The purpose of this chapter is to clarify the OneWelcome Tulip implementation of the SCIM schema.
OneWelcome’s SCIM interface supports the functional behavior as described here. Sensible queries can be used to incidentally search for users. Structural usage of SCIM-filtering as a part of a regular flow in client applications may however have a performance penalty. Structural usage of SCIM filtering therefore need to be discussed with OneWelcome to ensure the default indexes allow for sufficient performance and possibly to have OneWelcome create additional indexes.
Caption:
- compliance is indicated
- ✅ indicates compliance
- ✳️ indicates optional features that are supported
- 🔆 indicates optional features that are not supported
- ✖️ indicate non compliance
- semantics for specific fields are described
Requirements Notation and Conventions
- ✅ Compliant, no specifics in the OneWelcome implementation.
For further details, refer to SCIM: Core Schema 1.1 - Requirements Notation and Conventions section.
Overview
- ✅ Compliant, no specifics in the OneWelcome implementation.
For further details, refer to SCIM: Core Schema 1.1 - Overview section.
Definitions
The following table presents a further clarification of some of the definitions by giving an example for each kind of user attribute.
| Simple | Complex | |
|---|---|---|
| Singular | userName displayName | name |
| Multi-valued | emails | addresses |
Note: Simple multi-valued attributes have a 'value' sub-attribute, whereas complex multi-valued attributes don't have this.
SCIM Schema Structure
✅ Compliant, no specifics in the OneWelcome implementation.
For further details, refer to SCIM: Core Schema 1.1 - SCIM Schema Structure section.
Attribute Data Types
✅ Compliant, no specifics in the OneWelcome implementation.
OneWelcomeapplies the following validations:
- validation on string for any string-field
- validation on boolean for any boolean field
- validation on decimal for any decimal field
- validation on integer for any integer field
- validation on datetime for any datetime field
- validation on binary for any binary field
- API version is ‘v1.1’
For further details, refer to SCIM: Core Schema 1.1 - Attribute Data Types section.
Multi-valued Attributes
✅ Compliant
OneWelcome validates that the primary attribute value 'true' appears no more than once.
For multi-valued fields, OneWelcome will apply other as default for the type, so OneWelcome will always return a type for any of the values.
For further details, refer to SCIM: Core Schema 1.1 - Multi-valued Attributes section.
Schema Extension Model
- ✅ OneWelcome supports the schema extension model, compliant to the specifications.
- ✳️ OneWelcome also allows their customers to create custom extensions.
- ✖️ The SCIM enterprise extension is not yet supported.
For further details, refer to SCIM: Core Schema 1.1 - Schema Extension Model section.
SCIM Core Schema
For further details, refer to SCIM: Core Schema 1.1 - SCIM Core Schema section.
Common Schema Attributes
✅ OneWelcome is compliant.
| Attribute | Subattribute | OneWelcome Specifics | Format | Validation |
|---|---|---|---|---|
| ID | - | |||
| externalId | - | SCIM clients can set any value and should use values that are unique. | OneWelcome does not (yet) validate uniqueness of this attribute. | |
| meta | - | The meta-data that is specified by SCIM applies to the resource 'as a whole': group or user. | ||
| created | ✳️ This subattribute is always returned by OneWelcome. | As per SCIM standard: a dateTime (e.g. 2008-01-23T04:56:220Z) as specified in section 3.2.7 of the XML Schema Datatypes Specification. | ||
| lastModified | ✳️ This subattribute is always returned by OneWelcome. | As per SCIM standard: a dateTime (e.g. 2008-01-23T04:56:220Z) as specified in section 3.2.7 of the XML Schema Datatypes Specification. | ||
| location | ✳️ This subattribute is always returned by OneWelcome. | |||
| version | ✳️ This subattribute is always returned by OneWelcome. | |||
| attributes | ✅ OneWelcome is compliant on the usage of this attribute. |
For further details, refer to SCIM: Core Schema 1.1 - Common Schema Attributes section.
"schemas" Attribute
| Field | Subattribute | OneWelcome Specifics |
|---|---|---|
| schemas | - | ✅ Compliant with the specifications, the schemas attribute indicate the applicable schema's. See Schema Extension Model section. |
For further details, refer to SCIM: Core Schema 1.1 - "schemas" Attribute section.
SCIM User Schema
Compliance of the user schema is indicated on the chapter SCIM - User attribute overview.
For further details, refer to SCIM: Core Schema 1.1 - SCIM User Schema section.
SCIM Enterprise User Schema Extension
✖️ Support for the Enterprise User Schema extension is scheduled for a future OneWelcome release.
For further details, refer to SCIM: Core Schema 1.1 - SCIM Enterprise User Schema Extension section.
SCIM Group Schema
✖️ Support for groups is scheduled for a future OneWelcome release.
For further details, refer to SCIM: Core Schema 1.1 - SCIM Group Schema section.
Service Provider Configuration Schema
✖️ OneWelcome does not support the Service Provider configuration scheme.
For further details, refer to SCIM: Core Schema 1.1 - Service Provider Configuration Schema section.
Resource Schema
✖️ OneWelcome's resource endpoint is not compliant with SCIM specifications. Specifically complex attributes are not presented properly. See SCIM - Example messages for an example.
For further details, refer to SCIM: Core Schema 1.1 - Resource Schema section.
JSON Representation
See SCIM - Example messages for examples of OneWelcome SCIM messages in JSON representation.
Note: The full user representation example in SCIM: Core Schema 1.1 contains a few errors:
- User attribute groups is not shown with subattribute type (direct or indirect)
- User attribute phonenumbers is not shown with subattribute primary.
For further details, refer to SCIM: Core Schema 1.1 - JSON Representation section.
XML Representation
🔆 OneWelcome does not support the optional XML representation.
For further details, refer to SCIM: Core Schema 1.1 - XML Representation section.
Security Considerations
✅ Compliant; OneWelcome does not return password values in response values.
For further details, refer to SCIM: Core Schema 1.1 - Security Considerations section.