System for Cross-domain Identity Management, SCIM

thumbnail
Bence Losonczy
Published Date4 Months Ago - 1613 Views

Background

In the digital age, managing user identity information across applications can be challenging. SCIM, or the System for Cross-domain Identity Management specification, is designed to simplify this process. This post explores SCIM's background, purpose, and features in the context of Liferay, highlighting its role in streamlining user identity management for administrators.
 

Why Does This Feature Exist?

SCIM serves as an open standard tailored to manage user identity information efficiently. The primary goal is to securely automate the exchange of user identity data between a company's applications and service providers like Liferay. This becomes particularly crucial for organizations with multiple applications aiming to keep user data in sync.

 

What Problem Does It Solve?

SCIM tackles the challenge of maintaining unified user and group data across different applications. By providing defined RESTful APIs and schemas, SCIM allows clients, such as Liferay, to perform CRUD operations, ensuring resources stay in sync.

 

Features

The functionality of SCIM within Liferay is divided into multiple parts, with the following flow:

 

  • Configuration Creation from UI: Administrators create configurations from the UI, by creating an access token for connecting the SCIM client with the service provider.

  • REST API Handling: A dedicated REST API is created to handle RFC specifications for seamless CRUD operations.
     

Steps

  1. Go to “Control Panel > Configuration > Instance Settings > Security > SCIM”.
  2. Give the Application Name and set Matcher fields in the form.
  3. Save the form, resulting in the creation of the OAuth 2 application for SCIM.

  4. In the SCIM configuration, the option to create an Access Token (via the Generate button) will be available, along with a field displaying the access token and a button for easy copying.
    The option to revoke all access tokens is also available.

 

This approach provides flexibility for administrators to configure SCIM settings through a user-friendly interface, ensuring a smooth integration process.

 

Code

The code for SCIM implementation in Liferay can be found in modules/dxp/apps/scim/scim-client.
Notable files at modules/dxp/apps/scim/scim-rest-impl/rest-openapi.yaml provide the foundation for headless parts.

 

Future features

  • Notifications about tokens that going to expire

  • User group un/provisioning


 

In conclusion, SCIM in Liferay represents a pivotal solution for organizations seeking streamlined user identity management across applications. Its standardized approach, seamless integration, and user-friendly configuration make it an invaluable tool for administrators aiming to maintain data synchronization without compromising security.

 

This feature will be available in the upcoming Q1 quarterly release.
 

Comment (0)

More Blog Entries

thumbnail

Varnish Cache Setup for Liferay on Nginx

Sahil Akhtar
06 Dec
2
thumbnail

Liferay 7.4 + Tomcat Unicast-Based Session Replication

Shubhankar Soni
07 Dec
0
Blogs