Skip to main content

A partial implementation of the SCIM 2.0 provider specification for use with Django.

Project description

This is a partial provider-side implementation of the SCIM 2.0 [1] specification for use in Django. It covers:

  • Serialization of Django User objects to SCIM documents

  • REST view for <prefix>/Users/uid

  • REST view for <prefix>/Users/.search

  • SCIM filter query parser covering all operators and most fields

  • Limited pluggability support

Note that currently the only supported database is Postgres.

Installation

$ pip install django_scim

Then add the django_scim app to INSTALLED_APPS in Django’s settings file and the necessary url mappings:

urlpatterns = patterns('',
    url(r'^/scim/v2/Users/.search/?$',
        SearchView.as_view(), name='scim-search'),
    url(r'^/scim/v2/Users/([^/]+)$', UserView.as_view(), name='scim-user'),
)

Extensibility

By default, django_scim uses the email field on the User class. However, if your application maintains multiple identities using custom separate database tables, you can override django_scim.models.SCIMUser and pull that in:

from django_scim.models import SCIMUser as _SCIMUser

from acme.apps.bb.models import Identity


class SCIMUser(_SCIMUser):
    def __init__(self, user):
        super(SCIMUser, self).__init__(user)
        self.identities = (Identity.objects
                                   .filter(profile__user_id=self.user.id))

    @property
    def emails(self):
        return {i.email: i.primary for i in self.identities}

Here we keep multiple email addresses in a table that is linked to UserProfile. Next, tell the views to use this class instead of the default:

url(r'^/scim/v2/Users/([^/]+)$', UserView.as_view(usercls=SCIMUser),
    name='scim-user'),

When your email address live in different tables, you’ll also need to extend the filter query parser to make sure they can be queried on:

from django_scim.filter import SCIMFilterTransformer


class AcmeSCIMTransformer(SCIMFilterTransformer):
    email = lambda *args: 'i.email'

    def join(self):
        return """
            JOIN bb_userprofile p ON p.user_id = u.id
            LEFT OUTER JOIN bb_identity i ON i.profile_id = p.id
            """

And pass it on to the view:

url(r'^/scim/v2/Users/([^/]+)$',
    UserView.as_view(usercls=SCIMUser, parser=AcmeSCIMTransformer),
    name='scim-user'),

Project details


Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page