20 Using SCIM/REST Services
This chapter describes the SCIM/REST services and REST API usage. It contains the following topics:
Note:
By default, SCIM is configured to run on both HTTP and HTTPs ports. If you want to enable SCIM to run only on HTTPs ports, then perform the steps described in Enabling SCIM to Run Only on HTTPS.20.1 Overview of SCIM/REST Services
Identity REST services are based on the System for Cross-Domain Identity Management (SCIM) protocol.
Oracle Identity Governance SCIM service is available by default with the SCIM schema and IDM extensions, as described in Schema Attributes for the User Resource.
The supported schema can be retrieved, as described in Retrieving Schemas.
When you deploy Oracle Identity Governance, SCIM is deployed by default as a web application on the Oracle Identity Governance server.
SCIM implementation in Oracle Identity Governance follows draft-ietf-scim-api-13 and draft-ietf-scim-core-schema-13. For information about IETF drafts, refer to the following URL:
20.2 Supported Resources and Operations
SCIM-based APIs used for the supported operations are available for various resources, such as User, Organization, Password Policy, and System Property.
Table 20-1 lists SCIM-based APIs used for the supported operations in Oracle Identity Governance.
Table 20-1 SCIM-Based APIs and Supported Operations
| Resource | Endpoint | Operation | Schema URL | Description |
|---|---|---|---|---|
|
User |
/Users |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:core:2.0:User urn:ietf:params:scim:schemas:extension:enterprise:2.0:User urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User |
Get/Add/Modify/Disable/Enable/Lock/Unlock/Delete Users - identity.usermgmt.api.UserManager |
|
User |
/Me |
GET, POST, PUT, PATCH |
urn:ietf:params:scim:schemas:core:2.0:User urn:ietf:params:scim:schemas:extension:enterprise:2.0:User urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User |
Get/Modify My Profile, Change My Password, Change My Challenge Responses -, selfservice.self.selfmgmt.api.AuthenticatedSelfService Self Registration - via UnauthenticatedSelfService |
|
PasswordResetterWithChallenges |
/PasswordResetterWithChallenges |
POST |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordResetterWithChallenges |
|
|
PasswordValidator |
/PasswordValidator |
POST |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordValidator |
|
|
UserNameGenerator |
/UserNameGenerator |
POST |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameGenerator |
|
|
UserNameRecoverer |
/UserNameRecoverer |
POST |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameRecoverer |
|
|
UserNameValidator |
/UserNameValidator |
POST |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameValidator |
|
|
Group |
/Groups |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:core:2.0:Group urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group |
Get/Add/Modify/SetUserMembershipRule/Delete Groups - identity.rolemgmt.api.RoleManager |
|
Organization |
/Organizations |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization |
Get/Add/Modify/SetUserMembershipRule/Delete Organizations - identity.orgmgmt.api.OrganizationManager |
|
Password Policy |
/PasswordPolicies |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy |
Get/Add/Modify/Delete Password Policies - passwordmgmt.api.PasswordMgmtService |
|
Notification Template |
/NotificationTemplates |
GET, POST, PUT, PATCH, DELETE |
urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate |
Get/Add/Modify/Delete Notification Templates - notification.api.NotificationService |
|
System Property |
/SystemProperties |
GET, PATCH |
urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty |
Get/Modify System Property - config.api.SystemConfigurationService |
|
Service Provider Configuration Schema |
/ServiceProviderConfigs |
GET |
urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig |
Get the service provider's configuration |
|
Resource Type |
/ResourceTypes |
GET |
urn:ietf:params:scim:schemas:core:2.0:ResourceType |
Get the resource type's configuration |
|
Schema |
/Schemas |
GET |
urn:ietf:params:scim:schemas:core:2.0:Schema urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Schema |
Get a resource's schema |
|
Search |
[prefix]/.search |
POST |
NA |
Perform search at system root or with in a resource endpoint for one or more resource types using POST |
20.3 Resource Schema
Understand the resource schema and the schema attributes of the supported resources.
This section describes the resource schema and lists the schema attributes of the supported resources. It contains the following topics:
20.3.1 Introduction to Resource Schema
Understand the supported SCIM attributes, types of SCIM schema attributes, and mutability.
The resource schema tables listed in this section show the supported SCIM attributes. All SCIM resource types and schema extensions are identified by the following URI in both JSON requests and responses:
urn:oracle:scim:schemas:idm:2.0:RESOURCE_TYPE
All SCIM resources, such as users, groups, and organizations, include the following types of SCIM schema attributes:
-
SVA: Single-valued attribute
-
MVA: Multi-valued attribute.
-
CSVA: Complex single-valued attribute
-
CMVA: Complex multi-valued attribute.
SCIM user schema supports CMVA, such as email address, where each value can have subattributes, such as personal email address, work email address, and other email address, and value. As Oracle Identity Governance does not support CMVA, Oracle Identity Governance SCIM/REST API also does not support them, except where they can be mapped to existing Oracle Identity Governance user schema attributes. If a request is made that includes a complex SCIM attribute that is not supported by the Oracle Identity Governance SCIM/REST, then an error is returned in the REST response indicating the same.
Mutability is the way a given attribute is accessed. The possible mutability values are:
-
Read-only (RO): Allows create and read/search operations
-
WO: Allows create but not read/search operations
-
RW: Allows create as well as read/search operations
20.3.2 Schema Attributes for the User Resource
Understand the schema attributes for the User resource, which includes user schema attributes, enterprise user schema attributes, IDM common user schema attributes, and OIG user schema extension attributes.
This section describes the schema attributes for the User resource. It contains the following topics:
20.3.2.1 User Schema Attributes
Note:
Accounts and entitlements are not supported by Oracle Identity Governance SCIM services.
Table 20-2 urn:ietf:params:scim:schemas:core:2.0:User
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
userName |
SVA |
String |
Y |
RW |
|
name.formatted |
SVA |
String |
N |
RW |
|
name.familyName |
SVA |
String |
N |
RW |
|
name.givenName |
SVA |
String |
N |
RW |
|
name.middleName |
SVA |
String |
N |
RW |
|
name.honorificPrefix |
SVA |
String |
N |
RW |
|
name.honorificSuffix |
SVA |
String |
N |
RW |
|
displayName |
SVA |
String |
N |
RW |
|
nickName |
SVA |
String |
N |
RW |
|
profileUrl |
SVA |
String |
N |
RW |
|
title |
SVA |
String |
N |
RW |
|
title |
SVA |
String |
N |
RW |
|
userType |
SVA |
String |
N |
RW |
|
preferredLanguage |
SVA |
String |
N |
RW |
|
timezone |
SVA |
String |
N |
RW |
|
locale |
SVA |
String |
N |
RW |
|
active |
SVA |
Boolean |
N |
RW |
|
password |
SVA |
String |
N |
WO |
|
emails |
CMVA |
NA |
N |
RW |
|
emails[work].value |
SVA |
String |
N |
RW |
|
emails[<type>].primary |
SVA |
String |
N |
RW |
|
phoneNumbers |
CMVA |
NA |
N |
RW |
|
phoneNumbers.type |
SVA |
String |
N |
RW |
|
phoneNumbers[work].value |
SVA |
String |
N |
RW |
|
phoneNumbers[home].value |
SVA |
String |
N |
RW |
|
phoneNumbers[mobile].value |
SVA |
String |
N |
RW |
|
phoneNumber[fax].value |
SVA |
String |
N |
RW |
|
phoneNumber[pager].value |
SVA |
String |
N |
RW |
|
phoneNumber[other].value |
SVA |
String |
N |
RW |
|
ims |
CMVA |
NA |
N |
RW |
|
photos |
CMVA |
NA |
N |
RW |
|
addresses |
CMVA |
NA |
N |
RW |
|
addresses.type |
SVA |
String |
N |
RW |
|
addresses[<type>].primary |
SVA |
String |
N |
RW |
|
addresses[work].formatted |
SVA |
String |
N |
RW |
|
addresses[home].formatted |
SVA |
String |
N |
RW |
|
addresses[work].streetAddress |
SVA |
String |
N |
RW |
|
addresses[work].locality |
SVA |
String |
N |
RW |
|
addresses[work].region |
SVA |
String |
N |
RW |
|
addresses[work].postalCode |
SVA |
String |
N |
RW |
|
addresses[work].country |
SVA |
String |
N |
RW |
|
groups |
CMVA |
NA |
N |
RO |
|
groups.value |
SVA |
String |
N |
RO |
|
groups.$ref |
SVA |
String |
N |
RO |
|
groups.type |
SVA |
String |
N |
RO |
|
entitlements |
SMVA |
String |
N |
RW |
|
roles |
SMVA |
String |
N |
RW |
|
x509Certificates |
SMVA |
String |
N |
RW |
20.3.2.2 Enterprise User Schema Attributes
Table 20-3 lists the SCIM enterprise user schema attributes.
Table 20-3 urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
employeeNumber |
SVA |
String |
N |
RW |
|
costCenter |
SVA |
String |
N |
RW |
|
organization |
SVA |
String |
N |
RO |
|
division |
SVA |
String |
N |
RW |
|
department |
SVA |
String |
N |
RW |
|
manager.value |
SVA |
String |
N |
RW |
|
manager.$ref |
SVA |
String |
N |
RW |
|
manager.displayName |
SVA |
String |
N |
RO |
20.3.2.3 IDM Common User Schema Extension Attributes
Table 20-4lists the SCIM IDM common user schema extension attributes.
Table 20-4 urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
createBy.value |
SVA |
String |
N |
RO |
|
createBy.$ref |
SVA |
String |
N |
RO |
|
updateBy.value |
SVA |
String |
N |
RO |
|
updateBy.$ref |
SVA |
String |
N |
RO |
|
passwd |
CSVA |
|||
|
passwd.value |
SVA |
String |
N |
WO |
|
passwd.oldValue |
SVA |
String |
N |
WO |
|
passwd.sendNotification |
SVA |
String |
N |
WO |
|
passwd.sendNotificationTo |
SVA |
String |
N |
WO |
|
passwordMustChange |
SVA |
String |
N |
RO |
|
passwordExpireDate |
SVA |
String |
N |
RO |
|
locked.value |
SVA |
String |
N |
RW |
|
locked.duration |
SVA |
String |
N |
RW |
|
locked.reason |
SVA |
String |
N |
RO |
|
locked.on |
SVA |
String |
N |
RO |
|
challenges |
CMVA |
NA |
N |
RW |
|
challenges.challenge |
SVA |
String |
N |
RW |
|
challenges.response |
SVA |
String |
N |
RW |
20.3.2.4 OIG User Schema Extension Attributes
Table 20-5 lists the Oracle Identity Governance (OIG) user schema extension attributes.
Table 20-5 urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
dataLevel |
SVA |
String |
N |
RO |
|
disabled |
SVA |
String |
N |
RO |
|
passwordCreateDate |
SVA |
Date |
N |
RO |
|
passwordCantChange |
SVA |
String |
N |
RO |
|
passwordNeverExpires |
SVA |
String |
N |
RO |
|
passwordIsExpired |
SVA |
String |
N |
RO |
|
passwordWarnDate |
SVA |
Date |
N |
RO |
|
lastSuccessfulLoginDate |
SVA |
Date |
N |
RO |
|
lastFailedLoginDate |
SVA |
Date |
N |
RO |
|
hireDate |
SVA |
Date |
N |
RW |
|
startDate |
SVA |
Date |
N |
RW |
|
endDate |
SVA |
Date |
N |
RW |
|
provisioningDate |
SVA |
Date |
N |
RW |
|
provisionedDate |
SVA |
Date |
N |
RO |
|
deprovisioningDate |
SVA |
Date |
N |
RW |
|
deprovisionedDate |
SVA |
Date |
N |
RO |
|
automaticallyDeleteOn |
SVA |
Date |
N |
RO |
|
userLoginAttemptsCounter |
SVA |
Int |
N |
RO |
|
userPasswordResetAttemptsCounter |
SVA |
Int |
N |
RO |
|
userMustChangePasswordAtNextLogin |
SVA |
String |
N |
RO |
|
userPasswordMinAgeDate |
SVA |
Date |
N |
RO |
|
description |
SVA |
String |
N |
RW |
|
ldapCommonName |
SVA |
String |
N |
RW |
|
ldapCommonNameGenerated |
SVA |
String |
N |
RW |
|
ldapOrganization |
SVA |
String |
N |
RW |
|
ldapOrganizationalUnit |
SVA |
String |
N |
RW |
|
ldapDn |
SVA |
String |
N |
RW |
|
ldapGuid |
SVA |
String |
N |
RW |
|
poBox |
SVA |
String |
N |
RW |
|
jobCode |
SVA |
String |
N |
RW |
|
officeName |
SVA |
String |
N |
RW |
|
initials |
SVA |
String |
N |
RW |
|
faLanguage |
SVA |
String |
N |
RW |
|
faTerritory |
SVA |
String |
N |
RW |
|
embeddedHelp |
SVA |
String |
N |
RW |
|
fontSize |
SVA |
String |
N |
RW |
|
colorContrast |
SVA |
String |
N |
RW |
|
accessibilityMode |
SVA |
String |
N |
RW |
|
numberFormat |
SVA |
String |
N |
RW |
|
dateFormat |
SVA |
String |
N |
RW |
|
timeFormat |
SVA |
String |
N |
RW |
|
currency |
SVA |
String |
N |
RW |
|
summaryRisk |
SVA |
String |
N |
RO |
|
hasHighRiskRole |
SVA |
String |
N |
RO |
|
hasHighRiskResource |
SVA |
String |
N |
RO |
|
hasHighRiskEntitlement |
SVA |
String |
N |
RO |
|
hasHighRiskProvisioningMethod |
SVA |
String |
N |
RO |
|
hasHighRiskOpenSod |
SVA |
String |
N |
RO |
|
hasHighRiskLastCert |
SVA |
String |
N |
RO |
|
roleSummaryRisk |
SVA |
String |
N |
RO |
|
accountSummaryRisk |
SVA |
String |
N |
RO |
|
entitlementSummaryRisk |
SVA |
String |
N |
RO |
|
riskUpdateDate |
SVA |
String |
N |
RO |
|
homeOrganization |
CSVA |
NA |
N |
RW |
|
homeOrganization.value |
SVA |
String |
N |
RW |
|
homeOrganization.$ref |
SVA |
String |
N |
RO |
|
Organizations |
CMVA |
NA |
N |
RO |
|
organizations.value |
SVA |
String |
N |
RO |
|
organizations.$ref |
SVA |
String |
N |
RO |
|
passwordPolicyDescription |
SVA |
String |
N |
RO |
|
requestId |
SVA |
String |
N |
RO |
20.3.3 Schema Attributes for the PasswordResetterWithChallenges Resource
Understand the IDM PasswordResetterWithChallenges user schema attributes.
Table 20-6 lists the IDM PasswordResetterWithChallenges user schema attributes.
Table 20-6 urn:ietf:params:scim:schemas:oracle:core:2.0:PasswordResetterWithChallenges
| SCIM Attributes | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
userName |
SVA |
String |
Y |
WO |
|
Challenges |
CMVA |
NA |
Y |
WO |
|
challenges.challenge |
SVA |
String |
Y |
WO |
|
challenges.response |
SVA |
String |
Y |
WO |
|
password |
SVA |
String |
Y |
WO |
20.3.4 Schema Attributes for the PasswordValidator Resource
Understand the IDM PasswordValidator schema attributes.
Table 20-7 lists the IDM PasswordValidator schema attributes.
Table 20-7 urn:ietf:params:scim:schemas:oracle:core:2.0:PasswordValidator
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
userRef |
SVA |
String |
Y |
WO |
|
password |
SVA |
String |
Y |
WO |
20.3.5 Schema Attributes for the UserNameValidator Resource
Understand the IDM UserNameValidator schema attributes.
Table 20-8 lists the IDM UserNameValidator schema attributes.
Table 20-8 urn:ietf:params:scim:schemas:oracle:core:2.0:UserNameValidator
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
userName |
SVA |
String |
Y |
WO |
20.3.6 Schema Attributes for the UserNameGenerator Resource
Understand the IDM UserNameGenerator schema attributes.
Table 20-9 lists the IDM UserNameGenerator schema attributes.
Table 20-9 urn:ietf:params:scim:schemas:oracle:core:2.0:UserNameGenerator
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
name |
CSVA |
NA |
Y |
WO |
|
name.formatted |
SVA |
String |
Y |
WO |
|
name.familyName |
SVA |
String |
Y |
WO |
|
name.givenName |
SVA |
String |
Y |
WO |
|
name.middleName |
SVA |
String |
Y |
WO |
|
name.honorificSuffix |
SVA |
String |
Y |
WO |
20.3.7 Schema Attributes for the UserNameRecoverer Resource
Understand the IDM UserNameRecoverer schema attributes.
Table 20-10 lists the IDM UserNameRecoverer schema attributes.
Table 20-10 urn:ietf:params:scim:schemas:oracle:core:2.0:UserNameRecoverer
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
|
SVA |
String |
Y |
WO |
20.3.8 Schema Attributes for the Group Resource
Understand the schema attributes of the Group resource, which includes group schema attributes, IDM common group schema extension attributes, and OIG group schema extension attributes.
This section describes the schema attributes for the Group resource. It contains the following topics:
20.3.8.1 Group Schema Attributes
Table 20-11 lists the SCIM group schema attributes.
Table 20-11 urn:ietf:params:scim:schemas:core:2.0:Group
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
displayName |
SVA |
String |
Y |
RW |
|
members |
CMVA |
NA |
N |
|
|
members.value |
SVA |
String |
N |
RW |
|
members .$ref |
SVA |
String |
N |
RW |
20.3.8.2 IDM Common Group Schema Extension Attributes
Table 20-12 lists the IDM common group schema extension attributes.
Table 20-12 urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group
| SCIM Attributes | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
createBy.value |
SVA |
String |
N |
RO |
|
createBy.$ref |
SVA |
String |
N |
RO |
|
updateBy.value |
SVA |
String |
N |
RO |
|
updateBy.$ref |
SVA |
String |
N |
RO |
|
|
SVA |
String |
N |
RW |
|
description |
SVA |
String |
N |
RW |
|
owner |
CSVA |
NA |
N |
RW |
|
owner.value |
SVA |
String |
N |
RW |
|
owner.$ref |
SVA |
String |
N |
RO |
|
owner.firstName |
SVA |
String |
N |
RO |
|
owner.lastName |
SVA |
String |
N |
RO |
|
owner.displayName |
SVA |
String |
N |
RO |
|
owner.email |
SVA |
String |
N |
RO |
|
owner.login |
SVA |
String |
N |
RO |
20.3.8.3 OIG Group Schema Extension Attributes
Table 20-13 lists the OIG group schema extension attributes.
Table 20-13 urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
dataLevel |
SVA |
String |
N |
RO |
|
namespace |
SVA |
String |
N |
RW |
|
category |
CSVA |
NA |
N |
RW |
|
category.value |
SVA |
String |
N |
RW |
|
category.name |
SVA |
String |
N |
RO |
|
ldapGuid |
SVA |
String |
N |
RO |
|
ldapDn |
SVA |
String |
N |
RO |
|
requestId |
SVA |
String |
N |
RO |
|
accessPolicies.value |
MVA |
String |
N |
RW |
|
organizationsPublishedTo |
CMVA |
NA |
N |
RW |
|
organizationsPublishedTo.value |
SVA |
String |
N |
RW |
|
organizationsPublishedTo.$ref |
SVA |
String |
N |
RO |
|
catalog |
CSVA |
NA |
N |
RW |
|
catalog.id |
SVA |
String |
N |
RO |
|
catalog.categoryName |
SVA |
String |
N |
RW |
|
catalog.auditObjectives |
SVA |
String |
N |
RW |
|
catalog.itemRisk |
SVA |
Integer |
N |
RW |
|
catalog.userDefinedTags |
SVA |
String |
N |
RW |
|
catalog.certifiable |
SVA |
Boolean |
N |
RW |
|
catalog.auditable |
SVA |
Boolean |
N |
RW |
|
catalog.requestable |
SVA |
Boolean |
N |
RW |
|
catalog.tags |
SVA |
String |
N |
RO |
|
catalog.hierarchicalDataAvailable |
SVA |
Boolean |
N |
RO |
|
catalogApproverUser.value |
SVA |
String |
N |
RW |
|
catalogApproverUser.$ref |
SVA |
Reference |
N |
RW |
|
catalogApproverRole.value |
SVA |
String |
N |
RW |
|
catalogApproverRole.$ref |
SVA |
Reference |
N |
RW |
|
catalogCertifierUser.value |
SVA |
String |
N |
RW |
|
catalogCertifierUser.$ref |
SVA |
Reference |
N |
RW |
|
catalogCertifierRole.value |
SVA |
String |
N |
RW |
|
catalogCertifierRole.$ref |
SVA |
Reference |
N |
RW |
|
catalogFulfillmentUser.value |
SVA |
String |
N |
RW |
|
catalogFulfillmentUser.$ref |
SVA |
Reference |
N |
RW |
|
catalogFulfillmentRole.value |
SVA |
String |
N |
RW |
|
catalogFulfillmentRole.$ref |
SVA |
Reference |
N |
RW |
|
catalogAttributes |
CMVA |
NA |
N |
RW |
|
catalogAttributes.name |
SVA |
String |
N |
RW |
|
catalogAttributes.value |
SVA |
String |
N |
RW |
|
catalogAttributes.udf |
SVA |
Boolean |
N |
RW |
|
catalogAttributes.description |
SVA |
String |
N |
RW |
|
catalogAttributes.searchable |
SVA |
Boolean |
N |
RW |
|
catalogAttributes.sortable |
SVA |
Boolean |
N |
RW |
|
catalogAttributes.certifiable |
SVA |
Boolean |
N |
RW |
|
catalogAttributes.datatype |
SVA |
String |
N |
RO |
|
userMembershipRule |
CSVA |
NA |
N |
RW |
|
userMembershipRule.value |
SVA |
String |
N |
RW |
|
userMembershipRule.evaluate |
SVA |
Boolean |
N |
WO |
20.3.9 Schema Attributes for the Organization Resource
Understand the OIG organization schema attributes.
Table 20-14 lists the OIG organization schema attributes.
Table 20-14 urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
createBy.value |
SVA |
String |
N |
RO |
|
createBy.$ref |
SVA |
String |
N |
RO |
|
updateBy.value |
SVA |
String |
N |
RO |
|
updateBy.$ref |
SVA |
String |
N |
RO |
|
dataLevel |
SVA |
String |
N |
RO |
|
name |
SVA |
String |
N |
RW |
|
customerType |
SVA |
String |
N |
RW |
|
status |
SVA |
String |
N |
RW |
|
disabled |
SVA |
String |
N |
RW |
|
parent |
CSVA |
NA |
N |
RW |
|
parent.value |
SVA |
String |
N |
RW |
|
parent.$ref |
SVA |
String |
N |
RO |
|
parent.name |
SVA |
String |
N |
RO |
|
passwordPolicy |
CSVA |
NA |
N |
RW |
|
passwordPolicy.value |
SVA |
String |
N |
RW |
|
passwordPolicy.$ref |
SVA |
String |
N |
RO |
|
passwordPolicy.name |
SVA |
String |
N |
RO |
|
certifierUser |
CSVA |
NA |
N |
RW |
|
certifierUser.value |
SVA |
String |
N |
RW |
|
certifierUser.$ref |
SVA |
String |
N |
RO |
|
certifierUser.login |
SVA |
String |
N |
RO |
|
enforceNewPasswordPolicy |
SVA |
String |
N |
RW |
|
userMembershipRule |
CSVA |
NA |
N |
RW |
|
userMembershipRule.value |
SVA |
String |
N |
RW |
|
userMembershipRule.evaluate |
SVA |
String |
N |
WO |
|
members |
CMVA |
NA |
N |
RO |
|
members.value |
SVA |
String |
N |
RO |
|
members.$ref |
SVA |
String |
N |
RO |
|
childOrganizations |
CSVA |
NA |
N |
RO |
|
childOrganizations.value |
SVA |
String |
N |
RO |
|
childOrganizations.$ref |
SVA |
Reference |
N |
RO |
20.3.10 Schema Attributes for the Password Policy Resource
Understand the IDM password policy schema attributes.
Table 20-15 lists the IDM password policy schema attributes.
Table 20-15 urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
name |
SVA |
String |
N |
RW |
|
description |
SVA |
String |
N |
RW |
|
maxLength |
SVA |
String |
N |
RW |
|
minLength |
SVA |
String |
N |
RW |
|
minAlphas |
SVA |
String |
N |
RW |
|
minNumerals |
SVA |
String |
N |
RW |
|
minAlphaNumerals |
SVA |
String |
N |
RW |
|
minSpecialChars |
SVA |
String |
N |
RW |
|
maxSpecialChars |
SVA |
String |
N |
RW |
|
minUpperCase |
SVA |
String |
N |
RW |
|
minLowerCase |
SVA |
String |
N |
RW |
|
minUniqueChars |
SVA |
String |
N |
RW |
|
maxRepeatedChars |
SVA |
String |
N |
RW |
|
startsWithAlphabet |
SVA |
String |
N |
RW |
|
minUnicodeChars |
SVA |
String |
N |
RW |
|
maxUnicodeChars |
SVA |
String |
N |
RW |
|
firstNameDisallowed |
SVA |
String |
N |
RW |
|
lastNameDisallowed |
SVA |
String |
N |
RW |
|
userIdDisallowed |
SVA |
String |
N |
RW |
|
minPasswordAgeInDays |
SVA |
String |
N |
RW |
|
passwordWarningAfterInDays |
SVA |
String |
N |
RW |
|
passwordExpiresAfterInDays |
SVA |
String |
N |
RW |
|
requiredChars |
SVA |
String |
N |
RW |
|
disallowedChars |
SVA |
String |
N |
RW |
|
allowedChars |
SVA |
String |
N |
RW |
|
disallowedSubstrings |
SVA |
String |
N |
RW |
|
dictionaryLocation |
SVA |
String |
N |
RW |
|
dictionaryDelimiter |
SVA |
String |
N |
RW |
|
numPasswordsInHistory |
SVA |
String |
N |
RW |
|
maxIncorrectAttempts |
SVA |
String |
N |
RW |
|
lockoutDuration |
SVA |
String |
N |
RW |
|
complexPolicy |
SVA |
String |
N |
RW |
|
challengesEnabled |
SVA |
String |
N |
RW |
|
challengeSource |
SVA |
String |
N |
RW |
|
challengeDefaultQuestions.value |
SVA |
String |
N |
RW |
|
challengeMinQuestions |
SVA |
String |
N |
RW |
|
challengeMinAnswers |
SVA |
String |
N |
RW |
|
challengeAllAtOnce |
SVA |
String |
N |
RW |
|
challengeResponseMinLength |
SVA |
String |
N |
RW |
|
challengeAllowDuplicateResponses |
SVA |
String |
N |
RW |
|
challengeMaxIncorrectAttempts |
SVA |
String |
N |
RW |
20.3.11 Schema Attributes for the Notification Template Resource
Understand the OIG notification template schema attributes.
Table 20-16 lists the OIG notification template schema attributes.
Table 20-16 urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
name |
SVA |
String |
Y |
RW |
|
eventName |
SVA |
String |
Y |
RW |
|
description |
SVA |
String |
N |
RW |
|
locales |
CMVA |
NA |
N |
RW |
|
locales.locale |
SVA |
String |
Y |
RW |
|
locales.encoding |
SVA |
String |
Y |
RW |
|
locales .subject |
SVA |
String |
Y |
RW |
|
locales .contentType |
SVA |
String |
Y |
RW |
|
locales.shortMessage |
SVA |
String |
N |
RW |
|
locales.longMessage |
SVA |
String |
Y |
RW |
20.3.12 Schema Attributes for the System Property Resource
Understand the OIG system property schema attributes.
Table 20-17 lists the OIG system property schema attributes.
Table 20-17 urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
name |
SVA |
String |
Y |
RW |
|
displayName |
SVA |
String |
N |
RW |
|
value |
SVA |
String |
N |
RW |
20.3.13 Schema Attributes for the Service Provider Configuration Schema Resource
Understand the SCIM service provider configuration schema attributes.
Table 20-18 lists the SCIM service provider configuration schema attributes.
Table 20-18 urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
documentationUrl |
SVA |
String |
N |
RO |
|
patch.supported |
SVA |
Boolean |
N |
RO |
|
bulk.supported |
SVA |
Boolean |
N |
RO |
|
bulk.maxOperations |
SVA |
Integer |
N |
RO |
|
bulk.maxPayloadSize |
SVA |
Integer |
N |
RO |
|
filter.supported |
SVA |
Boolean |
N |
RO |
|
filter.maxResults |
SVA |
Integer |
N |
RO |
|
changePassword.supported |
SVA |
Boolean |
N |
RO |
|
sort.supported |
SVA |
Boolean |
N |
RO |
|
Etag.supported |
SVA |
Boolean |
N |
RO |
|
authenticationSchemes.name |
SVA |
String |
N |
RO |
|
authenticationSchemes.description |
SVA |
String |
N |
RO |
|
authenticationSchemes.specUrl |
SVA |
String |
N |
RO |
|
authenticationSchemes.documentationUrl |
SVA |
String |
N |
RO |
20.3.14 Schema Attributes for the Resource Type Resource
Understand the SCIM resource type schema attributes.
Table 20-19 lists the SCIM resource type schema attributes.
Table 20-19 urn:ietf:params:scim:schemas:core:2.0:ResourceType
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
name |
SVA |
String |
N |
RO |
|
description |
SVA |
String |
N |
RO |
|
endpoint |
SVA |
String |
N |
RO |
|
schema |
SVA |
String |
N |
RO |
|
schemaExtensions.schema |
SVA |
String |
N |
RO |
|
schemaExtensions.required |
SVA |
Boolean |
N |
RO |
20.3.15 Schema Attributes for the Schema Resource
Understand the schema attributes of the Schema resource, which includes SCIM schema attributes and OIG schema extension attributes.
This section describes the schema attributes of the Schema resource. It contains the following topics:
20.3.15.1 SCIM Schema Attributes
Table 20-20 lists the attributes of the SCIM schema.
Table 20-20 urn:ietf:params:scim:schemas:core:2.0:Schema
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
id |
SVA |
String |
N |
RO |
|
name |
SVA |
String |
N |
RO |
|
description |
SVA |
String |
N |
RO |
|
attributes.name |
SVA |
String |
N |
RO |
|
attributes.type |
SVA |
String |
N |
RO |
|
attributes.multiValued |
SVA |
String |
N |
RO |
|
attributes.description |
SVA |
String |
N |
RO |
|
attributes.readOnly |
SVA |
Boolean |
N |
RO |
|
attributes.required |
SVA |
Boolean |
N |
RO |
|
attributes.mutability |
SVA |
String |
N |
RO |
|
attributes.returned |
SVA |
String |
N |
RO |
|
attributes.uniqueness |
SVA |
String |
N |
RO |
|
attributes.caseExact |
SVA |
Boolean |
N |
RO |
20.3.15.2 OIG Schema Extension Attributes
Table 20-21 lists the schema extension attribute of the OIG schema.
Table 20-21 urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Schema
| SCIM Attribute | Attribute Type | Data Type | Required | Mutability |
|---|---|---|---|---|
|
attributes.indexes |
SVA |
String |
N |
RO |
20.4 Operation Types
The supported operation types are GET, POST, PUT, PATCH, and DELETE.
The following operation types are supported:
-
GET: Retrieves one or more complete or partial resources.
-
POST: Creates new resources or creates search requests, depending on the endpoint.
-
PUT: Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT must not be used to create new resources.
-
PATCH: Modifies a resource with a set of client-specified changes (partial updates).
-
DELETE: Deletes a resource.
For more information about operation types, refer to the following URL:
20.5 HTTP Response Codes
In addition to returning a HTTP response code, Identity REST services return the errors in the body of the response with error code and descriptions.
This section lists the error codes, success codes, and their meaning. It contains the following topics:
20.5.1 Error Codes
Understand the error conditions, HTTP return codes, and their meanings.
Table 20-22 lists the error codes and their meaning.
Table 20-22 Error Codes and Meaning
| Error Condition | HTTP Return Code | Meaning |
|---|---|---|
|
Not able to parse input, input does not match required entities, or validation failures |
400 |
Bad Request: validation failures, schema violations |
|
Requested resource not found |
404 |
Not found ADDITIONAL_INFORMATION_INDICATING_NOT_FOUND_OBJECT |
|
User not authorized to execute service |
401 |
Unauthorized |
|
Requested method not supported |
501 |
Method not allowed |
|
Client does not accept produced content type |
406 |
Not acceptable |
|
Incorrect request parameter semantics |
422 |
Unprocessable Entity. ADDITIONAL_INFORMATION_ON_NATURE_OF_ERROR |
|
Client media type unsupported |
415 |
Unsupported media type |
|
Failed Dependency |
424 |
Failed Dependency. ADDITIONAL_INFORMATION_ON_FAILED_DEPENDENCY |
|
Generic server failure |
500 |
Internal server error |
|
conflict |
409 |
The specified version number does not match, or the resource's latest version number or a service provider refused to create a new, duplicate resource |
|
precondition failed |
412 |
Failed to update as resource ID changed on the server last retrieved |
|
forbidden |
403 |
Server does not support requested operation on a given resource |
20.5.2 Success Codes
Understand the HTTP return codes for successful operations and their meanings.
Table 20-23 lists the success codes and their meaning.
Table 20-23 Success Codes and Meaning
| HTTP Return Code | Meaning |
|---|---|
|
200 |
Processed successfully. |
|
201 |
The request has been fulfilled and resulted in a new resource being created. |
|
204 |
The server has fulfilled the request but does not return a response body. |
20.6 SCIM-Based API Examples
SCIM-based API usage is available for various types of operations, such as self service, entity management, and system property management.
This section provides the following examples for SCIM-based API usage:
Note:
You can use user defined fields (UDFs) in SCIM requests. After UDFs are created in Oracle Identity Governance, they automatically appear in SCIM resources as regular attributes. There is no difference in the requests and responses with regular attributes.
20.6.1 User Management
Understand SCIM-based API usage examples for the User resource.
This section provides the following examples of the User resource:
20.6.1.1 Create User
This section provides an example of the request and response of the Create User operation using the POST operation type. It contains the following topics:
20.6.1.1.1 Create User Request
The request for the Create User operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/Users
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User"
],
"userName": "bjensen@example.com",
"name": {
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificSuffix": "III"
},
"displayName": "Babs Jensen",
"profileUrl": "https://HOST_NAME:PORT/bjensen",
"emails":
[
{
"value": "bjensen@example.com",
"type": "work"
}
],
"addresses": [
{
"type": "work",
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "USA",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA"
},
{
"type": "home",
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA"
}
],
"phoneNumbers": [
{
"value": "555-555-5555",
"type": "work"
},
{
"value": "555-555-4444",
"type": "mobile"
}
],
"userType": "Contractor",
"title": "Tour Guide",
"preferredLanguage":"en-US",
"locale": "en-US",
"timezone": "America/Los_Angeles",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":
{
"employeeNumber": "701984",
"costCenter": "4130",
"division": "Theme Park",
"department": "Tour Operations",
"manager":
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
}
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User":
{
"homeOrganization":
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
}
}
}
20.6.1.1.2 Create User Response
The response for the Create User operation consists of:
Status: HTTP/1.1 201 Created
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": {
"userLoginAttemptsCounter": 0,
"passwordIsExpired": "0",
"ldapCommonNameGenerated": 0,
"userPasswordResetAttemptsCounter": 0,
"passwordWarnDate": "2015-04-29T03:24:16.000-07:00",
"homeOrganization": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
},
"passwordCreateDate": "2015-01-06T03:24:16.000-08:00",
"provisionedDate": "2015-01-06T03:24:16.000-08:00",
"passwordPolicyDescription": [],
"userMustChangePasswordAtNextLogin": "1",
"disabled": false,
"organizations": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1",
"display": "Xellerate Users"
}
]
},
"displayName": "Babs Jensen",
"id": "145",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"passwordExpireDate": "2015-05-06T03:24:16.000-07:00",
"locked": {
"duration": 0,
"value": "0",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/0"
}
},
"userName": "BJENSEN@EXAMPLE.COM",
"emails": [
{
"value": "bjensen@example.com",
"type": "work"
}
],
"active": true,
"userType": "Contractor",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"manager": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance//v1/Users/1",
"displayName": "new display"
},
"department": "Tour Operations",
"organization": "Xellerate Users"
},
"preferredLanguage": "en-US",
"phoneNumbers": [
{
"value": "555-555-4444",
"type": "mobile"
},
{
"value": "555-555-5555",
"type": "work"
}
],
"name": {
"middleName": "Jane",
"familyName": "Jensen",
"givenName": "Barbara",
"honorificSuffix": "III"
},
"addresses": [
{
"region": "CA",
"streetAddress": "100 Universal City Plaza",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"postalCode": "91608",
"locality": "Hollywood",
"country": "USA",
"type": "work"
},
{
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
"type": "home"
}
],
"groups": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/3",
"type": "direct"
}
],
"timezone": "America/Los_Angeles",
"title": "Tour Guide",
"meta": {
"lastModified": "2015-01-06T03:24:17.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/145",
"created": "2015-01-06T03:24:17.000-08:00",
"resourceType": "User"
}
}
20.6.1.2 Modify User (PUT)
This section provides an example of the request and response of the Modify User operation using the PUT operation type. It contains the following topics:
20.6.1.2.1 Modify User (PUT) Request
The request for the Modify User operation (PUT) consists of:
Operation and URI: PUT http://HOST_NAME:PORT/iam/governance/scim/v1/Users/355
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "userName_user216_08_09.382323",
"name":
{
"familyName": "familyName2_user216_08_09.382323"
},
"userType": "Contractor",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User":
{
"description": "description2_user216_08_09.382323"
},
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":
{
"organization": "org2_post_1404312744114",
"homeOrganization":
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
}
}
}
20.6.1.2.2 Modify User (PUT) Response
The response of the Modify User (PUT) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": {
"passwordIsExpired": "0",
"userLoginAttemptsCounter": 0,
"ldapCommonNameGenerated": 0,
"userPasswordResetAttemptsCounter": 0,
"passwordWarnDate": "2015-07-02T08:46:57.000-07:00",
"homeOrganization": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
},
"passwordCreateDate": "2015-03-11T08:46:57.000-07:00",
"provisionedDate": "2015-03-11T08:46:57.000-07:00",
"passwordPolicyDescription": [
{
"value": "Password must not match or contain first name."
},
{
"value": "Password must not match or contain last name."
},
{
"value": "Password must contain at least 2 alphabetic character(s)."
},
{
"value": "Password must be at least 6 character(s) long."
},
{
"value": "Password must contain at least 1 lowercase letter(s)."
},
{
"value": "Password must contain at least 1 numeric character(s)."
},
{
"value": "Password must contain at least 1 uppercase letter(s)."
},
{
"value": "Password must start with an alphabetic character."
},
{
"value": "Password must not match or contain user ID."
}
],
"userMustChangePasswordAtNextLogin": "1",
"disabled": false,
"organizations": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1",
"display": "Xellerate Users"
}
],
"description": "description2_user216_08_09.382323"
},
"displayName": "Babs Jensen",
"id": "355",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"passwordExpireDate": "2015-07-09T08:46:57.000-07:00",
"locked": {
"duration": 0,
"value": "0"
}
},
"userName": "USERNAME_USER216_08_09.382323",
"emails": [
{
"value": "u1@example.com",
"type": "work"
}
],
"active": true,
"userType": "Contractor",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"manager": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"displayName": "display"
},
"department": "Tour Operations",
"organization": "Xellerate Users"
},
"preferredLanguage": "en-US",
"phoneNumbers": [
{
"value": "555-555-4444",
"type": "mobile"
},
{
"value": "555-555-5555",
"type": "work"
}
],
"name": {
"middleName": "Jane",
"familyName": "familyName2_user216_08_09.382323",
"givenName": "Barbara",
"honorificSuffix": "III"
},
"addresses": [
{
"region": "CA",
"streetAddress": "100 Universal City Plaza",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"postalCode": "91608",
"locality": "Hollywood",
"country": "USA",
"type": "work"
},
{
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
"type": "home"
}
],
"groups": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/3",
"type": "direct"
}
],
"timezone": "America/Los_Angeles",
"title": "Tour Guide",
"meta": {
"lastModified": "2015-03-11T08:47:19.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/355",
"created": "2015-03-11T08:46:57.000-07:00",
"resourceType": "User"
}
}
20.6.1.3 Modify User (PATCH)
This section provides an example of the request and response of the Modify User operation using the PATCH operation type. It contains the following topics:
20.6.1.3.1 Modify User (PATCH) Request
The request of the Modify User operation (PATCH) consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Users/355
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"replace",
"path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User:description,
"value":"description3"
}
]
}
20.6.1.3.2 Modify User (PATCH) Response
The response of the Modify User (PATCH) consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": {
"passwordIsExpired": "0",
"userLoginAttemptsCounter": 0,
"ldapCommonNameGenerated": 0,
"userPasswordResetAttemptsCounter": 0,
"passwordWarnDate": "2015-07-02T08:46:57.000-07:00",
"homeOrganization": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
},
"passwordCreateDate": "2015-03-11T08:46:57.000-07:00",
"provisionedDate": "2015-03-11T08:46:57.000-07:00",
"passwordPolicyDescription": [
{
"value": "Password must not match or contain first name."
},
{
"value": "Password must not match or contain last name."
},
{
"value": "Password must contain at least 2 alphabetic character(s)."
},
{
"value": "Password must be at least 6 character(s) long."
},
{
"value": "Password must contain at least 1 lowercase letter(s)."
},
{
"value": "Password must contain at least 1 numeric character(s)."
},
{
"value": "Password must contain at least 1 uppercase letter(s)."
},
{
"value": "Password must start with an alphabetic character."
},
{
"value": "Password must not match or contain user ID."
}
],
"userMustChangePasswordAtNextLogin": "1",
"disabled": false,
"organizations": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1",
"display": "Xellerate Users"
}
],
"description": "description3"
},
"displayName": "Babs Jensen",
"id": "355",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"passwordExpireDate": "2015-07-09T08:46:57.000-07:00",
"locked": {
"duration": 0,
"value": "0"
}
},
"userName": "USERNAME_USER216_08_09.382323",
"emails": [
{
"value": "u1@example.com",
"type": "work"
}
],
"active": true,
"userType": "Contractor",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"manager": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"displayName": "display"
},
"department": "Tour Operations",
"organization": "Xellerate Users"
},
"preferredLanguage": "en-US",
"phoneNumbers": [
{
"value": "555-555-4444",
"type": "mobile"
},
{
"value": "555-555-5555",
"type": "work"
}
],
"name": {
"middleName": "Jane",
"familyName": "familyName2_user216_08_09.382323",
"givenName": "Barbara",
"honorificSuffix": "III"
},
"addresses": [
{
"region": "CA",
"streetAddress": "100 Universal City Plaza",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"postalCode": "91608",
"locality": "Hollywood",
"country": "USA",
"type": "work"
},
{
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
"type": "home"
}
],
"groups": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/3",
"type": "direct"
}
],
"timezone": "America/Los_Angeles",
"title": "Tour Guide",
"meta": {
"lastModified": "2015-03-11T08:49:17.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/355",
"created": "2015-03-11T08:46:57.000-07:00",
"resourceType": "User"
}
}
20.6.1.4 View Users with Pagination
This section provides an example of the request and response of the View Users with Pagination operation using the GET operation type. It contains the following topics:
20.6.1.4.1 View Users with Pagination Request
The following is the request of the View Users with Pagination operation:
Operation and URI: GET /Users http://HOST_NAME:PORT/iam/governance/scim/v1/Users?attributes=id&startIndex=6&count=5
20.6.1.4.2 View Users with Pagination Response
The response of the View Users with Pagination operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 5,
"itemsPerPage": 5,
"startIndex": 6,
"Resources": [
{
"id": "59"
},
{
"id": "42"
},
{
"id": "25"
},
{
"id": "106"
},
{
"id": "89"
}
]
}
20.6.1.4.3 Search Filter Examples
The following are examples of search filters:
http://HOST_NAME:PORT/iam/governance/scim/v1/Users?filter=(userName co xel)&attributes=id http://HOST_NAME:PORT/iam/governance/scim/v1/Users?attributes=userName&filter=(userName co 4) and (userName co BUG) http://HOST_NAME:PORT/iam/governance/scim/v1/Users?attributes=userName&filter=(emails.type eq work and emails.value sw u)
Note:
For a complete description of search filters, see the "Filtering" section of the SCIM REST API IETF draft at the following URL:
https://tools.ietf.org/html/draft-ietf-scim-api-14#section-3.2.2.2
20.6.1.5 Delete User
This section provides an example request and response of the Delete User operation using the DELETE operation type. It contains the following topics:
20.6.1.5.1 Delete User Request
The request of the Delete User operation consists of:
Operation and URI: DELETE http://HOST_NAME:PORT/iam/governance/scim/v1/Users/355
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body: NA
20.6.1.6 Lock User
This section provides an example of the request and response of the Lock User operation using the PATCH operation type. It contains the following topics:
20.6.1.6.1 Lock User Request
The request of the Lock User operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Users/356
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op":"replace",
"path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:locked",
"value" :
{
"value" : 1,
"duration" : 3600
}
}
]
}
20.6.1.7 Unlock User
This section provides the request and response of the Unlock User operation using the PATCH operation type. It contains the following topics:
20.6.1.7.1 Unlock User Request
The request of the Unlock User operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Users/356
Header:
-
Content-Type: application/scim+json
-
Authorization: Bearer h480djs93hd8
-
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op":"replace",
"path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:locked",
"value" :
{
"value" : 0
}
}
]
}
20.6.1.8 Reset Password by Providing New Password
This section provides the request and response of the Reset Password by Providing New Password operation using the PATCH operation type. It contains the following topics:
20.6.1.8.1 Reset Password by Providing New Password Request
The request of the Reset Password by Providing New Password operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Users/356
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace","path": "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:passwd",
"value" :
{
"value": "newPassw0rd",
"sendNotification": "true",
"sendNotificationTo": "example2@example.com"
}
}
]
}20.6.1.9 Reset Password by Auto-Generated Password
This section provides an example of the request and response of the Reset Password by Auto-generated Password operation using the PATCH operation type. It contains the following topics:
20.6.1.9.1 Reset Password by Auto-Generated Password Request
The request of the Reset Password by Auto-generated password consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Users/356
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace", "path": "urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User:passwd",
"value":
{
"value": "auto-generate",
"sendNotification": "true",
"sendNotificationTo": "john.doe@example.com"
}
}
]
}
20.6.1.10 View User
This section provides an example of the request and response of the View User operation using the GET operation type. It contains the following topics:
20.6.1.10.1 View User Request
The request of the View User operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/Me
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8
20.6.1.10.2 View User Response
The response of the View User operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": {
"userLoginAttemptsCounter": 0,
"ldapCommonNameGenerated": 0,
"userPasswordResetAttemptsCounter": 0,
"ldapCommonName": "System Administrator",
"passwordWarnDate": "2015-06-30T01:51:27.000-07:00",
"lastSuccessfulLoginDate": "2015-03-11T00:00:00.000-07:00",
"homeOrganization": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
},
"passwordPolicyDescription": [
{
"value": "Password must not match or contain first name."
},
{
"value": "Password must not match or contain last name."
},
{
"value": "Password must contain at least 2 alphabetic character(s)."
},
{
"value": "Password must be at least 6 character(s) long."
},
{
"value": "Password must contain at least 1 lowercase letter(s)."
},
{
"value": "Password must contain at least 1 numeric character(s)."
},
{
"value": "Password must contain at least 1 uppercase letter(s)."
},
{
"value": "Password must start with an alphabetic character."
},
{
"value": "Password must not match or contain user ID."
}
],
"disabled": false,
"dataLevel": "2",
"organizations": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1",
"display": "Xellerate Users"
}
]
},
"displayName": "display",
"id": "1",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"passwordExpireDate": "2015-07-07T01:51:27.000-07:00",
"locked": {
"value": "0"
}
},
"userName": "XELSYSADM",
"emails": [
{
"value": "donotreply@example.com",
"type": "work"
}
],
"active": true,
"userType": "Full-Time",
"name": {
"familyName": "Administrator",
"givenName": "System"
},
"groups": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/1",
"type": "direct"
},
{
"value": "6",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/6",
"type": "direct"
}
],
"meta": {
"lastModified": "2015-03-11T08:15:44.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Me",
"created": "2015-03-09T01:51:27.000-07:00",
"resourceType": "User"
},
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"organization": "Xellerate Users"
}
}
20.6.1.11 Self Registration
This section provides an example of the request and response of the Self Registration operation using the POST operation type. It contains the following topics:
20.6.1.11.1 Self Registration Request
The request of the Self Registration operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/Me
Header:
-
Content-Type:
application/scim+json -
Authorization: NA
-
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],
"userName": "bjensen@example.com",
"name": {
"familyName": "Jensen",
"givenName": "Barbara",
"middleName": "Jane",
"honorificSuffix": "III"
},
"displayName": "Babs Jensen",
"emails": [
{
"value": "bjensen@example.com",
"type": "work"
}
],
"userType": "Full-Time",
"password":"t1meMa$heen",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"challenges": [
{
"challenge":"What is your favorite color?",
"response":"color"
},
{
"challenge":"What is the name of your pet?",
"response":"pet"
},
{
"challenge":"What is the city of your birth?",
"response":"city"
}
]
}
}
20.6.1.12 Modify Self Profile (PATCH)
This section provides an example of the request and response of the Modify Self Profile operation using the PATCH operation type. It contains the following topics:
20.6.1.12.1 Modify Self Profile (PATCH) Request
The request of the Modify Self Profile (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Me
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations":[
{
"op":"replace",
"path":"displayName",
"value" : "NEW_NAME"
}
]
}
20.6.1.12.2 Modify Self Profile (PATCH) Response
The response of the Modify Self Profile (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": {
"userLoginAttemptsCounter": 0,
"ldapCommonNameGenerated": 0,
"userPasswordResetAttemptsCounter": 0,
"ldapCommonName": "System Administrator",
"passwordWarnDate": "2015-06-30T01:51:27.000-07:00",
"lastSuccessfulLoginDate": "2015-03-11T00:00:00.000-07:00",
"homeOrganization": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
},
"passwordPolicyDescription": [
{
"value": "Password must not match or contain first name."
},
{
"value": "Password must not match or contain last name."
},
{
"value": "Password must contain at least 2 alphabetic character(s)."
},
{
"value": "Password must be at least 6 character(s) long."
},
{
"value": "Password must contain at least 1 lowercase letter(s)."
},
{
"value": "Password must contain at least 1 numeric character(s)."
},
{
"value": "Password must contain at least 1 uppercase letter(s)."
},
{
"value": "Password must start with an alphabetic character."
},
{
"value": "Password must not match or contain user ID."
}
],
"disabled": false,
"dataLevel": "2",
"organizations": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1",
"display": "Xellerate Users"
}
]
},
"displayName": "NEW_NAME",
"id": "1",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"passwordExpireDate": "2015-07-07T01:51:27.000-07:00",
"locked": {
"value": "0"
}
},
"userName": "XELSYSADM",
"emails": [
{
"value": "donotreply@example.com",
"type": "work"
}
],
"active": true,
"userType": "Full-Time",
"name": {
"familyName": "Administrator",
"givenName": "System"
},
"groups": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/1",
"type": "direct"
},
{
"value": "6",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/6",
"type": "direct"
}
],
"meta": {
"lastModified": "2015-03-11T08:55:23.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Me",
"created": "2015-03-09T01:51:27.000-07:00",
"resourceType": "User"
},
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"organization": "Xellerate Users"
}
}
20.6.1.13 Modify Profile (PUT)
This section provides an example of the request and response of the Modify Profile operation using the PUT operation type. It contains the following topics:
20.6.1.13.1 Modify Profile (PUT) Request
The request of the Modify Profile (PUT) operation consists of:
Operation and URI: PUT http://HOST_NAME:PORT/iam/governance/scim/v1/Me
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "bjensen@example.com",
"name":
{
"familyName": "Jensen"
},
"userType": "Contractor",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":
{
"organization": "Xellerate Users",
"homeOrganization":
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
}
}
}
20.6.1.13.2 Modify Profile (PUT) Response
The response of the Modify Profile (PUT) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:User": {
"userLoginAttemptsCounter": 0,
"passwordIsExpired": "0",
"ldapCommonNameGenerated": 0,
"userPasswordResetAttemptsCounter": 0,
"passwordWarnDate": "2015-04-29T03:24:16.000-07:00",
"homeOrganization": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1"
},
"passwordCreateDate": "2015-01-06T03:24:16.000-08:00",
"provisionedDate": "2015-01-06T03:24:16.000-08:00",
"passwordPolicyDescription": [],
"userMustChangePasswordAtNextLogin": "1",
"disabled": false,
"organizations": [
{
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/1",
"display": "Xellerate Users"
}
]
},
"displayName": "Babs Jensen",
"id": "145",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:User": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"passwordExpireDate": "2015-05-06T03:24:16.000-07:00",
"locked": {
"duration": 0,
"value": "0",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/0"
}
},
"userName": "BJENSEN@EXAMPLE.COM",
"emails": [
{
"value": "bjensen@example.com",
"type": "work"
}
],
"active": true,
"userType": "Contractor",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "701984",
"manager": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"displayName": "new display"
},
"department": "Tour Operations",
"organization": "Xellerate Users"
},
"preferredLanguage": "en-US",
"phoneNumbers": [
{
"value": "555-555-4444",
"type": "mobile"
},
{
"value": "555-555-5555",
"type": "work"
}
],
"name": {
"middleName": "Jane",
"familyName": "Jensen",
"givenName": "Barbara",
"honorificSuffix": "III"
},
"addresses": [
{
"region": "CA",
"streetAddress": "100 Universal City Plaza",
"formatted": "100 Universal City Plaza\nHollywood, CA 91608 USA",
"postalCode": "91608",
"locality": "Hollywood",
"country": "USA",
"type": "work"
},
{
"formatted": "456 Hollywood Blvd\nHollywood, CA 91608 USA",
"type": "home"
}
],
"groups": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/3",
"type": "direct"
}
],
"timezone": "America/Los_Angeles",
"title": "Tour Guide",
"meta": {
"lastModified": "2015-01-06T03:24:17.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/145",
"created": "2015-01-06T03:24:17.000-08:00",
"resourceType": "User"
}
}
20.6.1.14 PasswordResetterWithChallenges
This section provides an example of the request and response of the PasswordResetterWithChallenges operation using the POST operation type. It contains the following topics:
20.6.1.14.1 PasswordResetterWithChallenges Request
The request of the PasswordResetterWithChallenges operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordResetterWithChallenges
Header:
-
Content-Type:
application/json -
Authorization: NA
-
X-Requested-By:
<random_value>
Body:
{
"schemas":
["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordResetterWithChallenges"],
"userName": "JDOE",
"challenges":
[
{
"challenge":"What is the name of your pet?",
"response":"name"
},
{
"challenge":"What is the city of your birth?",
"response":"city"
},
{
"challenge":"What is your favorite color?",
"response":"color"
}
],
"password": "Welcome3"
}
20.6.1.15 PasswordValidator
This section provides an example of the PasswordValidator operation using the POST operation type. It contains the following topics:
20.6.1.15.1 PasswordValidator Request
The following request is to validate a potential password. Successful response of validate password request means password is valid.
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordValidator
Header:
-
Content-Type:
application/json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordValidator"
],
"userRef": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"password": "jijijSSij1"
}
20.6.1.16 UserNameValidator
This section provides an example of the request and response of the UserNameValidator operation using the POST operation type. It contains the following topics:
20.6.1.16.1 UserNameValidator Request
Successful response of validate user name request means password is valid. The request is as follows:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/UserNameValidator
Header:
-
Content-Type:
application/json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameValidator"],
"userName": "aUserName"
}
20.6.1.17 UserNameGenerator
This section provides an example of the request and response of the UserNameGenerator operation using the POST oepration type. It contains the following topics:
20.6.1.17.1 UserNameGenerator Request
The request of the UserNameGenerator operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/UserNameGenerator
Header:
-
Content-Type:
application/json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameGenerator"],
"name":
{
"formatted": "Ms. Barbara J Doe III",
"familyName": "Doe",
"givenName": "Barbara",
"middleName": "Jane",
"honorificSuffix": "III"
}
}
20.6.1.17.2 UserNameGenerator Response
The response of the UserNameGenerator operation consists of:
Status: HTTP/1.1 201 Created
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameGenerator"
],
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/UserNameGenerator",
"resourceType": "UserNameGenerator"
},
"urn:ietf:params:scim:schemas:core:2.0:User": {
"userName": "Barbara.Doe@example.com"
}
}
20.6.1.18 UserNameRecoverer
This section provides an example of the request and response of the UserNameRecoverer operation using the POST operation type. It contains the following topics:
20.6.1.18.1 UserNameRecoverer Request
The request of the UserNameRecoverer operation is as follows (no authorization header, unauthenticated flow):
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/UserNameRecoverer
Header:
-
Content-Type:
application/json -
Authorization: NA
-
X-Requested-By:
<random_value>
Body:
{
"schemas": ["urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:UserNameRecoverer"],
"email": "myemail@example.com"
}
20.6.2 Role Management
Understand SCIM-based API usage examples for the group resource.
This section provides the following examples of the group resource:
20.6.2.1 View Role
This section provides an example of the request and response of the View Role operation using the GET operation type. It contains the following topics:
20.6.2.1.1 View Role Request
The request of the View Role operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/Groups?attributes=id,displayName
20.6.2.1.2 View Role Response
The response of the View Role operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"Resources": [
{
"displayName": "Group1",
"id": "2"
},
{
"displayName": "SYSTEM ADMINISTRATORS",
"id": "3"
},
{
"displayName": "Group2",
"id": "4"
},
{
"displayName": "Group3",
"id": "5"
}
]
}
20.6.2.2 Create Role
This section provides an example of the request and response of the Create Role operation using the POST operation type. It contains the following topics:
20.6.2.2.1 Create Role Request
The request of the Create Role operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/Groups
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group"
],
"displayName": "Group33",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group":
{
"email": "group33@example.com",
"description": "description1"
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group":
{
"namespace": "Default"
}
}
20.6.2.2.2 Create Role Response
The response of the Create Role operation consists of:
Status: HTTP/1.1 201 Created
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group",
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": {
"organizationsPublishedTo": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
}
],
"category": {
"name": "Default",
"value": 1
},
"namespace": "Default",
"catalog": {
"tags": "Group33 Group33 Default",
"requestable": true,
"certifiable": false,
"id": "151",
"categoryName": "Role",
"auditable": false,
"itemRisk": 3,
"hierarchicalDataAvailable": false
}
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"description": "description1",
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"owner": {
"lastName": "Administrator",
"email": "donotreply@example.com",
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"login": "XELSYSADM",
"firstName": "System",
"displayName": "NEW_NAME"
},
"email": "group33@example.com"
},
"meta": {
"lastModified": "2015-03-11T08:55:57.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/157",
"created": "2015-03-11T08:55:57.000-07:00",
"resourceType": "Group"
},
"displayName": "Group33",
"id": "157"
}
20.6.2.3 Modify Role (PUT)
This section provides an example of the request and response of the Modify Role operation using the PUT operation type. It contains the following topics:
20.6.2.3.1 Modify Role (PUT) Request
The request of the Modify Role (PUT) operation consists of:
Operation and URI: PUT http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/157
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group",
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": {
"organizationsPublishedTo": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
}
],
"category": {
"name": "Default",
"value": 1
},
"namespace": "Default"
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": {
"description": "description1",
"localeNames": [
{
"name": "Group_group09_53_11.228163",
"locale": "base"
}
],
"email": "group_new@example.com"
},
"displayName": "Group_group09_53_11.228163"
}
20.6.2.3.2 Modify Role (PUT) Response
The response of the Modify Role (PUT) operation consists of:
Status: HTTP/1.1 200 OK
Location: https://HOST_NAME:PORT/Groups/157
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group",
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": {
"organizationsPublishedTo": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
}
],
"category": {
"name": "Default",
"value": 1
},
"namespace": "Default"
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"description": "description1",
"localeNames": [
{
"name": "Group_group09_53_11.228163",
"locale": "base"
}
],
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"owner": {
"lastName": "Administrator",
"email": "donotreply@example.com",
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"login": "XELSYSADM",
"displayName": "System Administrator",
"firstName": "System"
},
"email": "group_new@example.com"
},
"meta": {
"lastModified": "2015-01-05T06:59:25.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/157",
"created": "2015-01-05T06:55:14.000-08:00",
"resourceType": "Group"
},
"displayName": "Group_group09_53_11.228163",
"id": "157"
}
20.6.2.4 Modify Role (PATCH)
This section provides an example of the Modify Role operation using the PATCH operation type. It contains the following topics:
20.6.2.4.1 Modify Role (PATCH) Request
The request of the Modify Role (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/153
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"replace" ,
"path":"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group:description",
"value":"description3"
}
]
}
20.6.2.4.2 Modify Role (PATCH) Response
The response of the Modify Role (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group",
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": {
"organizationsPublishedTo": [
{
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
}
],
"category": {
"name": "Default",
"value": 1
},
"namespace": "Default",
"catalog": {
"tags": "replace_catalog_requestable_6587843 replace_catalog_requestable_6587843 Default",
"requestable": true,
"certifiable": false,
"id": "147",
"categoryName": "Role",
"auditable": false,
"itemRisk": 3,
"hierarchicalDataAvailable": false
}
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": {
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"description": "description3",
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"owner": {
"lastName": "Administrator",
"email": "donotreply@example.com",
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"login": "XELSYSADM",
"firstName": "System",
"displayName": "NEW_NAME"
}
},
"meta": {
"lastModified": "2015-03-11T08:59:16.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/153",
"created": "2015-03-11T08:13:11.000-07:00",
"resourceType": "Group"
},
"displayName": "replace_catalog_requestable_6587843",
"id": "153"
}
20.6.2.5 Delete Role
This section provides an example of the Delete Role operation using the DELETE operation type. It contains the following topics:
20.6.2.5.1 Delete Role Request
The request of the Delete Role operation consists of:
Operation and URI: DELETE http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/153
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
20.6.2.6 Remove Role (PATCH)
This section provides an example of the Remove Role operation using the PATCH operation type. It contains the following topics:
20.6.2.6.1 Remove Role (PATCH) Request
The request of the Remove Role (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/<role_id>
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"remove",
"path":"urn:ietf:params:scim:schemas:core:2.0:Group:members",
"value":[
{
"value":"<usr_key>",
"$ref":"http://HOST_NAME:PORT/idaas/im/scim/v1/Users/<usr_key>"
}
]
}
]
}20.6.2.6.2 Remove Role (PATCH) Response
The response of the Remove Role (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group",
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group",
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"urn:ietf:params:scim:schemas:extension:oracle:2.0:OIG:Group": {
"namespace": "Default",
"organizationsPublishedTo": [
{
"value": "3",
"$ref":
"http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
}
],
"category": {
"name": "Default",
"value": 1
},
"ldapDn": "cn=tesrole1,cn=groups,dc=isc,dc=com",
"catalog": {
"auditable": true,
"hierarchicalDataAvailable": false,
"id": "101",
"requestable": true,
"itemRisk": 3,
"certifiable": true,
"categoryName": "Role",
"tags": "tesrole1 tesrole1 Default"
}
},
"urn:ietf:params:scim:schemas:extension:oracle:2.0:IDM:Group": {
"createBy": {
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"value": "1"
},
"owner": {
"firstName": "System",
"lastName": "Administrator",
"displayName": "System Administrator",
"login": "XELSYSADM",
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1",
"email": "donotreply@oracle.com"
},
"updateBy": {
"value": "5",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/5"
}
},
"members": [
{
"value": "7002",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/7002"
}
],
"meta": {
"created": "2018-11-13T08:48:49.000+05:30",
"location":
"http://HOST_NAME:PORT/iam/governance/scim/v1/Groups/<role_id>",
"lastModified": "2018-11-13T08:53:58.000+05:30",
"resourceType": "Group"
},
"displayName": "<role name>",
"id": "<role_d>"
}20.6.3 Organization Management
Understand SCIM-based API usage examples for the organization resource.
This section provides the following examples of the organization resource:
20.6.3.1 View Organization
This section provides an example of the View Organization operation using the GET operation type. It contains the following topics:
20.6.3.1.1 View Organization Request
The request of the View Organization operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/148
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8
20.6.3.1.2 View Organization Response
The response of the View Organization operation consists of:
Status: HTTP/1.1 200 OK
Location: https://HOST_NAME:PORT/Organization/148
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization"
],
"parent": {
"name": "Top",
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
},
"name": "org_pcu3_1426086587854",
"passwordPolicy": {
"name": "ppchg_1426086587854",
"value": "94"
},
"id": "148",
"meta": {
"lastModified": "2015-03-11T08:16:00.000-07:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/148",
"created": "2015-03-11T08:16:00.000-07:00",
"resourceType": "Organization"
},
"customerType": "Company",
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"enforceNewPasswordPolicy": "Yes",
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"status": "Active",
"members": [
{
"value": "353",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/353"
}
]
}
20.6.3.2 Create Organization
This section provides an example of the request and response of the Create Organization operation using the POST operation type. It contains the following topics:
20.6.3.2.1 Create Organization Request
The request of the Create Organization operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization"
],
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization":
{
"name": "organization16_08_50.141529",
"customerType": "Scim1"
}
}
20.6.3.2.2 Create Organization Response
The response of the Create Organization operation consists of:
Status: HTTP/1.1 201 Created
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization"
],
"parent": {
"name": "Top",
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
},
"name": "organization16_08_50.141529",
"id": "77",
"meta": {
"lastModified": "2015-02-06T07:06:46.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/77",
"created": "2015-02-06T07:06:46.000-08:00",
"resourceType": "Organization"
},
"customerType": "Scim1",
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"enforceNewPasswordPolicy": "Yes",
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"status": "Active"
}20.6.3.3 Modify Organization (PUT)
This section provides an example of the request and response of the Modify Organization operation using the PUT operation type. It contains the following topics:
20.6.3.3.1 Modify Organization (PUT) Request
The request of the Modify Organization (PUT) operation consists of:
Operation and URI: PUT http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/77
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization"
],
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization":
{
"name": "organization16_08_53.883452",
"customerType": "Scim2"
}
}
20.6.3.3.2 Modify Organization (PUT) Response
The response of the Modify Organization (PUT) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization"
],
"parent": {
"name": "Top",
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
},
"name": "organization16_08_53.883452",
"id": "77",
"meta": {
"lastModified": "2015-02-06T07:09:27.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/77",
"created": "2015-02-06T07:06:46.000-08:00",
"resourceType": "Organization"
},
"customerType": "Scim2",
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"enforceNewPasswordPolicy": "Yes",
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"status": "Active"
}20.6.3.4 Modify Organizations (PATCH)
This section provides an example of the request and response of the Modify Organizations operation using the PATCH operation type. It contains the following topics:
20.6.3.4.1 Modify Organizations (PATCH) Request
The request of the Modify Organizations (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/77
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"replace",
"path":"customerType",
"value":"Scim3"
}
]
}
20.6.3.4.2 Modify Organizations (PATCH) Response
The response of the Modify Organizations (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:Organization"
],
"parent": {
"name": "Top",
"value": "3",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/3"
},
"name": "organization16_08_53.883452",
"id": "77",
"meta": {
"lastModified": "2015-02-06T07:13:19.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/77",
"created": "2015-02-06T07:06:46.000-08:00",
"resourceType": "Organization"
},
"customerType": "Scim3",
"createBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"enforceNewPasswordPolicy": "Yes",
"updateBy": {
"value": "1",
"$ref": "http://HOST_NAME:PORT/iam/governance/scim/v1/Users/1"
},
"status": "Active"
}
20.6.3.5 Delete Organization
This section provides an example of the request and response of the Delete Organization operation using the DELETE operation type. It contains the following topics:
20.6.3.5.1 Delete Organization Request
The request of the Delete Organization operation consists of:
Operation and URI: DELETE http://HOST_NAME:PORT/iam/governance/scim/v1/Organizations/77
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
20.6.4 Password Policy Management
Understand SCIM-based API usage examples for the password policy resource.
This section provides the following examples of the password policy resource:
20.6.4.1 View Password Policy
This section provides an example of the request and response of the View Password Policy operation using the GET operation type. It contains the following topics:
20.6.4.1.1 View Password Policy Request
The request of the View Password Policy operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies?filter=(urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy:allowedChars co q)&attributes=id,description,name
20.6.4.1.2 View Password Policy Response
The response of the View Password Policy operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"Resources": [
{
"id": "2",
"name": "pwp1_1423213466123",
"description": "1"
},
{
"id": "6",
"name": "pwp_q_3466186",
"description": "pwp_q_3466186"
},
{
"id": "36",
"name": "p1214_1423213645161"
}
]
}
20.6.4.2 Create Password Policy
This section provides an example of the Create Password Policy operation using the POST operation type. It contains the following sections:
20.6.4.2.1 Create Password Policy Request
The request of the Create Password Policy operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy"
],
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy":
{
"name":"pwdpol0901258070",
"description":"complex password policy for ST org",
"passwordWarningAfterInDays": 20,
"passwordExpiresAfterInDays": 30,
"minPasswordAgeInDays": 10,
"userIdDisallowed": "false",
"minLength": 3,
"maxLength": 8,
"firstNameDisallowed": "true",
"challengeSource": 1,
"challengeMinQuestions": 3,
"challengeMinAnswers": 2,
"challengeResponseMinLength": 5,
"challengeAllowDuplicateResponses": "false",
"challengeMaxIncorrectAttempts": 5,
"challengeDefaultQuestions":
[
{
"value": "what is your favorite color"
},
{
"value": "what is name of your pet"
},
{
"value": "which is your favorite movie"
},
{
"value": "which is your favorite sport"
}
]
}
}
20.6.4.2.2 Create Password Policy Response
The response of the Create Password Policy operation consists of:
Status: HTTP/1.1 201 Created
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy"
],
"challengesEnabled": false,
"id": "49",
"challengeSource": 1,
"minLength": 3,
"startsWithAlphabet": false,
"description": "complex password policy for ST org",
"name": "pwdpol0901258070",
"complexPolicy": false,
"challengeDefaultQuestions": [
{
"value": "what is your favorite color"
},
{
"value": "what is name of your pet"
},
{
"value": "which is your favorite movie"
},
{
"value": "which is your favorite sport"
}
],
"challengeAllAtOnce": true,
"minPasswordAgeInDays": 10,
"passwordWarningAfterInDays": 20,
"challengeResponseMinLength": 5,
"userIdDisallowed": false,
"maxLength": 8,
"challengeMinQuestions": 3,
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies/49",
"resourceType": "PasswordPolicy"
},
"challengeMaxIncorrectAttempts": 5,
"challengeMinAnswers": 2,
"passwordExpiresAfterInDays": 30,
"challengeAllowDuplicateResponses": false,
"lastNameDisallowed": false,
"firstNameDisallowed": true,
"dictionaryDelimiter": "\u0000"
}
20.6.4.3 Modify Password Policy (PUT)
This section provides an example of the request and response of the Modify Password Policy operation using the PUT operation type. It contains the following topics:
20.6.4.3.1 Modify Password Policy (PUT) Request
The request of the Modify Password Policy (PUT) operation consists of:
Operation and URI: PUT http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies/49
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy"
],
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy":
{
"name":"pwdpol0905770857",
"description":"complex password policy for ST org",
"passwordWarningAfterInDays": 20,
"passwordExpiresAfterInDays": 30,
"minPasswordAgeInDays": 10,
"userIdDisallowed": "false",
"minLength": 3,
"maxLength": 8,
"firstNameDisallowed": "true",
"challengeSource": 1,
"challengeMinQuestions": 3,
"challengeMinAnswers": 2,
"challengeResponseMinLength": 5,
"challengeAllowDuplicateResponses": "false",
"challengeMaxIncorrectAttempts": 5,
"challengeDefaultQuestions":
[
{
"value": "what is your favorite car"
},
{
"value": "what is name of your truck"
},
{
"value": "which is your favorite bicycle"
},
{
"value": "which is your favorite shoe"
}
]
}
}
20.6.4.3.2 Modify Password Policy (PUT) Response
The response of the Modify Password Policy (PUT) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy"
],
"challengesEnabled": false,
"id": "49",
"challengeSource": 1,
"minLength": 3,
"startsWithAlphabet": false,
"description": "complex password policy for ST org",
"name": "pwdpol0905770857",
"complexPolicy": false,
"challengeDefaultQuestions": [
{
"value": "what is your favorite car"
},
{
"value": "what is name of your truck"
},
{
"value": "which is your favorite bicycle"
},
{
"value": "which is your favorite shoe"
}
],
"challengeAllAtOnce": true,
"minPasswordAgeInDays": 10,
"passwordWarningAfterInDays": 20,
"challengeResponseMinLength": 5,
"userIdDisallowed": false,
"maxLength": 8,
"challengeMinQuestions": 3,
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies/49",
"resourceType": "PasswordPolicy"
},
"challengeMaxIncorrectAttempts": 5,
"challengeMinAnswers": 2,
"passwordExpiresAfterInDays": 30,
"challengeAllowDuplicateResponses": false,
"lastNameDisallowed": false,
"firstNameDisallowed": true,
"dictionaryDelimiter": "\u0000"
}
20.6.4.4 Modify Password Policy (PATCH)
This section provides an example of the request and response of the Modify Password Policy operation using the PATCH operation type. It contains the following topics:
20.6.4.4.1 Modify Password Policy (PATCH) Request
The request of the Modify Password Policy (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies/49
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"replace",
"path":"firstNameDisallowed",
"value":"false"
}
]
}
20.6.4.4.2 Modify Password Policy (PATCH) Response
The response of the Modify Password Policy (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:IDM:PasswordPolicy"
],
"challengesEnabled": false,
"id": "49",
"challengeSource": 1,
"minLength": 3,
"startsWithAlphabet": false,
"description": "complex password policy for ST org",
"name": "pwdpol0905770857",
"complexPolicy": false,
"challengeDefaultQuestions": [
{
"value": "what is your favorite car"
},
{
"value": "what is name of your truck"
},
{
"value": "which is your favorite bicycle"
},
{
"value": "which is your favorite shoe"
}
],
"challengeAllAtOnce": true,
"minPasswordAgeInDays": 10,
"passwordWarningAfterInDays": 20,
"challengeResponseMinLength": 5,
"userIdDisallowed": false,
"maxLength": 8,
"challengeMinQuestions": 3,
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies/49",
"resourceType": "PasswordPolicy"
},
"challengeMaxIncorrectAttempts": 5,
"challengeMinAnswers": 2,
"passwordExpiresAfterInDays": 30,
"challengeAllowDuplicateResponses": false,
"lastNameDisallowed": false,
"firstNameDisallowed": false,
"dictionaryDelimiter": "\u0000"
}
20.6.4.5 Delete Password Policy
This section provides an example of the request and response of the Delete Password Policy operation using the DELETE operation type. It contains the following topics:
20.6.4.5.1 Delete Password Policy Request
The request of the Delete Password Policy operation consists of:
Operation and URI: DELETE http://HOST_NAME:PORT/iam/governance/scim/v1/PasswordPolicies/49
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
20.6.5 Notification Template Management
Understand SCIM-based API usage examples for the notification template resource.
This section provides the following examples of the notification template resource:
20.6.5.1 View Notification Template
This section provides an example of the request and response of the View Notification Template operation using the GET operation type. It contains the following topics:
20.6.5.1.1 View Notification Template Request
The request of the View Notification Template operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates?attributes=id,name
20.6.5.1.2 View Notification Template Response
The response of the View Notification Template operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 4,
"Resources": [
{
"name": "AddProxyNotificationTemplate",
"id": "12"
},
{
"name": "BulkRequestCreation",
"id": "6"
},
{
"name": "CreateUserSelfServiceNotification",
"id": "7"
},
{
"name": "UserDeletedNotificationTemplate",
"id": "10"
}
]
}
20.6.5.2 Create Notification Template
This section provides an example request and response of the Create Notification Template operation using the POST operation type. It contains the following topics:
20.6.5.2.1 Create Notification Template Request
The request of the Create Notification Template operation consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate"
],
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate":
{
"name":"notificationtemplate16_09_14.724166_1",
"eventName":"AddProxy",
"description":"myTemplate",
"locales":
[
{
"locale": "dddd",
"subject": "Notification for contractors 1",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"shortMessage": "short message1",
"longMessage": "long message1"
},
{
"locale": "eeee",
"subject": "Notification for contractors 2",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"shortMessage": "short message2",
"longMessage": "long message2"
}
]
}
}
20.6.5.2.2 Create Notification Template Response
The response of the Create Notification Template operation consists of:
Status: HTTP/1.1 201 Created
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate"
],
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/25",
"resourceType": "NotificationTemplate"
},
"name": "notificationtemplate16_09_14.724166_1",
"eventName": "AddProxy",
"locales": [
{
"subject": "Notification for contractors 2",
"locale": "eeee",
"shortMessage": "short message2",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"longMessage": "long message2"
},
{
"subject": "Notification for contractors 1",
"locale": "dddd",
"shortMessage": "short message1",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"longMessage": "long message1"
}
],
"description": "myTemplate",
"id": "25"
}
20.6.5.3 Modify Notification Template (PUT)
This section provides an example of the request and response of the Modify Notification Template operation using the PUT operation type. It contains the following topics:
20.6.5.3.1 Modify Notification Template (PUT) Request
The request of the Modify Notification Template (PUT) operation consists of:
Operation and URI: PUT http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/25
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate"
],
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate":
{
"name":"notificationtemplate16_09_17.742004_2",
"eventName":"AddProxy",
"description":"Template to notify contractors after password has been reset",
"locales":
[
{
"subject": "Notification for contractors 1",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"shortMessage": "short message1",
"longMessage": "long message1",
"locale": "ffff"
},
{
"subject": "Notification for contractors 2",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"shortMessage": "short message2",
"longMessage": "long message2",
"locale": "gggg"
}
]
}
}
20.6.5.3.2 Modify Notification Template (PUT) Response
The response of the Modify Notification Template (PUT) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate"
],
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/25",
"resourceType": "NotificationTemplate"
},
"name": "notificationtemplate16_09_14.724166_1",
"eventName": "AddProxy",
"locales": [
{
"subject": "Notification for contractors 2",
"locale": "gggg",
"shortMessage": "short message2",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"longMessage": "long message2"
},
{
"subject": "Notification for contractors 1",
"locale": "ffff",
"shortMessage": "short message1",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"longMessage": "long message1"
}
],
"description": "Template to notify contractors after password has been reset",
"id": "25"
}
20.6.5.4 Modify Notification Template (PATCH)
This section provides an example of the request and response of the Modify Notification Template operation using the PATCH operation type. It contains the following topics:
20.6.5.4.1 Modify Notification Template (PATCH) Request
The request of the Modify Notification Template (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/25
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"replace",
"path":"description",
"value":"description3"
}
]
}
20.6.5.4.2 Modify Notification Template (PATCH) Response
The response of the Modify Notification Template (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:NotificationTemplate"
],
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/25",
"resourceType": "NotificationTemplate"
},
"name": "notificationtemplate16_09_14.724166_1",
"eventName": "AddProxy",
"locales": [
{
"subject": "Notification for contractors 2",
"locale": "gggg",
"shortMessage": "short message2",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"longMessage": "long message2"
},
{
"subject": "Notification for contractors 1",
"locale": "ffff",
"shortMessage": "short message1",
"encoding": "UTF-8",
"contentType": "text/html, charset=UTF-8",
"longMessage": "long message1"
}
],
"description": "description3",
"id": "25"
}
20.6.5.5 Delete Notification Template
This section provides an example of the request and response of the Delete Notification Template operation using the DELETE operation type. It contains the following topics:
20.6.5.5.1 Delete Notification Template Request
The request of the Delete Notification Template operation consists of:
Operation and URI: DELETE http://HOST_NAME:PORT/iam/governance/scim/v1/NotificationTemplates/12
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
20.6.6 System Property Management
Understand SCIM-based API usage examples for the system property resource.
This section provides the following examples of the system property resource:
20.6.6.1 View System Properties
This section provides an example of the request and response of the View System Properties operation using the GET operation type. It contains the following topics:
20.6.6.1.1 View System Properties Request
The request of the View System Properties operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/SystemProperties?filter=(name eq AllowDisabledManagers)
20.6.6.1.2 View System Properties Response
The response of the View System Properties operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty"
],
"id": "40",
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/SystemProperties/40",
"resourceType": "SystemProperty"
},
"value": "FALSE",
"name": "AllowDisabledManagers",
"displayName": "Is disabled manager allowed"
}
]
}
20.6.6.2 Modify System Properties (PATCH)
This section provides an example of the Modify System Properties operation using the PATCH operation type. It contains the following topics:
20.6.6.2.1 Modify System Properties (PATCH) Request
The request of the Modify System Properties (PATCH) operation consists of:
Operation and URI: PATCH http://HOST_NAME:PORT/iam/governance/scim/v1/SystemProperties/27
Header:
-
Content-Type:
application/scim+json -
Authorization:
Bearer h480djs93hd8 -
X-Requested-By:
<random_value>
Body:
{
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations":
[
{
"op":"replace",
"path":"displayName",
"value":"new_displayName_for_systemProperty"
}
]
}
20.6.6.2.2 Modify System Properties (PATCH) Response
The response of the Modify System Properties (PATCH) operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:core:2.0:OIG:SystemProperty"
],
"id": "27",
"meta": {
"lastModified": "2015-02-05T08:44:04.000-08:00",
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/SystemProperties/27",
"created": "2015-02-05T08:44:04.000-08:00",
"resourceType": "SystemProperty"
},
"value": "NONE",
"name": "OIM.ChallengeQuestionModificationURL",
"displayName": "new_displayName_for_systemProperty"
}
20.6.7 Service Provider Configuration Management
Understand SCIM-based API usage examples of the request and response of the Service Provider Configuration operation using the GET operation type.
This section contains the following topics:
20.6.7.1 Service Provider Configuration Request
The request of the Service Provider Configuration operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/ServiceProviderConfigs
20.6.7.2 Service Provider Configuration Response
The response of the Service Provider Configuration operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"patch": {
"supported": true
},
"meta": {
"location": "http://HOST_NAME:PORT/iam/governance/scim/v1/ServiceProviderConfigs",
"resourceType": "ServiceProviderConfig"
},
"bulk": {
"maxPayloadSize": 1048576,
"supported": false,
"maxOperations": 1000
},
"authenticationSchemes": [
{
"documentationUrl": "http://HOST_NAME/help/httpBasic.htm",
"specUrl": "http://www.ietf.org/rfc/rfc2617.txt",
"description": "Authentication Scheme using the Http Basic Standard",
"name": "HTTP Basic"
}
],
"documentationUrl": "http://HOST_NAME",
"changePassword": {
"supported": true
},
"etag": {
"supported": false
},
"sort": {
"supported": true
},
"filter": {
"supported": true,
"maxResults": 200
}
}
]
}
20.6.8 Resource Types Management
Understand the examples of the request and response of the Resource Types Management operation using the GET operation type.
This section contains the following topics:
20.6.8.1 Resource Types Management Request
The request of the Resource Types Management operation consists of:
Operation and URI: GET http://HOST_NAME:PORT/iam/governance/scim/v1/ResourceTypes?attributes=name
20.6.8.2 Resource Types Management Response
The response of the Resource Types Management operation consists of:
Status: HTTP/1.1 200 OK
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 15,
"Resources": [
{
"name": "User"
},
{
"name": "PasswordValidator"
},
{
"name": "UserNameRecoverer"
},
{
"name": "Schema"
},
{
"name": "ServiceProviderConfig"
},
{
"name": "Organization"
},
{
"name": "Request"
},
{
"name": "Group"
},
{
"name": "PasswordPolicy"
},
{
"name": "SystemProperty"
},
{
"name": "NotificationTemplate"
},
{
"name": "ResourceType"
},
{
"name": "PasswordResetterWithChallenges"
},
{
"name": "UserNameValidator"
},
{
"name": "UserNameGenerator"
}
]
}
20.6.9 Using POST Search
Understand the examples of the request and response of the Search operation using the POST operation type.
This section contains the following topics:
20.6.9.1 Using POST Search Request
The request is issued with POST [prefix]/.search, which is an alternate way of searching for resources. Instead of passing parameters on the URL, the request parameters are passed in the POST body, as shown in the example in this section. The request consists of:
Operation and URI: POST http://HOST_NAME:PORT/iam/governance/scim/v1/Users/.search
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
X-Requested-By: <random_value>
Body:
{
"schemas":["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"attributes": [ "id", "userName" ],
"filter": "userType eq \"Employee\" and (emails [type eq \"work\" and value co \"HOST_NAME\"] or name.givenName co \"doe\")",
"startIndex":1,
"count":2,
"sortBy": "userName",
"sortOrder": "ascending"
}
20.6.9.2 Using POST Search Response
The response of the Search (POST) operation consists of:
Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"itemsPerPage": 2,
"startIndex": 1,
"Resources": [
{
"id": "10",
"userName": "John Doe"
},
{
"id": "89",
"userName": "Mary Doe"
}
]
}
20.7 Securing SCIM Resources
SCIM resources are secured by using custom OWSM policy, custom request headers, and CORS whitelist.
This section contains the following topics:
20.7.1 Securing SCIM Resources Using OWSM Policy
SCIM resources are secured by custom Oracle Web Services Manager (OWSM) policies oracle/multi_token_rest_service_policy and oracle/no_authentication_service_policy created by default during installation or upgrade of Oracle Identity Governance.
These policies enforce one of the following authentication polices when a token is sent by the client or allows anonymous when no token is supplied:
-
HTTP Basic
-
SAML 2.0 Bearer token in HTTP header
-
HTTP OAM security
-
SPNEGO over HTTP security
-
JWT token in HTTP header
See Understanding Global Policy Attachments for information about the oracle/multi_token_rest_service_policy and oracle/no_authentication_service_policy policies.
20.7.2 Securing SCIM Resources Using Custom Request Headers
Custom request headers are used to protect SCIM resources from CSRF attacks.
This section contains the following topics:
20.7.2.1 About Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which the user is currently authenticated. CSRF attacks specifically target state-changing requests and not theft of data because the attacker has no way to see the response to the forged request. With a little help of social engineering, such as sending a link via email or chat, an attacker might trick the users of a web application into executing actions of the attacker's choice. If the victim is a normal user, then a successful CSRF attack can force the user to perform state-changing requests, such as transferring funds or changing the email address. If the victim has an administrative account, then CSRF can compromise the entire web application.
CSRF attack can trick the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on behalf of the victim. For most sites, browser requests automatically include any credentials associated with the site, such as the user's session cookie, IP address, and Windows domain credentials. Therefore, if the user is currently authenticated to the site, then the site will have no way to distinguish between a forged request sent by the victim and a legitimate request sent by the victim.
Synonyms
CSRF attacks are also known by a number of other names including XSRF, sea surf, session riding, Cross-Site Reference Forgery, and hostile linking.
20.7.2.2 Applicability of CSRF Protection to Identity REST Services
CSRF protection is required on the /tokens invocation because the oimjsessionid cookie or SSO token is automatically included in the HTTP request to Oracle Identity Governance. Several of the scenarios require CSRF protection, because a user tricked into clicking a link to either the /tokens endpoint or facade token webapp can result in an unintended but successful /tokens invocation. In particular, the scenarios that authenticate to the Oracle Identity Governance UI are vulnerable to CSRF attacks, as is the HTTP Basic auth scenario. As the token service cannot distinguish whether the client is susceptible to CSRF, all invocations to the token service, the façade token webapp and /tokens service, must be protected against CSRF.
In the cases an HTTP session is established with Oracle Identity Governance, the /tokens implementation can enforce a synchronizer token in the request. However, this mechanism cannot be used in the HTTP Basic Auth.
Instead, as the requests to the Oracle Identity Governance SCIM and REST API are from a different origin, the Origin header can be used to enforce CSRF.
The Origin request header is required and the CORS allowed-origin computation is used to enforce CSRF protection.
20.7.2.3 Protecting SCIM Resources Using Custom Request Headers
A defense against CSRF is the use of a custom request header, which only a valid user would know. The custom header being used is:
X-Requested-By: <Random_value>
This approach has the double advantage of usually requiring no UI changes and not introducing any server-side state, which coupled with CORS protection, makes for a robust system.
This header is required for all HTTP calls that can change the state of the system, such as PUT, POST, PATCH, and DELETE. If this header is not provided in such calls, then the SCIM service returns HTTP 400 Error Code, particularly for HTTP methods other than GET.
20.7.3 Securing SCIM Resources Using Origin Whitelist
Cross-origin HTTP requests can be restricted by using an origin whitelist.
This section contains the following topics:
20.7.3.1 About HTTP Access Control (CORS)
A resource makes a cross-origin HTTP request when it requests a resource from a different domain or port than the one that the first resource itself serves. For example, an HTML page served from http://domain-a.com makes an <img> src request for http://domain-b.com/image.jpg. Many pages on the web load resources, such as CSS stylesheets, images, and scripts, from separate domains.
For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts.
The Cross-Origin Resource Sharing (CORS) mechanism gives web servers cross-domain access controls, which enable secure cross-domain data transfers. See the CORS page in Mozilla Development Network for general information about CORS and CORS headers.
The Cross-Origin Resource Sharing standard works by adding new HTTP headers that allow servers to describe the set of origins that are permitted to read that information using a web browser. See the HTTP headers page in Mozilla Development Network for detailed information about HTTP headers, such as types of headers, authentication, and caching.
In addition, for HTTP request methods that can cause side effects on server's data (in particular for HTTP methods other than GET or for POST usage), the specification mandates that browsers preflight the request, soliciting supported methods from the server with an HTTP OPTIONS request method, and then upon approval from the server, sending the actual request with the actual HTTP request method. See the OPTIONS page in Mozilla Development Network for information about the syntax and examples of the HTTP OPTIONS method.
Servers can also notify clients whether credentials, including cookies and HTTP Authentication data, should be sent with requests.
20.7.3.2 Applicability of CORS to Identity REST Services
Given an HTML5/JS application loaded from a web tier distinct from the Oracle Identity Governance deployment, the web browser same-origin policy would prevent the application JS from accessing the Oracle Identity Governance SCIM and REST resources. CORS is a mechanism to work around that restriction. The implementation for CORS for SCIM and JWT supports configurable Access-Control-Allow-Origin; specifically, a white-list that is configurable for the deployment.
20.7.3.3 Protecting SCIM Service Using Origin Whitelist
The configurable whitelist is maintained in the XL.AllowedOrigins system property in Oracle Identity Governance. Only the origins specified in this property will be allowed to access the SCIM and JWT resources.
This whitelist should contain a comma-separated list of all allowed origins. Mozilla and Chrome extensions are exempt.
The origins specified must be valid URL in the following format:
<scheme>://<host>.<domain>/<page>
For example:
http://myhost.example.com/index.php
See Non-Default System Properties in Oracle Identity Governance in Administering Oracle Identity Governance for information about the guidelines to specify values for the XL.AllowedOrigins system property.
20.8 Oracle Identity Governance REST Service
Identity Governance REST service provides APIs for Identity Self Service, Token Service, Application Management, and Deployment Manager via Oracle REST Catalog.
Oracle Identity Governance REST service supports the following APIs in Oracle REST Catalog:
-
Self Service: For documentation, see REST API for Oracle Identity Governance Self Service.
-
Java Token Service: For documentation, see REST API for Oracle Identity Governance Token Service.
-
FacadeWebApp to get JWT token for OIG: For documentation, see REST API for FacadeWebApp Token Service.
-
Application Management: For documentation, see REST API for Oracle Identity Governance Application Management.
-
Deployment Manager: For documentation, see REST API for Oracle Identity Governance Deployment Manager.