SCIM Service Provider API Overview
Overview
This API is used to retrieve information about the configuration of the FusionAuth SCIM Service Provider as specified in the RFC.
Retrieve Resource Types
Request
GET /api/scim/resource/v2/ResourceTypes
Response
The response for this API contains the ResourceTypes in standard SCIM schema.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is the default response body. However, you can customize the schemas portion of the response by modifying the schemas setting.
This is taken from the SCIM RFC describing a SCIM ResourceTypes schema. For the full specification you can find the RFC.
Default Response Body
{
"itemsPerPage": 10,
"Resources": [
{
"description": "User Account",
"endpoint": "/Users",
"id": "User",
"meta": {
"location": "https://piedpiper.com/api/scim/v2/ResourceTypes/User",
"resourceType": "ResourceType"
},
"name": "User",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"required": true,
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
]
},
{
"description": "Group",
"endpoint": "/Groups",
"id": "Group",
"meta": {
"location": "https://piedpiper.com/api/scim/v2/ResourceTypes/Group",
"resourceType": "ResourceType"
},
"name": "Group",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
]
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 2
}
Retrieve Schemas
Request
GET /api/scim/resource/v2/Schemas
GET /api/scim/resource/v2/Schemas/{schemaId}
Request Parameters
- schemaId [String] Optional
-
The unique Schema Id, such as
urn:ietf:params:scim:schemas:core:2.0:User
.
Response
The response for this API contains the Schema definition(s) in standard SCIM schema.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is the default response body. However, you can customize this response by modifying the Tenant’s schemas setting.
This is taken from the SCIM RFC describing a SCIM Schemas schema. For the full specification, consult the RFC.
Default Response Body
{
"itemsPerPage": 4,
"Resources": [
{
"attributes": [],
"description": "Enterprise User",
"id": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"meta": {
"location": "https://piedpiper.com/api/scim/resource/v2/Schemas/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"resourceType": "Schema"
},
"name": "EnterpriseUser"
},
{
"attributes": [
{
"caseExact": false,
"description": "A human-readable name for the Group. REQUIRED.",
"multiValued": false,
"mutability": "readWrite",
"name": "displayName",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"description": "A list of members of the Group.",
"multiValued": true,
"mutability": "readWrite",
"name": "members",
"required": false,
"returned": "default",
"subAttributes": [
{
"caseExact": false,
"description": "Identifier of the member of this Group.",
"multiValued": false,
"mutability": "immutable",
"name": "value",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The URI corresponding to a SCIM resource that is a member of this Group.",
"multiValued": false,
"mutability": "immutable",
"name": "$ref",
"referenceTypes": [
"Group",
"User"
],
"required": false,
"returned": "default",
"type": "reference",
"uniqueness": "none"
}
],
"type": "complex"
}
],
"description": "Group",
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"meta": {
"location": "https://piedpiper.com/api/scim/resource/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"name": "Group"
},
{
"attributes": [
{
"caseExact": false,
"description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. REQUIRED.",
"multiValued": false,
"mutability": "readWrite",
"name": "userName",
"required": true,
"returned": "default",
"type": "string",
"uniqueness": "server"
},
{
"description": "A Boolean value indicating the User's administrative status.",
"multiValued": false,
"mutability": "readWrite",
"name": "active",
"required": false,
"returned": "default",
"type": "boolean"
}
],
"description": "User Account",
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"meta": {
"location": "https://piedpiper.com/api/scim/resource/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User",
"resourceType": "Schema"
},
"name": "User"
},
{
"attributes": [
{
"description": "A list of field errors.",
"multiValued": true,
"mutability": "immutable",
"name": "fieldErrors",
"required": false,
"returned": "default",
"subAttributes": [
{
"attributes": [
{
"caseExact": false,
"description": "The Fusion Auth error code",
"multiValued": false,
"mutability": "immutable",
"name": "code",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The Fusion Auth error message",
"multiValued": false,
"mutability": "immutable",
"name": "message",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
}
],
"description": "A list of field errors.",
"multiValued": true,
"mutability": "immutable",
"name": "object.fieldName",
"required": false,
"returned": "default"
}
],
"type": "complex"
},
{
"description": "A list of general errors.",
"multiValued": true,
"mutability": "immutable",
"name": "generalErrors",
"required": false,
"returned": "default",
"subAttributes": [
{
"caseExact": false,
"description": "The Fusion Auth error code",
"multiValued": false,
"mutability": "immutable",
"name": "code",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The Fusion Auth error data",
"multiValued": true,
"mutability": "immutable",
"name": "data",
"required": false,
"returned": "default",
"type": "complex",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The Fusion Auth error message",
"multiValued": false,
"mutability": "immutable",
"name": "message",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
}
],
"type": "complex"
}
],
"description": "FusionAuth Errors",
"id": "urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error",
"meta": {
"location": "https://piedpiper.com/api/scim/resource/v2/Schemas/urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error",
"resourceType": "Schema"
},
"name": "FusionAuthError"
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 4
}
Retrieve Service Provider Configuration
Request
Retrieve Service Provider Configuration
GET /api/scim/resource/v2/ServiceProviderConfig
Response
The response for this API contains the Service Provider Configuration in standard SCIM schema.
Code | Description |
---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following response body is taken from the SCIM RFC describing a SCIM Service Provider Configuration schema. For the full specification you can find the RFC.
Response Body
{
"authenticationSchemes": [
{
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"name": "OAuth2 Bearer Token",
"primary": true,
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"type": "oauthbearertoken"
}
],
"bulk": {
"supported": false
},
"changePassword": {
"supported": true
},
"etag": {
"supported": false
},
"filter": {
"maxResults": 500,
"supported": false
},
"meta": {
"location": "https://piedpiper.com/api/scim/resource/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig"
},
"patch": {
"supported": false
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"sort": {
"supported": false
}
}