addition to the core user schema. These configured schema are then used while creating or validating user objects. This means that custom user attributes can be passed using SCIM for identity management requirements. -!!! Note - From 6.0.0 onwards, we can use the [SCIM2 Custom User Schema]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings) to add custom attributes of the user. +!!! warning "Not recommended" + From {{product_name}} 6.0.0 onwards, it is recommended to use [SCIM2 Custom User Schema]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings) to add custom attributes for users. - Reasons why we introduced custom schema to add custom attributes: - 1. According to the current model, Enterprise User Extension attributes are in a file, and those configurations are applicable at the server level. - 2. Enterprise User Extension is a defined schema, and it should not be allowed to be modified. - - So it is recommended to use the SCIM2 Custom User Schema to add custom attributes of the user instead of Enterprise User Schema. + Using enterprise user extension for custom user attributes is not recommended for the following reasons: + 1. According to the current model, Enterprise User Extension attributes are contained in a file. Hence, any modifications to this file will be applied at the server level. + 2. As Enterprise User Extension is a defined schema, it must remain unchanged. --- diff --git a/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md b/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md index 25a05e5047..b991ca7dda 100644 --- a/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md +++ b/en/identity-server/next/docs/references/extend/user-mgt/provisioning/extend-scim2-user-schemas.md @@ -13,14 +13,12 @@ The SCIM 2.0 (System for Cross-Domain Identity Management) specification defines WSO2 Identity Server allows users to define their own user schema in addition to the core user schema. These configured schema are then used while creating or validating user objects. This means that custom user attributes can be passed using SCIM for identity management requirements. -!!! Note - From 6.0.0 onwards, we can use the [SCIM2 Custom User Schema]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings) to add custom attributes of the user. +!!! warning "Not recommended" + From {{product_name}} 6.0.0 onwards, it is recommended to use [SCIM2 Custom User Schema]({{base_path}}/guides/users/attributes/manage-scim2-attribute-mappings) to add custom attributes for users. - Reasons why we introduced custom schema to add custom attributes: - 1. According to the current model, Enterprise User Extension attributes are in a file, and those configurations are applicable at the server level. - 2. Enterprise User Extension is a defined schema, and it should not be allowed to be modified. - - So it is recommended to use the SCIM2 Custom User Schema to add custom attributes of the user instead of Enterprise User Schema. + Using enterprise user extension for custom user attributes is not recommended for the following reasons: + 1. According to the current model, Enterprise User Extension attributes are contained in a file. Hence, any modifications to this file will be applied at the server level. + 2. As Enterprise User Extension is a defined schema, it must remain unchanged. ---