scim

package
v1.74.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2026 License: BSD-3-Clause Imports: 19 Imported by: 0

Documentation

Overview

Package scim implements an adapter for the System for Cross-domain Identity Management (SCIM) protocol v2.

## Group membership

SCIM does not provide a dedicated endpoint for group membership data. Instead, it provides - a `members` attribute on the Group resource i.e. a list of objects containing the user IDs the group contains - a `groups` attribute on the User resource i.e. a list of objects containing the group IDs the user is a member of

A typical SCIM server is likely to contain a relatively small number of groups compared to the number of users. This means that the `members` attribute on the Group resource is likely to be very large, and the `groups` attribute on the User resource is likely to be small.

As there's no pagination support for `members`/`groups`, the design decision is to ingest group membership data from the User resource, which is relatively small and to ignore the `members` attribute on the Group resource.

Group members are ingested as child entities and a relationship is to be created between the child entity and the parent entity to allow traversal in snippets.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateURL 

func GenerateURL(
	baseURL string,
	entityExternalID string,
	pageSize int64,
	startIndex string,
	queryParams QueryParams,
) string

GenerateURL returns a URL to fetch a given page of SCIM objects.

func NewAdapter 

func NewAdapter(client Client) framework.Adapter[Config]

NewAdapter instantiates a new Adapter.

func ParseResponse 

func ParseResponse(body []byte, pageSize int64) (objects []map[string]any, nextCursor string, err *framework.Error)

Types

type Adapter 

type Adapter struct {
	// Client provides access to the datasource.
	Client Client
}

Adapter implements the framework.Adapter interface to query pages of objects from SCIM 2.0 datasources.

func (*Adapter) GetPage 

func (a *Adapter) GetPage(ctx context.Context, request *framework.Request[Config]) framework.Response

GetPage is called by SGNL's ingestion service to query a page of objects from a datasource.

func (*Adapter) RequestPageFromDatasource 

func (a *Adapter) RequestPageFromDatasource(
	ctx context.Context,
	request *framework.Request[Config],
) framework.Response

RequestPageFromDatasource requests a page of objects from a SoR. It calls the SCIM SoR client internally to make the SoR request, parses the response, and handles any errors. It also handles parsing the current cursor and generating the next cursor.

func (*Adapter) ValidateGetPageRequest 

func (a *Adapter) ValidateGetPageRequest(request *framework.Request[Config]) *framework.Error

ValidateGetPageRequest validates the fields of the GetPage Request.

type AdapterResponse 

type AdapterResponse struct {
	// StatusCode is an HTTP status code.
	StatusCode int

	// RetryAfterHeader is the Retry-After response HTTP header, if set.
	RetryAfterHeader string

	// Objects is the list of items returned by the datasource.
	// May be empty.
	Objects []map[string]any

	// NextCursor is the cursor that identifies the first object of the next page.
	// nil if this is the last page in this full sync.
	NextCursor string
}

AdapterResponse is a response returned by the adapter.

type Client 

type Client interface {
	// GetPage returns a page of JSON objects from the datasource for the
	// requested entity.
	// Returns a (possibly empty) list of JSON objects, each object being
	// unmarshaled into a map by Golang's JSON unmarshaler.
	GetPage(ctx context.Context, request *Request) (*AdapterResponse, *framework.Error)
}

Client is a client that allows querying a SCIM SoR which contains JSON objects.

func NewClient 

func NewClient(client *http.Client) Client

NewClient instantiates and returns a new SCIM Client used to query the SCIM datasource.

type Config 

type Config struct {
	// Common configuration
	*config.CommonConfig

	// QueryParams is an map containing the query parameters for each entity associated with this
	// datasource. The key is the entity's external_name, and the value is the QueryParams.
	QueryParams map[string]QueryParams `json:"queryParams,omitempty"`
}

Config is the configuration passed in each GetPage calls to the adapter. Adapter configuration example: nolint: godot 

{
    "requestTimeoutSeconds": 10,
    "localTimeZoneOffset": 43200,
    "queryParams": {
        "Users": {
            "filter": "userType eq \"Employee\" and (emails co \"sgnl.com\" or emails.value co \"sgnl.org\"",
            "sortBy": "userName",
            "ascending": true
        },
        "Groups": {
            "filter": "displayName eq \"SGNL\"",
            "sortBy": "displayName",
            "ascending": true
        }
    }
}

type Datasource 

type Datasource struct {
	Client *http.Client
}

Datasource directly implements a Client interface to allow querying an external datasource.

func (*Datasource) GetPage 

func (d *Datasource) GetPage(ctx context.Context, request *Request) (*AdapterResponse, *framework.Error)

GetPage makes a request to the SCIM SoR to get a page of JSON objects. If a response is received, regardless of status code, a Response object is returned with the response body and the status code. If the request fails, an appropriate framework.Error is returned.

type QueryParams 

type QueryParams struct {
	// Filter allows to request a subset of resources via the "filter" query parameter containing a filter expression
	Filter string `json:"filter,omitempty"`

	// SortBy allows to sort the returned resources via the "sortBy" query parameter
	SortBy string `json:"sortBy,omitempty"`

	// Ascending allows to specify the sort order via the "sortOrder" query parameter
	Ascending *bool `json:"ascending,omitempty"`
}

type Request 

type Request struct {
	// BaseURL is the Base URL of the datasource to query. For example, "my.scim.server.com".
	BaseURL string

	// AuthorizationHeader is the Authorization header sent to the SCIM SoR.
	AuthorizationHeader string

	// PageSize is the maximum number of objects to return from the entity.
	PageSize int64

	// EntityExternalID is the external ID of the entity.
	// The external ID should match the API's resource name.
	EntityExternalID string

	// Cursor identifies the first object of the page to return, as returned by
	// the last request for the entity.
	// Optional. If not set, return the first page for this entity.
	Cursor string

	// QueryParams contains the query parameters required to generate the URL for the datasource request
	QueryParams QueryParams

	// RequestTimeoutSeconds is the timeout duration for requests made to datasources.
	// This should be set to the number of seconds to wait before timing out.
	RequestTimeoutSeconds int
}

Request is a request to a SCIM SoR.

type Response 

type Response struct {
	Resources    []map[string]any `json:"Resources"`
	TotalResults int64            `json:"totalResults"`
	StartIndex   int64            `json:"startIndex"`
	ItemsPerPage int64            `json:"itemsPerPage"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.