# scim2-server
This is an example WSGI-SCIM server using [scim2-models](https://github.com/yaal-coop/scim2-models).
It utilizes [werkzeug](https://werkzeug.palletsprojects.com/) and [scim2-filter-parser](https://github.com/15five/scim2-filter-parser) and keeps all resources in-memory,
they are lost once the process exits.
## Features
- [x] Discovery endpoints (`/v2/ServiceProviderConfig`, `/v2/ResourceTypes`, `/v2/Schemas`)
- [x] Create/Read/Update/Delete resources (`POST`, `GET`, `PUT`, `DELETE`)
- [x] Searching & Filtering
- [x] Support for ETags
- [x] Unique Constraints
- [x] HTTP PATCH (Add/Remove/Replace)
- [x] Sorting
The only optional feature currently missing is support for Bulk operations ([RFC 7644, Section 3.7](https://datatracker.ietf.org/doc/html/rfc7644#section-3.7)).
## Usage
```shell
$ scim2-server [-h] [--schema SCHEMA] [--resource-type RESOURCE_TYPE] [--bearer-token BEARER_TOKEN] [--hostname HOSTNAME] [--port PORT] [--reverse-proxy] [--dump-resources DUMP_RESOURCES]
```
- `-h`/`--help`: Show help message
- `--reverse-proxy`: Allow using the provider behind a Reverse Proxy (required for URL rewriting).
- `--schema`: Register schemas from specified JSON file. If not provided, loads the default schemas from RFC 7643.
- `--resource-type`: Register resource types from specified JSON file. If not provided, loads the default resource types from RFC 7643.
- `--bearer-token`: Registers a bearer token that can be used for accessing the service. If no tokens are provided, anonymous access without authentication is allowed.
- `--hostname`: The hostname to listen on. Defaults to `127.0.0.1`.
- `--port`: The port to listen on. Defaults to `8080`.
- `--dump-resources`: Dump a JSON document containing all resources when the provider exits normally.
## Notes
This provider can be used as a starting point if you want to implement a SCIM provider. You should probably change the following things, if you want to use it in production:
- Use a proper production WSGI server instead of the one provided by Werkzeug
- Implement your own Backend as a subclass of `scim2_server.backend.Backend`
- Implement proper authorization with OAuth instead of public access or static bearer tokens
- Support the `/Me` endpoint, if it applies in your use case
- Add support for using either a static URL prefix or improve the support for usage behind a reverse proxy
The provider in its current state has been tested successfully against a live
[Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/scim-validator-tutorial)
system as well as a live
[Okta](https://developer.okta.com/docs/guides/scim-provisioning-integration-test/main/) system.
Raw data
{
"_id": null,
"home_page": "https://github.com/yaal-coop/scim2-server",
"name": "scim2-server",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.11",
"maintainer_email": null,
"keywords": "scim, scim2, provisioning, rfc7643, rfc7644",
"author": "Yaal Coop",
"author_email": "contact@yaal.coop",
"download_url": "https://files.pythonhosted.org/packages/b3/5d/49467d06d7ffc34cb7922e13126b27d6a1615e4dde496b8590110f3bfc85/scim2_server-0.1.1.tar.gz",
"platform": null,
"description": "# scim2-server\n\nThis is an example WSGI-SCIM server using [scim2-models](https://github.com/yaal-coop/scim2-models).\nIt utilizes [werkzeug](https://werkzeug.palletsprojects.com/) and [scim2-filter-parser](https://github.com/15five/scim2-filter-parser) and keeps all resources in-memory,\nthey are lost once the process exits.\n\n## Features\n\n- [x] Discovery endpoints (`/v2/ServiceProviderConfig`, `/v2/ResourceTypes`, `/v2/Schemas`)\n- [x] Create/Read/Update/Delete resources (`POST`, `GET`, `PUT`, `DELETE`)\n- [x] Searching & Filtering\n- [x] Support for ETags\n- [x] Unique Constraints\n- [x] HTTP PATCH (Add/Remove/Replace)\n- [x] Sorting\n\nThe only optional feature currently missing is support for Bulk operations ([RFC 7644, Section 3.7](https://datatracker.ietf.org/doc/html/rfc7644#section-3.7)).\n\n## Usage\n\n```shell\n$ scim2-server [-h] [--schema SCHEMA] [--resource-type RESOURCE_TYPE] [--bearer-token BEARER_TOKEN] [--hostname HOSTNAME] [--port PORT] [--reverse-proxy] [--dump-resources DUMP_RESOURCES]\n```\n\n- `-h`/`--help`: Show help message\n- `--reverse-proxy`: Allow using the provider behind a Reverse Proxy (required for URL rewriting).\n- `--schema`: Register schemas from specified JSON file. If not provided, loads the default schemas from RFC 7643.\n- `--resource-type`: Register resource types from specified JSON file. If not provided, loads the default resource types from RFC 7643.\n- `--bearer-token`: Registers a bearer token that can be used for accessing the service. If no tokens are provided, anonymous access without authentication is allowed.\n- `--hostname`: The hostname to listen on. Defaults to `127.0.0.1`.\n- `--port`: The port to listen on. Defaults to `8080`.\n- `--dump-resources`: Dump a JSON document containing all resources when the provider exits normally.\n\n## Notes\n\nThis provider can be used as a starting point if you want to implement a SCIM provider. You should probably change the following things, if you want to use it in production:\n\n- Use a proper production WSGI server instead of the one provided by Werkzeug\n- Implement your own Backend as a subclass of `scim2_server.backend.Backend`\n- Implement proper authorization with OAuth instead of public access or static bearer tokens\n- Support the `/Me` endpoint, if it applies in your use case\n- Add support for using either a static URL prefix or improve the support for usage behind a reverse proxy\n\nThe provider in its current state has been tested successfully against a live\n[Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/scim-validator-tutorial)\nsystem as well as a live\n[Okta](https://developer.okta.com/docs/guides/scim-provisioning-integration-test/main/) system.\n\n",
"bugtrack_url": null,
"license": "Apache",
"summary": "Lightweight SCIM2 server prototype",
"version": "0.1.1",
"project_urls": {
"Homepage": "https://github.com/yaal-coop/scim2-server",
"Repository": "https://github.com/yaal-coop/scim2-server",
"funding": "https://github.com/sponsors/yaal-coop"
},
"split_keywords": [
"scim",
" scim2",
" provisioning",
" rfc7643",
" rfc7644"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d0a94945410d164c48756586479cfc9cc3e3f1d2f695a0dca61459372a2fadfc",
"md5": "3f63d5c58a84bc90974764f1accb304d",
"sha256": "c00f53fb560cdcf63f46adfcbbab04e6e591577305d9cb6d8476527ee20304f8"
},
"downloads": -1,
"filename": "scim2_server-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3f63d5c58a84bc90974764f1accb304d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.11",
"size": 29101,
"upload_time": "2024-09-22T11:58:45",
"upload_time_iso_8601": "2024-09-22T11:58:45.591461Z",
"url": "https://files.pythonhosted.org/packages/d0/a9/4945410d164c48756586479cfc9cc3e3f1d2f695a0dca61459372a2fadfc/scim2_server-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b35d49467d06d7ffc34cb7922e13126b27d6a1615e4dde496b8590110f3bfc85",
"md5": "4c4f6c5aa389e62a216946c7e4c7983b",
"sha256": "354968fc21caed0fab2c352ff318157a889d4cdc962d747049c6747482afd10c"
},
"downloads": -1,
"filename": "scim2_server-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "4c4f6c5aa389e62a216946c7e4c7983b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.11",
"size": 27320,
"upload_time": "2024-09-22T11:58:46",
"upload_time_iso_8601": "2024-09-22T11:58:46.948386Z",
"url": "https://files.pythonhosted.org/packages/b3/5d/49467d06d7ffc34cb7922e13126b27d6a1615e4dde496b8590110f3bfc85/scim2_server-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-22 11:58:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "yaal-coop",
"github_project": "scim2-server",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "scim2-server"
}