Lightweight SCIM2 server prototype
Project description
scim2-server
This is an example WSGI-SCIM server using scim2-models. It utilizes werkzeug and scim2-filter-parser and keeps all resources in-memory, they are lost once the process exits.
Features
- Discovery endpoints (
/v2/ServiceProviderConfig
,/v2/ResourceTypes
,/v2/Schemas
) - Create/Read/Update/Delete resources (
POST
,GET
,PUT
,DELETE
) - Searching & Filtering
- Support for ETags
- Unique Constraints
- HTTP PATCH (Add/Remove/Replace)
- Sorting
The only optional feature currently missing is support for Bulk operations (RFC 7644, Section 3.7).
Usage
$ scim2-server [-h] [--schema SCHEMA] [--resource-type RESOURCE_TYPE] [--bearer-token BEARER_TOKEN] [--hostname HOSTNAME] [--port PORT] [--reverse-proxy] [--dump-resources DUMP_RESOURCES]
-h
/--help
: Show help message--reverse-proxy
: Allow using the provider behind a Reverse Proxy (required for URL rewriting).--schema
: Register schemas from specified JSON file. If not provided, loads the default schemas from RFC 7643.--resource-type
: Register resource types from specified JSON file. If not provided, loads the default resource types from RFC 7643.--bearer-token
: Registers a bearer token that can be used for accessing the service. If no tokens are provided, anonymous access without authentication is allowed.--hostname
: The hostname to listen on. Defaults to127.0.0.1
.--port
: The port to listen on. Defaults to8080
.--dump-resources
: Dump a JSON document containing all resources when the provider exits normally.
Notes
This provider can be used as a starting point if you want to implement a SCIM provider. You should probably change the following things, if you want to use it in production:
- Use a proper production WSGI server instead of the one provided by Werkzeug
- Implement your own Backend as a subclass of
scim2_server.backend.Backend
- Implement proper authorization with OAuth instead of public access or static bearer tokens
- Support the
/Me
endpoint, if it applies in your use case - Add support for using either a static URL prefix or improve the support for usage behind a reverse proxy
The provider in its current state has been tested successfully against a live Microsoft Entra system as well as a live Okta system.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
scim2_server-0.1.0.tar.gz
(27.3 kB
view hashes)
Built Distribution
Close
Hashes for scim2_server-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e256b584773a0bb0f29b9dd5224bedbd680e4fd9e11349f7225c3bcc938a78a1 |
|
MD5 | facf900267bb6a6daa2dee80596a5d58 |
|
BLAKE2b-256 | ff5c8d32704b62bdff47700f4b02a511a42b08be641fe4e60bf60bdc28adb9dd |