Representation State Transfer (REST) is an architectural style for building web services over HTTP. Identity REST services are a set of REST web services that provide functionality for self-service, user, role/group, organization, and password policy management. Identity REST services are based on the System for Cross-Domain Identity Management (SCIM) protocol. Oracle Identity Manager SCIM service is available by default with the SCIM schema and IDM extensions, as described in "Schema Attributes for the User Resource".
The supported schema can be retrieved, as described in "Retrieving Schemas".
When you deploy Oracle Identity Manager, SCIM is deployed by default as a web application on the Oracle Identity Manager server.
SCIM implementation in Oracle Identity Manager follows draft-ietf-scim-api-13 and draft-ietf-scim-core-schema-13. For information about IETF drafts, refer to the following URL:
This chapter contains the following topics:
Table 21-1 lists SCIM-based APIs used for the supported operations in Oracle Identity Manager.
Table 21-1 SCIM-Based APIs and Supported Operations
Resource | Endpoint | Operation | Schema URL | Description |
---|---|---|---|---|
User |
/Users |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:core:2.0:User urn:ietf:params:scim:schemas:extension:enterprise:2.0:User · urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User · urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User |
Get/Add/Modify/Disable/Enable/Lock/Unlock/Delete Users - identity.usermgmt.api.UserManager |
User |
/Me |
GET, POST, PUT, PATCH |
·urn:ietf:params:scim:schemas:core:2.0:User · urn:ietf:params:scim:schemas:extension:enterprise:2.0:User · urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User · urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User |
Get/Modify My Profile, Change My Password, Change My Challenge Responses -, selfservice.self.selfmgmt.api.AuthenticatedSelfService Self Registration - via UnauthenticatedSelfService |
PasswordResetterWithChallenges |
/PasswordResetterWithChallenges |
POST |
· urn:ietf:params:scim:schema:oracle:core:2.0:PasswordResetterWithChallenges |
|
PasswordValidator |
/PasswordValidator |
POST |
· urn:ietf:params:scim:schema:oracle:core:2.0:PasswordValidator |
|
UserNameGenerator |
/UserNameGenerator |
POST |
· urn:ietf:params:scim:schema:oracle:core:2.0:UserNameGenerator |
|
UserNameRecoverer |
/UserNameRecoverer |
POST |
· urn:ietf:params:scim:schema:oracle:core:2.0:UserNameRecoverer |
|
UserNameValidator |
/UserNameValidator |
POST |
· urn:ietf:params:scim:schema:oracle:core:2.0:UserNameValidator |
|
Group |
/Groups |
GET, POST, PUT, PATCH, DELETE |
· urn:ietf:params:scim:schemas:core:2.0:Group · urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group · urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group |
Get/Add/Modify/SetUserMembershipRule/Delete Groups - identity.rolemgmt.api.RoleManager |
Organization |
/Organizations |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization |
Get/Add/Modify/SetUserMembershipRule/Delete Organizations - identity.orgmgmt.api.OrganizationManager |
Password Policy |
/PasswordPolicies |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy |
Get/Add/Modify/Delete Password Policies - passwordmgmt.api.PasswordMgmtService |
Notification Template |
/NotificationTemplates |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate |
Get/Add/Modify/Delete Notification Templates - notification.api.NotificationService |
System Property |
/SystemProperties |
GET, PATCH |
urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty |
Get/Modify System Property - config.api.SystemConfigurationService |
Service Provider Configuration Schema |
/ServiceProviderConfigs |
GET |
urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig |
Get the service provider's configuration |
Resource Type |
/ResourceTypes |
GET |
urn:ietf:params:scim:schemas:core:2.0:ResourceType |
Get the resource type's configuration |
Schema |
/Schemas |
GET |
urn:ietf:params:scim:schemas:core:2.0:Schema urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Schema |
Get a resource's schema |
Search |
[prefix]/.search |
POST |
NA |
Perform search at system root or with in a resource endpoint for one or more resource types using POST |
The resource schema tables listed in this section show the supported SCIM attributes. All SCIM resource types and schema extensions are identified by the following URI in both JSON requests and responses:
urn:oracle:scim:schemas:idm:2.0:RESOURCE_TYPE
All SCIM resources, such as users, groups, and organizations, include the following types of SCIM schema attributes:
SVA: Single-valued attribute
MVA: Multi-valued attribute.
CSVA: Complex single-valued attribute
CMVA: Complex multi-valued attribute.
SCIM user schema supports CMVA, such as email address, where each value can have subattributes, such as personal email address, work email address, and other email address, and value. As Oracle Identity Manager does not support CMVA, Oracle Identity Manager SCIM/REST API also does not support them, except where they can be mapped to existing Oracle Identity Manager user schema attributes. If a request is made that includes a complex SCIM attribute that is not supported by the Oracle Identity Manager SCIM/REST, then an error is returned in the REST response indicating the same.
Mutability is the way a given attribute is accessed. The possible mutability values are:
Read-only (RO): Allows create and read/search operations
WO: Allows create but not read/search operations
RW: Allows create as well as read/search operations
Table 21-2 lists the SCIM user schema attributes.
Table 21-2 urn:ietf:params:scim:schemas:core:2.0:User
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
userName |
SVA |
String |
Y |
RW |
name.formatted |
SVA |
String |
N |
RW |
name.familyName |
SVA |
String |
N |
RW |
name.givenName |
SVA |
String |
N |
RW |
name.middleName |
SVA |
String |
N |
RW |
name.honorificPrefix |
SVA |
String |
N |
RW |
name.honorificSuffix |
SVA |
String |
N |
RW |
displayName |
SVA |
String |
N |
RW |
nickName |
SVA |
String |
N |
RW |
profileUrl |
SVA |
String |
N |
RW |
title |
SVA |
String |
N |
RW |
title |
SVA |
String |
N |
RW |
userType |
SVA |
String |
N |
RW |
preferredLanguage |
SVA |
String |
N |
RW |
timezone |
SVA |
String |
N |
RW |
locale |
SVA |
String |
N |
RW |
active |
SVA |
Boolean |
N |
RW |
password |
SVA |
String |
N |
WO |
emails |
CMVA |
NA |
N |
RW |
emails[work].value |
SVA |
String |
N |
RW |
emails[<type>].primary |
SVA |
String |
N |
RW |
phoneNumbers |
CMVA |
NA |
N |
RW |
phoneNumbers.type |
SVA |
String |
N |
RW |
phoneNumbers[work].value |
SVA |
String |
N |
RW |
phoneNumbers[home].value |
SVA |
String |
N |
RW |
phoneNumbers[mobile].value |
SVA |
String |
N |
RW |
phoneNumber[fax].value |
SVA |
String |
N |
RW |
phoneNumber[pager].value |
SVA |
String |
N |
RW |
phoneNumber[other].value |
SVA |
String |
N |
RW |
ims |
CMVA |
NA |
N |
RW |
photos |
CMVA |
NA |
N |
RW |
addresses |
CMVA |
NA |
N |
RW |
addresses.type |
SVA |
String |
N |
RW |
addresses[<type>].primary |
SVA |
String |
N |
RW |
addresses[work].formatted |
SVA |
String |
N |
RW |
addresses[home].formatted |
SVA |
String |
N |
RW |
addresses[work].streetAddress |
SVA |
String |
N |
RW |
addresses[work].locality |
SVA |
String |
N |
RW |
addresses[work].region |
SVA |
String |
N |
RW |
addresses[work].postalCode |
SVA |
String |
N |
RW |
addresses[work].country |
SVA |
String |
N |
RW |
groups |
CMVA |
NA |
N |
RO |
groups.value |
SVA |
String |
N |
RO |
groups.$ref |
SVA |
String |
N |
RO |
groups.type |
SVA |
String |
N |
RO |
entitlements |
SMVA |
String |
N |
RW |
roles |
SMVA |
String |
N |
RW |
x509Certificates |
SMVA |
String |
N |
RW |
Note:
Accounts and entitlements are not supported by Oracle Identity Manager SCIM services.Table 21-3 lists the SCIM enterprise user schema attributes.
Table 21-3 urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
employeeNumber |
SVA |
String |
N |
RW |
costCenter |
SVA |
String |
N |
RW |
organization |
SVA |
String |
N |
RO |
division |
SVA |
String |
N |
RW |
department |
SVA |
String |
N |
RW |
manager.value |
SVA |
String |
N |
RW |
manager.$ref |
SVA |
String |
N |
RW |
manager.displayName |
SVA |
String |
N |
RO |
Table 21-4lists the SCIM IDM common user schema extension attributes.
Table 21-4 urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
createBy.value |
SVA |
String |
N |
RO |
createBy.$ref |
SVA |
String |
N |
RO |
updateBy.value |
SVA |
String |
N |
RO |
updateBy.$ref |
SVA |
String |
N |
RO |
passwd |
CSVA |
|||
passwd.value |
SVA |
String |
N |
WO |
passwd.oldValue |
SVA |
String |
N |
WO |
passwd.sendNotification |
SVA |
String |
N |
WO |
passwd.sendNotificationTo |
SVA |
String |
N |
WO |
passwordMustChange |
SVA |
String |
N |
RO |
passwordExpireDate |
SVA |
String |
N |
RO |
locked.value |
SVA |
String |
N |
RW |
locked.duration |
SVA |
String |
N |
RW |
locked.reason |
SVA |
String |
N |
RO |
locked.on |
SVA |
String |
N |
RO |
challenges |
CMVA |
NA |
N |
RW |
challenges.challenge |
SVA |
String |
N |
RW |
challenges.response |
SVA |
String |
N |
RW |
Table 21-5 lists the Oracle Identity Governance (OIG) user schema extension attributes.
Table 21-5 urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
dataLevel |
SVA |
String |
N |
RO |
disabled |
SVA |
String |
N |
RO |
passwordCreateDate |
SVA |
Date |
N |
RO |
passwordCantChange |
SVA |
String |
N |
RO |
passwordNeverExpires |
SVA |
String |
N |
RO |
passwordIsExpired |
SVA |
String |
N |
RO |
passwordWarnDate |
SVA |
Date |
N |
RO |
lastSuccessfulLoginDate |
SVA |
Date |
N |
RO |
lastFailedLoginDate |
SVA |
Date |
N |
RO |
hireDate |
SVA |
Date |
N |
RW |
startDate |
SVA |
Date |
N |
RW |
endDate |
SVA |
Date |
N |
RW |
provisioningDate |
SVA |
Date |
N |
RW |
provisionedDate |
SVA |
Date |
N |
RO |
deprovisioningDate |
SVA |
Date |
N |
RW |
deprovisionedDate |
SVA |
Date |
N |
RO |
automaticallyDeleteOn |
SVA |
Date |
N |
RO |
userLoginAttemptsCounter |
SVA |
Int |
N |
RO |
userPasswordResetAttemptsCounter |
SVA |
Int |
N |
RO |
userMustChangePasswordAtNextLogin |
SVA |
String |
N |
RO |
userPasswordMinAgeDate |
SVA |
Date |
N |
RO |
description |
SVA |
String |
N |
RW |
ldapCommonName |
SVA |
String |
N |
RW |
ldapCommonNameGenerated |
SVA |
String |
N |
RW |
ldapOrganization |
SVA |
String |
N |
RW |
ldapOrganizationalUnit |
SVA |
String |
N |
RW |
ldapDn |
SVA |
String |
N |
RW |
ldapGuid |
SVA |
String |
N |
RW |
poBox |
SVA |
String |
N |
RW |
jobCode |
SVA |
String |
N |
RW |
officeName |
SVA |
String |
N |
RW |
initials |
SVA |
String |
N |
RW |
faLanguage |
SVA |
String |
N |
RW |
faTerritory |
SVA |
String |
N |
RW |
embeddedHelp |
SVA |
String |
N |
RW |
fontSize |
SVA |
String |
N |
RW |
colorContrast |
SVA |
String |
N |
RW |
accessibilityMode |
SVA |
String |
N |
RW |
numberFormat |
SVA |
String |
N |
RW |
dateFormat |
SVA |
String |
N |
RW |
timeFormat |
SVA |
String |
N |
RW |
currency |
SVA |
String |
N |
RW |
summaryRisk |
SVA |
String |
N |
RO |
hasHighRiskRole |
SVA |
String |
N |
RO |
hasHighRiskResource |
SVA |
String |
N |
RO |
hasHighRiskEntitlement |
SVA |
String |
N |
RO |
hasHighRiskProvisioningMethod |
SVA |
String |
N |
RO |
hasHighRiskOpenSod |
SVA |
String |
N |
RO |
hasHighRiskLastCert |
SVA |
String |
N |
RO |
roleSummaryRisk |
SVA |
String |
N |
RO |
accountSummaryRisk |
SVA |
String |
N |
RO |
entitlementSummaryRisk |
SVA |
String |
N |
RO |
riskUpdateDate |
SVA |
String |
N |
RO |
homeOrganization |
CSVA |
NA |
N |
RW |
homeOrganization.value |
SVA |
String |
N |
RW |
homeOrganization.$ref |
SVA |
String |
N |
RO |
Organizations |
CMVA |
NA |
N |
RO |
organizations.value |
SVA |
String |
N |
RO |
organizations.$ref |
SVA |
String |
N |
RO |
passwordPolicyDescription |
SVA |
String |
N |
RO |
requestId |
SVA |
String |
N |
RO |
Table 21-6 lists the IDM PasswordResetterWithChallenges user schema attributes.
Table 21-7 lists the IDM PasswordValidator schema attributes.
Table 21-8 lists the IDM UserNameValidator schema attributes.
Table 21-9 lists the IDM UserNameGenerator schema attributes.
Table 21-9 urn:ietf:params:scim:schemas:oracle:core:2.0:UserNameGenerator
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
name |
CSVA |
NA |
Y |
WO |
name.formatted |
SVA |
String |
Y |
WO |
name.familyName |
SVA |
String |
Y |
WO |
name.givenName |
SVA |
String |
Y |
WO |
name.middleName |
SVA |
String |
Y |
WO |
name.honorificSuffix |
SVA |
String |
Y |
WO |
Table 21-10 lists the IDM UserNameRecoverer schema attributes.
Table 21-11 lists the SCIM group schema attributes.
Table 21-11 urn:ietf:params:scim:schemas:core:2.0:Group
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
displayName |
SVA |
String |
Y |
RW |
members |
CMVA |
NA |
N |
|
members.value |
SVA |
String |
N |
RW |
members .$ref |
SVA |
String |
N |
RW |
Table 21-12 lists the IDM common group schema extension attributes.
Table 21-12 urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group
SCIM Attributes | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
createBy.value |
SVA |
String |
N |
RO |
createBy.$ref |
SVA |
String |
N |
RO |
updateBy.value |
SVA |
String |
N |
RO |
updateBy.$ref |
SVA |
String |
N |
RO |
|
SVA |
String |
N |
RW |
description |
SVA |
String |
N |
RW |
owner |
CSVA |
NA |
N |
RW |
owner.value |
SVA |
String |
N |
RW |
owner.$ref |
SVA |
String |
N |
RO |
owner.firstName |
SVA |
String |
N |
RO |
owner.lastName |
SVA |
String |
N |
RO |
owner.displayName |
SVA |
String |
N |
RO |
owner.email |
SVA |
String |
N |
RO |
owner.login |
SVA |
String |
N |
RO |
Table 21-13 lists the OIG group schema extension attributes.
Table 21-13 urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
dataLevel |
SVA |
String |
N |
RO |
namespace |
SVA |
String |
N |
RW |
category |
CSVA |
NA |
N |
RW |
category.value |
SVA |
String |
N |
RW |
category.name |
SVA |
String |
N |
RO |
ldapGuid |
SVA |
String |
N |
RO |
ldapDn |
SVA |
String |
N |
RO |
requestId |
SVA |
String |
N |
RO |
accessPolicies.value |
MVA |
String |
N |
RW |
organizationsPublishedTo |
CMVA |
NA |
N |
RW |
organizationsPublishedTo.value |
SVA |
String |
N |
RW |
organizationsPublishedTo.$ref |
SVA |
String |
N |
RO |
catalog |
CSVA |
NA |
N |
RW |
catalog.id |
SVA |
String |
N |
RO |
catalog.categoryName |
SVA |
String |
N |
RW |
catalog.auditObjectives |
SVA |
String |
N |
RW |
catalog.itemRisk |
SVA |
Integer |
N |
RW |
catalog.userDefinedTags |
SVA |
String |
N |
RW |
catalog.certifiable |
SVA |
Boolean |
N |
RW |
catalog.auditable |
SVA |
Boolean |
N |
RW |
catalog.requestable |
SVA |
Boolean |
N |
RW |
catalog.tags |
SVA |
String |
N |
RO |
catalog.hierarchicalDataAvailable |
SVA |
Boolean |
N |
RO |
catalogApproverUser.value |
SVA |
String |
N |
RW |
catalogApproverUser.$ref |
SVA |
Reference |
N |
RW |
catalogApproverRole.value |
SVA |
String |
N |
RW |
catalogApproverRole.$ref |
SVA |
Reference |
N |
RW |
catalogCertifierUser.value |
SVA |
String |
N |
RW |
catalogCertifierUser.$ref |
SVA |
Reference |
N |
RW |
catalogCertifierRole.value |
SVA |
String |
N |
RW |
catalogCertifierRole.$ref |
SVA |
Reference |
N |
RW |
catalogFulfillmentUser.value |
SVA |
String |
N |
RW |
catalogFulfillmentUser.$ref |
SVA |
Reference |
N |
RW |
catalogFulfillmentRole.value |
SVA |
String |
N |
RW |
catalogFulfillmentRole.$ref |
SVA |
Reference |
N |
RW |
catalogAttributes |
CMVA |
NA |
N |
RW |
catalogAttributes.name |
SVA |
String |
N |
RW |
catalogAttributes.value |
SVA |
String |
N |
RW |
catalogAttributes.udf |
SVA |
Boolean |
N |
RW |
catalogAttributes.description |
SVA |
String |
N |
RW |
catalogAttributes.searchable |
SVA |
Boolean |
N |
RW |
catalogAttributes.sortable |
SVA |
Boolean |
N |
RW |
catalogAttributes.certifiable |
SVA |
Boolean |
N |
RW |
catalogAttributes.datatype |
SVA |
String |
N |
RO |
userMembershipRule |
CSVA |
NA |
N |
RW |
userMembershipRule.value |
SVA |
String |
N |
RW |
userMembershipRule.evaluate |
SVA |
Boolean |
N |
WO |
Table 21-14 lists the OIG organization schema attributes.
Table 21-14 urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
createBy.value |
SVA |
String |
N |
RO |
createBy.$ref |
SVA |
String |
N |
RO |
updateBy.value |
SVA |
String |
N |
RO |
updateBy.$ref |
SVA |
String |
N |
RO |
dataLevel |
SVA |
String |
N |
RO |
name |
SVA |
String |
N |
RW |
customerType |
SVA |
String |
N |
RW |
status |
SVA |
String |
N |
RW |
disabled |
SVA |
String |
N |
RW |
parent |
CSVA |
NA |
N |
RW |
parent.value |
SVA |
String |
N |
RW |
parent.$ref |
SVA |
String |
N |
RO |
parent.name |
SVA |
String |
N |
RO |
passwordPolicy |
CSVA |
NA |
N |
RW |
passwordPolicy.value |
SVA |
String |
N |
RW |
passwordPolicy.$ref |
SVA |
String |
N |
RO |
passwordPolicy.name |
SVA |
String |
N |
RO |
certifierUser |
CSVA |
NA |
N |
RW |
certifierUser.value |
SVA |
String |
N |
RW |
certifierUser.$ref |
SVA |
String |
N |
RO |
certifierUser.login |
SVA |
String |
N |
RO |
enforceNewPasswordPolicy |
SVA |
String |
N |
RW |
userMembershipRule |
CSVA |
NA |
N |
RW |
userMembershipRule.value |
SVA |
String |
N |
RW |
userMembershipRule.evaluate |
SVA |
String |
N |
WO |
members |
CMVA |
NA |
N |
RO |
members.value |
SVA |
String |
N |
RO |
members.$ref |
SVA |
String |
N |
RO |
childOrganizations |
CSVA |
NA |
N |
RO |
childOrganizations.value |
SVA |
String |
N |
RO |
childOrganizations.$ref |
SVA |
Reference |
N |
RO |
Table 21-15 lists the IDM password policy schema attributes.
Table 21-15 urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
name |
SVA |
String |
N |
RW |
description |
SVA |
String |
N |
RW |
maxLength |
SVA |
String |
N |
RW |
minLength |
SVA |
String |
N |
RW |
minAlphas |
SVA |
String |
N |
RW |
minNumerals |
SVA |
String |
N |
RW |
minAlphaNumerals |
SVA |
String |
N |
RW |
minSpecialChars |
SVA |
String |
N |
RW |
maxSpecialChars |
SVA |
String |
N |
RW |
minUpperCase |
SVA |
String |
N |
RW |
minLowerCase |
SVA |
String |
N |
RW |
minUniqueChars |
SVA |
String |
N |
RW |
maxRepeatedChars |
SVA |
String |
N |
RW |
startsWithAlphabet |
SVA |
String |
N |
RW |
minUnicodeChars |
SVA |
String |
N |
RW |
maxUnicodeChars |
SVA |
String |
N |
RW |
firstNameDisallowed |
SVA |
String |
N |
RW |
lastNameDisallowed |
SVA |
String |
N |
RW |
userIdDisallowed |
SVA |
String |
N |
RW |
minPasswordAgeInDays |
SVA |
String |
N |
RW |
passwordWarningAfterInDays |
SVA |
String |
N |
RW |
passwordExpiresAfterInDays |
SVA |
String |
N |
RW |
requiredChars |
SVA |
String |
N |
RW |
disallowedChars |
SVA |
String |
N |
RW |
allowedChars |
SVA |
String |
N |
RW |
disallowedSubstrings |
SVA |
String |
N |
RW |
dictionaryLocation |
SVA |
String |
N |
RW |
dictionaryDelimiter |
SVA |
String |
N |
RW |
numPasswordsInHistory |
SVA |
String |
N |
RW |
maxIncorrectAttempts |
SVA |
String |
N |
RW |
lockoutDuration |
SVA |
String |
N |
RW |
complexPolicy |
SVA |
String |
N |
RW |
challengesEnabled |
SVA |
String |
N |
RW |
challengeSource |
SVA |
String |
N |
RW |
challengeDefaultQuestions.value |
SVA |
String |
N |
RW |
challengeMinQuestions |
SVA |
String |
N |
RW |
challengeMinAnswers |
SVA |
String |
N |
RW |
challengeAllAtOnce |
SVA |
String |
N |
RW |
challengeResponseMinLength |
SVA |
String |
N |
RW |
challengeAllowDuplicateResponses |
SVA |
String |
N |
RW |
challengeMaxIncorrectAttempts |
SVA |
String |
N |
RW |
Table 21-16 lists the OIG notification template schema attributes.
Table 21-16 urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
name |
SVA |
String |
Y |
RW |
eventName |
SVA |
String |
Y |
RW |
description |
SVA |
String |
N |
RW |
locales |
CMVA |
NA |
N |
RW |
locales.locale |
SVA |
String |
Y |
RW |
locales.encoding |
SVA |
String |
Y |
RW |
locales .subject |
SVA |
String |
Y |
RW |
locales .contentType |
SVA |
String |
Y |
RW |
locales.shortMessage |
SVA |
String |
N |
RW |
locales.longMessage |
SVA |
String |
Y |
RW |
Table 21-17 lists the OIG system property schema attributes.
Table 21-18 lists the SCIM service provider configuration schema attributes.
Table 21-18 urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
documentationUrl |
SVA |
String |
N |
RO |
patch.supported |
SVA |
Boolean |
N |
RO |
bulk.supported |
SVA |
Boolean |
N |
RO |
bulk.maxOperations |
SVA |
Integer |
N |
RO |
bulk.maxPayloadSize |
SVA |
Integer |
N |
RO |
filter.supported |
SVA |
Boolean |
N |
RO |
filter.maxResults |
SVA |
Integer |
N |
RO |
changePassword.supported |
SVA |
Boolean |
N |
RO |
sort.supported |
SVA |
Boolean |
N |
RO |
Etag.supported |
SVA |
Boolean |
N |
RO |
authenticationSchemes.name |
SVA |
String |
N |
RO |
authenticationSchemes.description |
SVA |
String |
N |
RO |
authenticationSchemes.specUrl |
SVA |
String |
N |
RO |
authenticationSchemes.documentationUrl |
SVA |
String |
N |
RO |
Table 21-19 lists the SCIM resource type schema attributes.
Table 21-19 urn:ietf:params:scim:schemas:core:2.0:ResourceType
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
name |
SVA |
String |
N |
RO |
description |
SVA |
String |
N |
RO |
endpoint |
SVA |
String |
N |
RO |
schema |
SVA |
String |
N |
RO |
schemaExtensions.schema |
SVA |
String |
N |
RO |
schemaExtensions.required |
SVA |
Boolean |
N |
RO |
Table 21-20 lists the attributes of the SCIM schema.
Table 21-20 urn:ietf:params:scim:schemas:core:2.0:Schema
SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
---|---|---|---|---|
id |
SVA |
String |
N |
RO |
name |
SVA |
String |
N |
RO |
description |
SVA |
String |
N |
RO |
attributes.name |
SVA |
String |
N |
RO |
attributes.type |
SVA |
String |
N |
RO |
attributes.multiValued |
SVA |
String |
N |
RO |
attributes.description |
SVA |
String |
N |
RO |
attributes.readOnly |
SVA |
Boolean |
N |
RO |
attributes.required |
SVA |
Boolean |
N |
RO |
attributes.mutability |
SVA |
String |
N |
RO |
attributes.returned |
SVA |
String |
N |
RO |
attributes.uniqueness |
SVA |
String |
N |
RO |
attributes.caseExact |
SVA |
Boolean |
N |
RO |
Table 21-21 lists the schema extension attribute of the OIG schema.
The following operation types are supported:
GET: Retrieves one or more complete or partial resources.
POST: Creates new resources or creates search requests, depending on the endpoint.
PUT: Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT must not be used to create new resources.
PATCH: Modifies a resource with a set of client-specified changes (partial updates).
DELETE: Deletes a resource.
For more information about operation types, refer to the following URL:
In addition to returning a HTTP response code, Identity REST services return the errors in the body of the response with error code and descriptions. Table 21-22 lists the error codes and their meaning.
Table 21-22 Error Codes and Meaning
Error Condition | HTTP Return Code | Meaning |
---|---|---|
Not able to parse input, input does not match required entities, or validation failures |
400 |
Bad Request: validation failures, schema violations |
Requested resource not found |
404 |
Not found ADDITIONAL_INFORMATION_INDICATING_NOT_FOUND_OBJECT |
User not authorized to execute service |
401 |
Unauthorized |
Requested method not supported |
501 |
Method not allowed |
Client does not accept produced content type |
406 |
Not acceptable |
Incorrect request parameter semantics |
422 |
Unprocessable Entity. ADDITIONAL_INFORMATION_ON_NATURE_OF_ERROR |
Client media type unsupported |
415 |
Unsupported media type |
Failed Dependency |
424 |
Failed Dependency. ADDITIONAL_INFORMATION_ON_FAILED_DEPENDENCY |
Generic server failure |
500 |
Internal server error |
conflict |
409 |
The specified version number does not match, or the resource's latest version number or a service provider refused to create a new, duplicate resource |
precondition failed |
412 |
Failed to update as resource ID changed on the server last retrieved |
forbidden |
403 |
Server does not support requested operation on a given resource |
Table 21-23 lists the success codes and their meaning.
This section provides the following examples for SCIM-based API usage:
Note:
You can use user defined fields (UDFs) in SCIM requests. After UDFs are created in Oracle Identity Manager, they automatically appear in SCIM resources as regular attributes. There is no difference in the requests and responses with regular attributes.This section provides the following examples of the User resource:
Operation and URI: POST http://
HOST_NAME
:PORT
/idaas/im/scim/v1/Users
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User" ], "userName": "bjensen@example.com", "name": { "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificSuffix": "III" }, "displayName": "Babs Jensen", "profileUrl": "https://HOST_NAME:PORT/bjensen", "emails": [ { "value": "bjensen@example.com", "type": "work" } ], "addresses": [ { "type": "work", "streetAddress": "100 Universal City Plaza", "locality": "Hollywood", "region": "CA", "postalCode": "91608", "country": "USA", "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA" }, { "type": "home", "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA" } ], "phoneNumbers": [ { "value": "555-555-5555", "type": "work" }, { "value": "555-555-4444", "type": "mobile" } ], "userType": "Contractor", "title": "Tour Guide", "preferredLanguage":"en-US", "locale": "en-US", "timezone": "America/Los_Angeles", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "employeeNumber": "701984", "costCenter": "4130", "division": "Theme Park", "department": "Tour Operations", "manager": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" } }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" } } }
Status: HTTP/1.1 201 Created
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "userLoginAttemptsCounter": 0, "passwordIsExpired": "0", "ldapCommonNameGenerated": 0, "userPasswordResetAttemptsCounter": 0, "passwordWarnDate": "2015-04-29T03:24:16.000-07:00", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" }, "passwordCreateDate": "2015-01-06T03:24:16.000-08:00", "provisionedDate": "2015-01-06T03:24:16.000-08:00", "passwordPolicyDescription": [], "userMustChangePasswordAtNextLogin": "1", "disabled": false, "organizations": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1", "display": "Xellerate Users" } ] }, "displayName": "Babs Jensen", "id": "145", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "passwordExpireDate": "2015-05-06T03:24:16.000-07:00", "locked": { "duration": 0, "value": "0", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/0" } }, "userName": "BJENSEN@EXAMPLE.COM", "emails": [ { "value": "bjensen@example.com", "type": "work" } ], "active": true, "userType": "Contractor", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "employeeNumber": "701984", "manager": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "displayName": "new display" }, "department": "Tour Operations", "organization": "Xellerate Users" }, "preferredLanguage": "en-US", "phoneNumbers": [ { "value": "555-555-4444", "type": "mobile" }, { "value": "555-555-5555", "type": "work" } ], "name": { "middleName": "Jane", "familyName": "Jensen", "givenName": "Barbara", "honorificSuffix": "III" }, "addresses": [ { "region": "CA", "streetAddress": "100 Universal City Plaza", "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA", "postalCode": "91608", "locality": "Hollywood", "country": "USA", "type": "work" }, { "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA", "type": "home" } ], "groups": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/3", "type": "direct" } ], "timezone": "America/Los_Angeles", "title": "Tour Guide", "meta": { "lastModified": "2015-01-06T03:24:17.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/145", "created": "2015-01-06T03:24:17.000-08:00", "resourceType": "User" } }
Operation and URI: PUT http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/355
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "userName": "userName_user216_08_09.382323", "name": { "familyName": "familyName2_user216_08_09.382323" }, "userType": "Contractor", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "description": "description2_user216_08_09.382323" }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "homeOrganization": { "value": "4", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/4" } } }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "passwordIsExpired": "0", "userLoginAttemptsCounter": 0, "ldapCommonNameGenerated": 0, "userPasswordResetAttemptsCounter": 0, "passwordWarnDate": "2015-07-02T08:46:57.000-07:00", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" }, "passwordCreateDate": "2015-03-11T08:46:57.000-07:00", "provisionedDate": "2015-03-11T08:46:57.000-07:00", "passwordPolicyDescription": [ { "value": "Password must not match or contain first name." }, { "value": "Password must not match or contain last name." }, { "value": "Password must contain at least 2 alphabetic character(s)." }, { "value": "Password must be at least 6 character(s) long." }, { "value": "Password must contain at least 1 lowercase letter(s)." }, { "value": "Password must contain at least 1 numeric character(s)." }, { "value": "Password must contain at least 1 uppercase letter(s)." }, { "value": "Password must start with an alphabetic character." }, { "value": "Password must not match or contain user ID." } ], "userMustChangePasswordAtNextLogin": "1", "disabled": false, "organizations": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1", "display": "Xellerate Users" } ], "description": "description2_user216_08_09.382323" }, "displayName": "Babs Jensen", "id": "355", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "passwordExpireDate": "2015-07-09T08:46:57.000-07:00", "locked": { "duration": 0, "value": "0" } }, "userName": "USERNAME_USER216_08_09.382323", "emails": [ { "value": "u1@example.com", "type": "work" } ], "active": true, "userType": "Contractor", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "employeeNumber": "701984", "manager": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "displayName": "display" }, "department": "Tour Operations", "organization": "Xellerate Users" }, "preferredLanguage": "en-US", "phoneNumbers": [ { "value": "555-555-4444", "type": "mobile" }, { "value": "555-555-5555", "type": "work" } ], "name": { "middleName": "Jane", "familyName": "familyName2_user216_08_09.382323", "givenName": "Barbara", "honorificSuffix": "III" }, "addresses": [ { "region": "CA", "streetAddress": "100 Universal City Plaza", "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA", "postalCode": "91608", "locality": "Hollywood", "country": "USA", "type": "work" }, { "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA", "type": "home" } ], "groups": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/3", "type": "direct" } ], "timezone": "America/Los_Angeles", "title": "Tour Guide", "meta": { "lastModified": "2015-03-11T08:47:19.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/355", "created": "2015-03-11T08:46:57.000-07:00", "resourceType": "User" } }
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/355
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"replace", "path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:description, "value":"description3" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "passwordIsExpired": "0", "userLoginAttemptsCounter": 0, "ldapCommonNameGenerated": 0, "userPasswordResetAttemptsCounter": 0, "passwordWarnDate": "2015-07-02T08:46:57.000-07:00", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" }, "passwordCreateDate": "2015-03-11T08:46:57.000-07:00", "provisionedDate": "2015-03-11T08:46:57.000-07:00", "passwordPolicyDescription": [ { "value": "Password must not match or contain first name." }, { "value": "Password must not match or contain last name." }, { "value": "Password must contain at least 2 alphabetic character(s)." }, { "value": "Password must be at least 6 character(s) long." }, { "value": "Password must contain at least 1 lowercase letter(s)." }, { "value": "Password must contain at least 1 numeric character(s)." }, { "value": "Password must contain at least 1 uppercase letter(s)." }, { "value": "Password must start with an alphabetic character." }, { "value": "Password must not match or contain user ID." } ], "userMustChangePasswordAtNextLogin": "1", "disabled": false, "organizations": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1", "display": "Xellerate Users" } ], "description": "description3" }, "displayName": "Babs Jensen", "id": "355", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "passwordExpireDate": "2015-07-09T08:46:57.000-07:00", "locked": { "duration": 0, "value": "0" } }, "userName": "USERNAME_USER216_08_09.382323", "emails": [ { "value": "u1@example.com", "type": "work" } ], "active": true, "userType": "Contractor", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "employeeNumber": "701984", "manager": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "displayName": "display" }, "department": "Tour Operations", "organization": "Xellerate Users" }, "preferredLanguage": "en-US", "phoneNumbers": [ { "value": "555-555-4444", "type": "mobile" }, { "value": "555-555-5555", "type": "work" } ], "name": { "middleName": "Jane", "familyName": "familyName2_user216_08_09.382323", "givenName": "Barbara", "honorificSuffix": "III" }, "addresses": [ { "region": "CA", "streetAddress": "100 Universal City Plaza", "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA", "postalCode": "91608", "locality": "Hollywood", "country": "USA", "type": "work" }, { "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA", "type": "home" } ], "groups": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/3", "type": "direct" } ], "timezone": "America/Los_Angeles", "title": "Tour Guide", "meta": { "lastModified": "2015-03-11T08:49:17.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/355", "created": "2015-03-11T08:46:57.000-07:00", "resourceType": "User" } }
The following is an example of pagination:
Operation and URI: GET /Users http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users?attributes=id&startIndex=6&count=5
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 5, "itemsPerPage": 5, "startIndex": 6, "Resources": [ { "id": "59" }, { "id": "42" }, { "id": "25" }, { "id": "106" }, { "id": "89" } ] }
The following are examples of search filters:
http://HOST_NAME:PORT/idaas/im/scim/v1/Users?filter=(userName co xel)&attributes=id http://HOST_NAME:PORT/idaas/im/scim/v1/Users?attributes=userName&filter=(userName co 4) and (userName co BUG) http://HOST_NAME:PORT/idaas/im/scim/v1/Users?attributes=userName&filter=(emails.type eq work and emails.value sw u)
Note:
For a complete description of search filters, see the "Filtering" section of the SCIM REST API IETF draft at the following URL:https://tools.ietf.org/html/draft-ietf-scim-api-14#section-3.2.2.2
Operation and URI: DELETE http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/355
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body: NA
Status: 204 No Content
Body: NA
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/356
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [ { "op":"replace", "path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:locked", "value" : { "value" : 1, "duration" : 3600 } } ] }
Returns the full resource with lock attribute update.
Status: HTTP/1.1 200 OK
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/356
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [ { "op":"replace", "path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:locked", "value" : { "value" : 0 } } ] }
Returns the full resource with lock attribute update.
Status: HTTP/1.1 200 OK
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/356
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [ { "op": "replace","path": "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:passwd", "value" : { "value": "newPassw0rd", "sendNotification": "true", "sendNotificationTo": "example2@example.com" } } ] }
Response contains the modified resource.
Status: HTTP/1.1 200 OK
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Users/356
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [ { "op": "replace", "path": "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:passwd", "value": { "value": "auto-generate", "sendNotification": "true", "sendNotificationTo": "john.doe@example.com" } } ] }
Response is the modified resource.
Status: HTTP/1.1 200 OK
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Me
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "userLoginAttemptsCounter": 0, "ldapCommonNameGenerated": 0, "userPasswordResetAttemptsCounter": 0, "ldapCommonName": "System Administrator", "passwordWarnDate": "2015-06-30T01:51:27.000-07:00", "lastSuccessfulLoginDate": "2015-03-11T00:00:00.000-07:00", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" }, "passwordPolicyDescription": [ { "value": "Password must not match or contain first name." }, { "value": "Password must not match or contain last name." }, { "value": "Password must contain at least 2 alphabetic character(s)." }, { "value": "Password must be at least 6 character(s) long." }, { "value": "Password must contain at least 1 lowercase letter(s)." }, { "value": "Password must contain at least 1 numeric character(s)." }, { "value": "Password must contain at least 1 uppercase letter(s)." }, { "value": "Password must start with an alphabetic character." }, { "value": "Password must not match or contain user ID." } ], "disabled": false, "dataLevel": "2", "organizations": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1", "display": "Xellerate Users" } ] }, "displayName": "display", "id": "1", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "passwordExpireDate": "2015-07-07T01:51:27.000-07:00", "locked": { "value": "0" } }, "userName": "XELSYSADM", "emails": [ { "value": "donotreply@example.com", "type": "work" } ], "active": true, "userType": "Full-Time", "name": { "familyName": "Administrator", "givenName": "System" }, "groups": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/1", "type": "direct" }, { "value": "6", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/6", "type": "direct" } ], "meta": { "lastModified": "2015-03-11T08:15:44.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Me", "created": "2015-03-09T01:51:27.000-07:00", "resourceType": "User" }, "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "organization": "Xellerate Users" } }
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Me
Header:
Content-Type: application/scim+json
Authorization: NA
Body:
{ "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"], "userName": "bjensen@example.com", "name": { "familyName": "Jensen", "givenName": "Barbara", "middleName": "Jane", "honorificSuffix": "III" }, "displayName": "Babs Jensen", "emails": [ { "value": "bjensen@example.com", "type": "work" } ], "userType": "Full-Time", "password":"t1meMa$heen", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "challenges": [ { "challenge":"What is your favorite color?", "response":"color" }, { "challenge":"What is the name of your pet?", "response":"pet" }, { "challenge":"What is the city of your birth?", "response":"city" } ] } }
User is created directly and entityId of the new user is returned.
Status: HTTP/1.1 201 Created
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Me
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations":[ { "op":"replace", "path":"displayName", "value" : "NEW_NAME" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "userLoginAttemptsCounter": 0, "ldapCommonNameGenerated": 0, "userPasswordResetAttemptsCounter": 0, "ldapCommonName": "System Administrator", "passwordWarnDate": "2015-06-30T01:51:27.000-07:00", "lastSuccessfulLoginDate": "2015-03-11T00:00:00.000-07:00", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" }, "passwordPolicyDescription": [ { "value": "Password must not match or contain first name." }, { "value": "Password must not match or contain last name." }, { "value": "Password must contain at least 2 alphabetic character(s)." }, { "value": "Password must be at least 6 character(s) long." }, { "value": "Password must contain at least 1 lowercase letter(s)." }, { "value": "Password must contain at least 1 numeric character(s)." }, { "value": "Password must contain at least 1 uppercase letter(s)." }, { "value": "Password must start with an alphabetic character." }, { "value": "Password must not match or contain user ID." } ], "disabled": false, "dataLevel": "2", "organizations": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1", "display": "Xellerate Users" } ] }, "displayName": "NEW_NAME", "id": "1", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "passwordExpireDate": "2015-07-07T01:51:27.000-07:00", "locked": { "value": "0" } }, "userName": "XELSYSADM", "emails": [ { "value": "donotreply@example.com", "type": "work" } ], "active": true, "userType": "Full-Time", "name": { "familyName": "Administrator", "givenName": "System" }, "groups": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/1", "type": "direct" }, { "value": "6", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/6", "type": "direct" } ], "meta": { "lastModified": "2015-03-11T08:55:23.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Me", "created": "2015-03-09T01:51:27.000-07:00", "resourceType": "User" }, "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "organization": "Xellerate Users" } }
Operation and URI: PUT http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Me
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "urn:ietf:params:scim:schemas:core:2.0:User" ], "userName": "bjensen@example.com", "name": { "familyName": "Jensen" }, "userType": "Contractor", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "organization": "Xellerate Users", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" } } }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User", "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": { "userLoginAttemptsCounter": 0, "passwordIsExpired": "0", "ldapCommonNameGenerated": 0, "userPasswordResetAttemptsCounter": 0, "passwordWarnDate": "2015-04-29T03:24:16.000-07:00", "homeOrganization": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1" }, "passwordCreateDate": "2015-01-06T03:24:16.000-08:00", "provisionedDate": "2015-01-06T03:24:16.000-08:00", "passwordPolicyDescription": [], "userMustChangePasswordAtNextLogin": "1", "disabled": false, "organizations": [ { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/1", "display": "Xellerate Users" } ] }, "displayName": "Babs Jensen", "id": "145", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "passwordExpireDate": "2015-05-06T03:24:16.000-07:00", "locked": { "duration": 0, "value": "0", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/0" } }, "userName": "BJENSEN@EXAMPLE.COM", "emails": [ { "value": "bjensen@example.com", "type": "work" } ], "active": true, "userType": "Contractor", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "employeeNumber": "701984", "manager": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "displayName": "new display" }, "department": "Tour Operations", "organization": "Xellerate Users" }, "preferredLanguage": "en-US", "phoneNumbers": [ { "value": "555-555-4444", "type": "mobile" }, { "value": "555-555-5555", "type": "work" } ], "name": { "middleName": "Jane", "familyName": "Jensen", "givenName": "Barbara", "honorificSuffix": "III" }, "addresses": [ { "region": "CA", "streetAddress": "100 Universal City Plaza", "formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA", "postalCode": "91608", "locality": "Hollywood", "country": "USA", "type": "work" }, { "formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA", "type": "home" } ], "groups": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/3", "type": "direct" } ], "timezone": "America/Los_Angeles", "title": "Tour Guide", "meta": { "lastModified": "2015-01-06T03:24:17.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/145", "created": "2015-01-06T03:24:17.000-08:00", "resourceType": "User" } }
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/PasswordResetterWithChallenges
Header:
Content-Type: application/json
Authorization: NA
Body:
{ "schemas": ["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordResetterWithChallenges"], "userName": "JDOE", "challenges": [ { "challenge":"What is the name of your pet?", "response":"name" }, { "challenge":"What is the city of your birth?", "response":"city" }, { "challenge":"What is your favorite color?", "response":"color" } ], "password": "Welcome3" }
The response is empty.
Status: HTTP/1.1 204 No Content
The following request is to validate a potential password. Successful response of validate password request means password is valid.
Operation and URI: POST http://
HOST_NAME
:PORT
/idaas/im/scim/v1/PasswordValidator
Header:
Content-Type: application/json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordValidator" ], "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "password": "jijijSSij1" }
Status: HTTP/1.1 204 No Content
Successful response of validate user name request means password is valid. The request is as follows:
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/UserNameValidator
Header:
Content-Type: application/json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas":["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameValidator"], "userName": "aUserName" }
Status: HTTP/1.1 204 No Content
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/UserNameGenerator
Header:
Content-Type: application/json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas":["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameGenerator"], "name": { "formatted": "Ms. Barbara J Doe III", "familyName": "Doe", "givenName": "Barbara", "middleName": "Jane", "honorificSuffix": "III" } }
Status: HTTP/1.1 201 Created
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameGenerator" ], "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/UserNameGenerator", "resourceType": "UserNameGenerator" }, "urn:ietf:params:scim:schemas:core:2.0:User": { "userName": "Barbara.Doe@example.com" } }
The request is as follows (no authorization header, unauthenticated flow):
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/UserNameRecoverer
Header:
Content-Type: application/json
Authorization: NA
Body:
{ "schemas": ["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameRecoverer"], "email": "myemail@example.com" }
Status: HTTP/1.1 204 No Content
The username is sent to the user's email address.
This section provides the following examples of the group resource:
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Groups?attributes=id,displayName
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "Resources": [ { "displayName": "Group1", "id": "2" }, { "displayName": "SYSTEM ADMINISTRATORS", "id": "3" }, { "displayName": "Group2", "id": "4" }, { "displayName": "Group3", "id": "5" } ] }
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Groups
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group" ], "displayName": "Group33", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": { "email": "group33@example.com", "description": "description1" }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": { "namespace": "Default" } }
Status: HTTP/1.1 201 Created
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group", "urn:ietf:params:scim:schemas:core:2.0:Group" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": { "organizationsPublishedTo": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" } ], "category": { "name": "Default", "value": 1 }, "namespace": "Default", "catalog": { "tags": "Group33 Group33 Default", "requestable": true, "certifiable": false, "id": "151", "categoryName": "Role", "auditable": false, "itemRisk": 3, "hierarchicalDataAvailable": false } }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "description": "description1", "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "owner": { "lastName": "Administrator", "email": "donotreply@example.com", "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "login": "XELSYSADM", "firstName": "System", "displayName": "NEW_NAME" }, "email": "group33@example.com" }, "meta": { "lastModified": "2015-03-11T08:55:57.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/157", "created": "2015-03-11T08:55:57.000-07:00", "resourceType": "Group" }, "displayName": "Group33", "id": "157" }
Operation and URI: PUT http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Groups/157
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group", "urn:ietf:params:scim:schemas:core:2.0:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": { "organizationsPublishedTo": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" } ], "category": { "name": "Default", "value": 1 }, "namespace": "Default" }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": { "description": "description1", "localeNames": [ { "name": "Group_group09_53_11.228163", "locale": "base" } ], "email": "group_new@example.com" }, "displayName": "Group_group09_53_11.228163" }
Status: HTTP/1.1 200 OK
Location: https://
HOST_NAME
:
PORT
/Groups/157
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group", "urn:ietf:params:scim:schemas:core:2.0:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": { "organizationsPublishedTo": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" } ], "category": { "name": "Default", "value": 1 }, "namespace": "Default" }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "description": "description1", "localeNames": [ { "name": "Group_group09_53_11.228163", "locale": "base" } ], "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "owner": { "lastName": "Administrator", "email": "donotreply@example.com", "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "login": "XELSYSADM", "displayName": "System Administrator", "firstName": "System" }, "email": "group_new@example.com" }, "meta": { "lastModified": "2015-01-05T06:59:25.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/157", "created": "2015-01-05T06:55:14.000-08:00", "resourceType": "Group" }, "displayName": "Group_group09_53_11.228163", "id": "157" }
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Groups/153
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"replace" , "path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group:description", "value":"description3" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group", "urn:ietf:params:scim:schemas:core:2.0:Group" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": { "organizationsPublishedTo": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" } ], "category": { "name": "Default", "value": 1 }, "namespace": "Default", "catalog": { "tags": "replace_catalog_requestable_6587843 replace_catalog_requestable_6587843 Default", "requestable": true, "certifiable": false, "id": "147", "categoryName": "Role", "auditable": false, "itemRisk": 3, "hierarchicalDataAvailable": false } }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": { "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "description": "description3", "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "owner": { "lastName": "Administrator", "email": "donotreply@example.com", "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1", "login": "XELSYSADM", "firstName": "System", "displayName": "NEW_NAME" } }, "meta": { "lastModified": "2015-03-11T08:59:16.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Groups/153", "created": "2015-03-11T08:13:11.000-07:00", "resourceType": "Group" }, "displayName": "replace_catalog_requestable_6587843", "id": "153" }
Operation and URI: DELETE http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Groups/153
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Status: HTTP/1.1 204 No Content
This section provides an example of the Remove Role operation using the PATCH operation type. It contains the following topics:
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/iam/governance/scim/v1/Groups/<role_id>
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"remove", "path":"urn:ietf:params:scim:schemas:core:2.0:Group:members", "value":[ { "value":"<usr_key>", "$ref":"http://HOST_NAME:PORT/idaas/im/scim/v1/Users/<usr_key>" } ] } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group", "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group", "urn:ietf:params:scim:schemas:core:2.0:Group" ], "urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": { "namespace": "Default", "organizationsPublishedTo": [ { "value": "3", "$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3" } ], "category": { "name": "Default", "value": 1 }, "ldapDn": "cn=tesrole1,cn=groups,dc=isc,dc=com", "catalog": { "auditable": true, "hierarchicalDataAvailable": false, "id": "101", "requestable": true, "itemRisk": 3, "certifiable": true, "categoryName": "Role", "tags": "tesrole1 tesrole1 Default" } }, "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": { "createBy": { "$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1", "value": "1" }, "owner": { "firstName": "System", "lastName": "Administrator", "displayName": "System Administrator", "login": "XELSYSADM", "value": "1", "$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1", "email": "donotreply@oracle.com" }, "updateBy": { "value": "5", "$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/5" } }, "members": [ { "value": "7002", "$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/7002" } ], "meta": { "created": "2018-11-13T08:48:49.000+05:30", "location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/<role_id>", "lastModified": "2018-11-13T08:53:58.000+05:30", "resourceType": "Group" }, "displayName": "<role name>", "id": "<role_d>" }
This section provides the following examples of the organization resource:
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Organizations/148
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Status: HTTP/1.1 200 OK
Location: https://
HOST_NAME
:
PORT
/Organization/148
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization" ], "parent": { "name": "Top", "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" }, "name": "org_pcu3_1426086587854", "passwordPolicy": { "name": "ppchg_1426086587854", "value": "94" }, "id": "148", "meta": { "lastModified": "2015-03-11T08:16:00.000-07:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/148", "created": "2015-03-11T08:16:00.000-07:00", "resourceType": "Organization" }, "customerType": "Company", "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "enforceNewPasswordPolicy": "Yes", "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "status": "Active", "members": [ { "value": "353", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/353" } ] }
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Organizations
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization" ], "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization": { "name": "organization16_08_50.141529", "customerType": "Branch" } }
Note:
The valid values for thecustomerType
attribute are Branch
, Company
, and Department
.Status: HTTP/1.1 201 Created
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization" ], "parent": { "name": "Top", "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" }, "name": "organization16_08_50.141529", "id": "77", "meta": { "lastModified": "2015-02-06T07:06:46.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/77", "created": "2015-02-06T07:06:46.000-08:00", "resourceType": "Organization" }, "customerType": "Branch", "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "enforceNewPasswordPolicy": "Yes", "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "status": "Active" }
Operation and URI: PUT http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Organizations/77
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization" ], "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization": { "name": "organization16_08_53.883452", "customerType": "Scim2" } }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization" ], "parent": { "name": "Top", "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" }, "name": "organization16_08_53.883452", "id": "77", "meta": { "lastModified": "2015-02-06T07:09:27.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/77", "created": "2015-02-06T07:06:46.000-08:00", "resourceType": "Organization" }, "customerType": "Scim2", "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "enforceNewPasswordPolicy": "Yes", "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "status": "Active" }
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/Organizations/77
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"replace", "path":"customerType", "value":"Scim3" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization" ], "parent": { "name": "Top", "value": "3", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/3" }, "name": "organization16_08_53.883452", "id": "77", "meta": { "lastModified": "2015-02-06T07:13:19.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/Organizations/77", "created": "2015-02-06T07:06:46.000-08:00", "resourceType": "Organization" }, "customerType": "Scim3", "createBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "enforceNewPasswordPolicy": "Yes", "updateBy": { "value": "1", "$ref": "http://HOST_NAME:PORT/idaas/im/scim/v1/Users/1" }, "status": "Active" }
This section provides the following examples of the password policy resource:
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/PasswordPolicies?filter=(urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy:allowedChars co q)&attributes=id,description,name
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 3, "Resources": [ { "id": "2", "name": "pwp1_1423213466123", "description": "1" }, { "id": "6", "name": "pwp_q_3466186", "description": "pwp_q_3466186" }, { "id": "36", "name": "p1214_1423213645161" } ] }
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/PasswordPolicies
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy" ], "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy": { "name":"pwdpol0901258070", "description":"complex password policy for ST org", "passwordWarningAfterInDays": 20, "passwordExpiresAfterInDays": 30, "minPasswordAgeInDays": 10, "userIdDisallowed": "false", "minLength": 3, "maxLength": 8, "firstNameDisallowed": "true", "challengeSource": 1, "challengeMinQuestions": 3, "challengeMinAnswers": 2, "challengeResponseMinLength": 5, "challengeAllowDuplicateResponses": "false", "challengeMaxIncorrectAttempts": 5, "challengeDefaultQuestions": [ { "value": "what is your favorite color" }, { "value": "what is name of your pet" }, { "value": "which is your favorite movie" }, { "value": "which is your favorite sport" } ] } }
Status: HTTP/1.1 201 Created
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy" ], "challengesEnabled": false, "id": "49", "challengeSource": 1, "minLength": 3, "startsWithAlphabet": false, "description": "complex password policy for ST org", "name": "pwdpol0901258070", "complexPolicy": false, "challengeDefaultQuestions": [ { "value": "what is your favorite color" }, { "value": "what is name of your pet" }, { "value": "which is your favorite movie" }, { "value": "which is your favorite sport" } ], "challengeAllAtOnce": true, "minPasswordAgeInDays": 10, "passwordWarningAfterInDays": 20, "challengeResponseMinLength": 5, "userIdDisallowed": false, "maxLength": 8, "challengeMinQuestions": 3, "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/PasswordPolicies/49", "resourceType": "PasswordPolicy" }, "challengeMaxIncorrectAttempts": 5, "challengeMinAnswers": 2, "passwordExpiresAfterInDays": 30, "challengeAllowDuplicateResponses": false, "lastNameDisallowed": false, "firstNameDisallowed": true, "dictionaryDelimiter": "\u0000" }
Operation and URI: PUT http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/PasswordPolicies/49
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy" ], "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy": { "name":"pwdpol0905770857", "description":"complex password policy for ST org", "passwordWarningAfterInDays": 20, "passwordExpiresAfterInDays": 30, "minPasswordAgeInDays": 10, "userIdDisallowed": "false", "minLength": 3, "maxLength": 8, "firstNameDisallowed": "true", "challengeSource": 1, "challengeMinQuestions": 3, "challengeMinAnswers": 2, "challengeResponseMinLength": 5, "challengeAllowDuplicateResponses": "false", "challengeMaxIncorrectAttempts": 5, "challengeDefaultQuestions": [ { "value": "what is your favorite car" }, { "value": "what is name of your truck" }, { "value": "which is your favorite bicycle" }, { "value": "which is your favorite shoe" } ] } }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy" ], "challengesEnabled": false, "id": "49", "challengeSource": 1, "minLength": 3, "startsWithAlphabet": false, "description": "complex password policy for ST org", "name": "pwdpol0905770857", "complexPolicy": false, "challengeDefaultQuestions": [ { "value": "what is your favorite car" }, { "value": "what is name of your truck" }, { "value": "which is your favorite bicycle" }, { "value": "which is your favorite shoe" } ], "challengeAllAtOnce": true, "minPasswordAgeInDays": 10, "passwordWarningAfterInDays": 20, "challengeResponseMinLength": 5, "userIdDisallowed": false, "maxLength": 8, "challengeMinQuestions": 3, "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/PasswordPolicies/49", "resourceType": "PasswordPolicy" }, "challengeMaxIncorrectAttempts": 5, "challengeMinAnswers": 2, "passwordExpiresAfterInDays": 30, "challengeAllowDuplicateResponses": false, "lastNameDisallowed": false, "firstNameDisallowed": true, "dictionaryDelimiter": "\u0000" }
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/PasswordPolicies/49
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"replace", "path":"firstNameDisallowed", "value":"false" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy" ], "challengesEnabled": false, "id": "49", "challengeSource": 1, "minLength": 3, "startsWithAlphabet": false, "description": "complex password policy for ST org", "name": "pwdpol0905770857", "complexPolicy": false, "challengeDefaultQuestions": [ { "value": "what is your favorite car" }, { "value": "what is name of your truck" }, { "value": "which is your favorite bicycle" }, { "value": "which is your favorite shoe" } ], "challengeAllAtOnce": true, "minPasswordAgeInDays": 10, "passwordWarningAfterInDays": 20, "challengeResponseMinLength": 5, "userIdDisallowed": false, "maxLength": 8, "challengeMinQuestions": 3, "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/PasswordPolicies/49", "resourceType": "PasswordPolicy" }, "challengeMaxIncorrectAttempts": 5, "challengeMinAnswers": 2, "passwordExpiresAfterInDays": 30, "challengeAllowDuplicateResponses": false, "lastNameDisallowed": false, "firstNameDisallowed": false, "dictionaryDelimiter": "\u0000" }
This section provides the following examples of the notification template resource:
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/NotificationTemplates?attributes=id,name
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 4, "Resources": [ { "name": "AddProxyNotificationTemplate", "id": "12" }, { "name": "BulkRequestCreation", "id": "6" }, { "name": "CreateUserSelfServiceNotification", "id": "7" }, { "name": "UserDeletedNotificationTemplate", "id": "10" } ] }
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/NotificationTemplates/
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate" ], "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate": { "name":"notificationtemplate16_09_14.724166_1", "eventName":"AddProxy", "description":"myTemplate", "locales": [ { "locale": "dddd", "subject": "Notification for contractors 1", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "shortMessage": "short message1", "longMessage": "long message1" }, { "locale": "eeee", "subject": "Notification for contractors 2", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "shortMessage": "short message2", "longMessage": "long message2" } ] } }
Status: HTTP/1.1 201 Created
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate" ], "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/NotificationTemplates/25", "resourceType": "NotificationTemplate" }, "name": "notificationtemplate16_09_14.724166_1", "eventName": "AddProxy", "locales": [ { "subject": "Notification for contractors 2", "locale": "eeee", "shortMessage": "short message2", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "longMessage": "long message2" }, { "subject": "Notification for contractors 1", "locale": "dddd", "shortMessage": "short message1", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "longMessage": "long message1" } ], "description": "myTemplate", "id": "25" }
Operation and URI: PUT http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/NotificationTemplates/25
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate" ], "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate": { "name":"notificationtemplate16_09_17.742004_2", "eventName":"AddProxy", "description":"Template to notify contractors after password has been reset", "locales": [ { "subject": "Notification for contractors 1", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "shortMessage": "short message1", "longMessage": "long message1", "locale": "ffff" }, { "subject": "Notification for contractors 2", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "shortMessage": "short message2", "longMessage": "long message2", "locale": "gggg" } ] } }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate" ], "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/NotificationTemplates/25", "resourceType": "NotificationTemplate" }, "name": "notificationtemplate16_09_14.724166_1", "eventName": "AddProxy", "locales": [ { "subject": "Notification for contractors 2", "locale": "gggg", "shortMessage": "short message2", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "longMessage": "long message2" }, { "subject": "Notification for contractors 1", "locale": "ffff", "shortMessage": "short message1", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "longMessage": "long message1" } ], "description": "Template to notify contractors after password has been reset", "id": "25" }
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/NotificationTemplates/25
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"replace", "path":"description", "value":"description3" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate" ], "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/NotificationTemplates/25", "resourceType": "NotificationTemplate" }, "name": "notificationtemplate16_09_14.724166_1", "eventName": "AddProxy", "locales": [ { "subject": "Notification for contractors 2", "locale": "gggg", "shortMessage": "short message2", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "longMessage": "long message2" }, { "subject": "Notification for contractors 1", "locale": "ffff", "shortMessage": "short message1", "encoding": "UTF-8", "contentType": "text/html, charset=UTF-8", "longMessage": "long message1" } ], "description": "description3", "id": "25" }
This section provides the following examples of the system property resource:
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/SystemProperties?filter=(name eq AllowDisabledManagers)
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "Resources": [ { "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty" ], "id": "40", "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/SystemProperties/40", "resourceType": "SystemProperty" }, "value": "FALSE", "name": "AllowDisabledManagers", "displayName": "Is disabled manager allowed" } ] }
Operation and URI: PATCH http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/SystemProperties/27
Header:
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:PatchOp" ], "Operations": [ { "op":"replace", "path":"displayName", "value":"new_displayName_for_systemProperty" } ] }
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty" ], "id": "27", "meta": { "lastModified": "2015-02-05T08:44:04.000-08:00", "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/SystemProperties/27", "created": "2015-02-05T08:44:04.000-08:00", "resourceType": "SystemProperty" }, "value": "NONE", "name": "OIM.ChallengeQuestionModificationURL", "displayName": "new_displayName_for_systemProperty" }
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/ServiceProviderConfigs
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "Resources": [ { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig" ], "patch": { "supported": true }, "meta": { "location": "http://HOST_NAME:PORT/idaas/im/scim/v1/ServiceProviderConfigs", "resourceType": "ServiceProviderConfig" }, "bulk": { "maxPayloadSize": 1048576, "supported": false, "maxOperations": 1000 }, "authenticationSchemes": [ { "documentationUrl": "http://HOST_NAME/help/httpBasic.htm", "specUrl": "http://www.ietf.org/rfc/rfc2617.txt", "description": "Authentication Scheme using the Http Basic Standard", "name": "HTTP Basic" } ], "documentationUrl": "http://HOST_NAME", "changePassword": { "supported": true }, "etag": { "supported": false }, "sort": { "supported": true }, "filter": { "supported": true, "maxResults": 200 } } ] }
Operation and URI: GET http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/ResourceTypes?attributes=name
Status: HTTP/1.1 200 OK
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 15, "Resources": [ { "name": "User" }, { "name": "PasswordValidator" }, { "name": "UserNameRecoverer" }, { "name": "Schema" }, { "name": "ServiceProviderConfig" }, { "name": "Organization" }, { "name": "Request" }, { "name": "Group" }, { "name": "PasswordPolicy" }, { "name": "SystemProperty" }, { "name": "NotificationTemplate" }, { "name": "ResourceType" }, { "name": "PasswordResetterWithChallenges" }, { "name": "UserNameValidator" }, { "name": "UserNameGenerator" } ] }
The request is issued with POST [prefix]/.search
, which is an alternate way of searching for resources. Instead of passing parameters on the URL, the request parameters are passed in the POST body, as shown in the following example.
Operation and URI: POST http://
HOST_NAME
:
PORT
/idaas/im/scim/v1/
Users/.search
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Body:
{
"schemas":["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"attributes": [ "id", "userName" ],
"filter": "userType eq \"Employee\" and (emails [type eq \"work\" and value co \"HOST_NAME\"] or name.givenName co \"doe\")",
"startIndex":1,
"count":2,
"sortBy": "userName",
"sortOrder": "ascending"
}
Body:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 2, "itemsPerPage": 2, "startIndex": 1, "Resources": [ { "id": "10", "userName": "John Doe" }, { "id": "89", "userName": "Mary Doe" } ] }
To retrieve the schema supported by Oracle Identity Manager REST service, submit the following SCIM request:
GET /Schemas
SCIM resources are secured by custom Oracle Web Services Manager (OWSM) policy oracle/multi_token_noauth_over_ssl_rest_service_policy
created by default during installation or upgrade of Oracle Identity Manager. This policy cannot be changed.
This policy combines the functionality of OWSM predefined policies oracle/multi_token_rest_service_policy
and oracle/no_authentication_service_policy
. This policy enforces one of the following authentication polices when a token is sent by the client or allows anonymous when no token is supplied:
HTTP Basic
SAML 2.0 Bearer token in HTTP header
HTTP OAM security
SPNEGO over HTTP security
JWT token in HTTP header
See "Using the JSON Web Token Service" for information about JWT service for SCIM and REST services.
See the following sections in the Security and Administrator's Guide for Web Services for more information about the predefined OWSM policies: