Matt Raible, profile picture
Uploaded byMatt Raible
PDF, PPTX41 views

Keep Identities in Sync the SCIMple Way - ApacheCon NA 2022

What if keeping your user stores in sync across domains was as simple as running "java -jar"? With Apache SCIMPle, it is! Apache SCIMple is a SCIM 2.0-compliant server powered by Spring Boot 3. You can run it standalone or embedded in your existing app. It exposes user management REST endpoints and handles the hassle of user synchronization for you. If your identity provider supports SCIM, use the simple way! GitHub example: https://github.com/mraible/okta-scim-spring-boot-example Demo script: https://github.com/mraible/okta-scim-spring-boot-example/blob/main/demo.adoc

Embed presentation

Download as PDF, PPTX
Keep Identities in Sync The SCIMple Way Brian Demers and Matt Raible @briandemers / @mraible October 3, 2022
@briandemers / @mraible Who are we? Brian Demers Open Source Developer and Java Champion Fun facts: likes to snowboard; into 🐝 @bdemers Matt Raible Open Source Developer and Java Champion Fun facts: likes to ski; into classic VWs ✌ @mraible
@briandemers / @mraible Today's Agenda What is SCIM? 01 Best Practices 02 Apache SCIMple 03 Demo Apache SCIMple + Spring Boot 04 Action! How to get involved! 05 @briandemers / @mraible
@briandemers / @mraible 01 What is SCIM? @briandemers / @mraible
@briandemers / @mraible System for Cross-domain Identity Management
@briandemers / @mraible TL;DR Standardized User & Groups REST API
@briandemers / @mraible REST Endpoints https://example.com/api/v1/Parts https://example.com/api/v1/Orders https://example.com/api/v1/Users https://example.com/api/v1/Groups https://example.com/api/v1/Users https://example.com/api/v1/Groups Imagine you are building an API for an auto parts store:
@briandemers / @mraible User Object { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"dschrute", "userName":"dschrute", "name":{ "formatted": "Mr. Dwight K Schrute, III", "familyName": "Schrute", "givenName": "Dwight", "middleName": "Kurt", "honorificPrefix": "Mr.", "honorificSuffix": "III" }, "phoneNumbers":[{ "value":"555-555-8377", "type": "work"}], "emails":[{ "value":"dschrute@example.com", "type":"work", "primary": true}], "meta":{ "resourceType": "User", "created":"2011-08-01T18:29:49.793Z", "lastModified":"2011-08-01T18:29:49.793Z", "location":"https:./example.com/v2/Users/2819c223..."}} application/scim+json
@briandemers / @mraible What about other attributes?
@briandemers / @mraible SCIM Extensions "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:scim:schemas:extension:srd:1.0:ability"], "urn:scim:schemas:extension:srd:1.0:ability": { "charisma": 14, "constitution": 12, "dexterity": 15, "intelligence": 8, "strength": 10, "wisdom": 13}
@briandemers / @mraible SCIM Schemas Endpoint-/Schemas { "id": "urn:scim:schemas:extension:srd:1.0:ability", "name": "SDR-OGL", "description": "Systems Reference Document - Ability Scores", "attributes": [{ "name": "charisma", "description": "Charisma, measuring force of personality", "required": true, "type": "integer", "uniqueness": "none", "caseExact": false, "multiValued": false, "mutability": "readWrite", "returned": "default"} ...
@briandemers / @mraible SCIM Endpoints /Users[/{id}] /Groups[/{id}] /Schemas[/{id}] /ResourceTypes[/{id}] /Bulk /ServiceProviderConfig
@briandemers / @mraible Why use SCIM?
@briandemers / @mraible Why should you use SCIM? ● Standardized RESTful API ● Covers >90% of use cases ● Integrate with other services
@briandemers / @mraible When to avoid SCIM?
@briandemers / @mraible 02 Best Practices
@briandemers / @mraible ● Store the "source" of the user ● Store the "ID" of the user's source ● Emails are not good IDs ● The status of a user is a boolean. ● SCIM supports a SQL like expression language User Model Best Practices /Users?filter=emails.value EQ "bob@example.com" /Users?filter=userName EQ "bob"
@briandemers / @mraible User data is sensitive! I Am Not A Lawyer!
@briandemers / @mraible 03 Apache SCIMple @briandemers / @mraible
@briandemers / @mraible ApacheDS Apache Directory Studio Apache LDAP API Apache Fortress Apache Kerby Apache SCIMple
Apache SCIMple History @briandemers / @mraible 2013: Started at PennState 2018: Moved to Apache Directory 2015: SCIM RFCs 2020: Something happened 2022: Jakarta APIs
@briandemers / @mraible 04 Demo @briandemers / @mraible github.com/mraible/okta-scim-spring-boot-example
@briandemers / @mraible 05 Action! @briandemers / @mraible
@briandemers / @mraible Action Get Involved with Apache SCIMple @briandemers / @mraible { } YOUR LOGO HERE
@briandemers / @mraible Action Get Involved with SCIMple @briandemers / @mraible directory.apache.org/scimple apache/directory-scimple scimple@directory.apache.org
@briandemers / @mraible Thanks! Brian Demers @briandemers @bdemers @bdemers brian.demers@okta.com Matt Raible @mraible @mraible @mraible matt.raible@okta.com https://speakerdeck.com/mraible
developer.okta.com

More Related Content

PDF
Micro Frontends for Java Microservices - Belfast JUG 2022
byMatt Raible
 
PDF
Micro Frontends for Java Microservices - Dublin JUG 2022
byMatt Raible
 
PDF
Micro Frontends for Java Microservices - Cork JUG 2022
byMatt Raible
 
PDF
Comparing Native Java REST API Frameworks - Seattle JUG 2022
byMatt Raible
 
PDF
Reactive Java Microservices with Spring Boot and JHipster - Spring I/O 2022
byMatt Raible
 
PDF
Comparing Native Java REST API Frameworks - Devoxx France 2022
byMatt Raible
 
PDF
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
byMatt Raible
 
PDF
Native Java with Spring Boot and JHipster - Garden State JUG 2021
byMatt Raible
 
Micro Frontends for Java Microservices - Belfast JUG 2022
byMatt Raible
 
Micro Frontends for Java Microservices - Dublin JUG 2022
byMatt Raible
 
Micro Frontends for Java Microservices - Cork JUG 2022
byMatt Raible
 
Comparing Native Java REST API Frameworks - Seattle JUG 2022
byMatt Raible
 
Reactive Java Microservices with Spring Boot and JHipster - Spring I/O 2022
byMatt Raible
 
Comparing Native Java REST API Frameworks - Devoxx France 2022
byMatt Raible
 
Lock That Sh*t Down! Auth Security Patterns for Apps, APIs, and Infra - Devne...
byMatt Raible
 
Native Java with Spring Boot and JHipster - Garden State JUG 2021
byMatt Raible
 

More from Matt Raible

PDF
Java REST API Framework Comparison - PWX 2021
byMatt Raible
 
PDF
Web App Security for Java Developers - PWX 2021
byMatt Raible
 
PDF
Mobile App Development with Ionic, React Native, and JHipster - Connect.Tech ...
byMatt Raible
 
PDF
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
byMatt Raible
 
PDF
Web App Security for Java Developers - UberConf 2021
byMatt Raible
 
PDF
Java REST API Framework Comparison - UberConf 2021
byMatt Raible
 
PDF
Native Java with Spring Boot and JHipster - SF JUG 2021
byMatt Raible
 
PDF
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
byMatt Raible
 
PDF
Reactive Java Microservices with Spring Boot and JHipster - Denver JUG 2021
byMatt Raible
 
PDF
Get Hip with JHipster - Colorado Springs Open Source User Group 2021
byMatt Raible
 
PDF
JHipster and Okta - JHipster Virtual Meetup December 2020
byMatt Raible
 
PDF
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
byMatt Raible
 
PDF
Security Patterns for Microservice Architectures - SpringOne 2020
byMatt Raible
 
PDF
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
byMatt Raible
 
PDF
Microservices for the Masses with Spring Boot, JHipster, and OAuth - South We...
byMatt Raible
 
PDF
Security Patterns for Microservice Architectures - London Java Community 2020
byMatt Raible
 
PDF
Mobile Development with Ionic, React Native, and JHipster - AllTheTalks 2020
byMatt Raible
 
PDF
Security Patterns for Microservice Architectures - Oktane20
byMatt Raible
 
PDF
Full Stack Reactive with React and Spring WebFlux - Switzerland JUG 2020
byMatt Raible
 
PDF
Microservices for the Masses with Spring Boot, JHipster, and OAuth - Switzerl...
byMatt Raible
 
Java REST API Framework Comparison - PWX 2021
byMatt Raible
 
Web App Security for Java Developers - PWX 2021
byMatt Raible
 
Mobile App Development with Ionic, React Native, and JHipster - Connect.Tech ...
byMatt Raible
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Joker...
byMatt Raible
 
Web App Security for Java Developers - UberConf 2021
byMatt Raible
 
Java REST API Framework Comparison - UberConf 2021
byMatt Raible
 
Native Java with Spring Boot and JHipster - SF JUG 2021
byMatt Raible
 
Lock That Shit Down! Auth Security Patterns for Apps, APIs, and Infra - Sprin...
byMatt Raible
 
Reactive Java Microservices with Spring Boot and JHipster - Denver JUG 2021
byMatt Raible
 
Get Hip with JHipster - Colorado Springs Open Source User Group 2021
byMatt Raible
 
JHipster and Okta - JHipster Virtual Meetup December 2020
byMatt Raible
 
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
byMatt Raible
 
Security Patterns for Microservice Architectures - SpringOne 2020
byMatt Raible
 
Security Patterns for Microservice Architectures - ADTMag Microservices & API...
byMatt Raible
 
Microservices for the Masses with Spring Boot, JHipster, and OAuth - South We...
byMatt Raible
 
Security Patterns for Microservice Architectures - London Java Community 2020
byMatt Raible
 
Mobile Development with Ionic, React Native, and JHipster - AllTheTalks 2020
byMatt Raible
 
Security Patterns for Microservice Architectures - Oktane20
byMatt Raible
 
Full Stack Reactive with React and Spring WebFlux - Switzerland JUG 2020
byMatt Raible
 
Microservices for the Masses with Spring Boot, JHipster, and OAuth - Switzerl...
byMatt Raible
 

Keep Identities in Sync the SCIMple Way - ApacheCon NA 2022

  • 1.
    Keep Identities inSync The SCIMple Way Brian Demers and Matt Raible @briandemers / @mraible October 3, 2022
  • 2.
    @briandemers / @mraible Whoare we? Brian Demers Open Source Developer and Java Champion Fun facts: likes to snowboard; into 🐝 @bdemers Matt Raible Open Source Developer and Java Champion Fun facts: likes to ski; into classic VWs ✌ @mraible
  • 3.
    @briandemers / @mraible Today'sAgenda What is SCIM? 01 Best Practices 02 Apache SCIMple 03 Demo Apache SCIMple + Spring Boot 04 Action! How to get involved! 05 @briandemers / @mraible
  • 4.
    @briandemers / @mraible 01 Whatis SCIM? @briandemers / @mraible
  • 5.
    @briandemers / @mraible Systemfor Cross-domain Identity Management
  • 6.
  • 7.
    @briandemers / @mraible RESTEndpoints https://example.com/api/v1/Parts https://example.com/api/v1/Orders https://example.com/api/v1/Users https://example.com/api/v1/Groups https://example.com/api/v1/Users https://example.com/api/v1/Groups Imagine you are building an API for an auto parts store:
  • 8.
    @briandemers / @mraible UserObject { "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"], "id":"2819c223-7f76-453a-919d-413861904646", "externalId":"dschrute", "userName":"dschrute", "name":{ "formatted": "Mr. Dwight K Schrute, III", "familyName": "Schrute", "givenName": "Dwight", "middleName": "Kurt", "honorificPrefix": "Mr.", "honorificSuffix": "III" }, "phoneNumbers":[{ "value":"555-555-8377", "type": "work"}], "emails":[{ "value":"dschrute@example.com", "type":"work", "primary": true}], "meta":{ "resourceType": "User", "created":"2011-08-01T18:29:49.793Z", "lastModified":"2011-08-01T18:29:49.793Z", "location":"https:./example.com/v2/Users/2819c223..."}} application/scim+json
  • 9.
    @briandemers / @mraible Whatabout other attributes?
  • 10.
    @briandemers / @mraible SCIMExtensions "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:scim:schemas:extension:srd:1.0:ability"], "urn:scim:schemas:extension:srd:1.0:ability": { "charisma": 14, "constitution": 12, "dexterity": 15, "intelligence": 8, "strength": 10, "wisdom": 13}
  • 11.
    @briandemers / @mraible SCIMSchemas Endpoint-/Schemas { "id": "urn:scim:schemas:extension:srd:1.0:ability", "name": "SDR-OGL", "description": "Systems Reference Document - Ability Scores", "attributes": [{ "name": "charisma", "description": "Charisma, measuring force of personality", "required": true, "type": "integer", "uniqueness": "none", "caseExact": false, "multiValued": false, "mutability": "readWrite", "returned": "default"} ...
  • 12.
    @briandemers / @mraible SCIMEndpoints /Users[/{id}] /Groups[/{id}] /Schemas[/{id}] /ResourceTypes[/{id}] /Bulk /ServiceProviderConfig
  • 13.
  • 14.
    @briandemers / @mraible Whyshould you use SCIM? ● Standardized RESTful API ● Covers >90% of use cases ● Integrate with other services
  • 15.
  • 16.
  • 17.
    @briandemers / @mraible ●Store the "source" of the user ● Store the "ID" of the user's source ● Emails are not good IDs ● The status of a user is a boolean. ● SCIM supports a SQL like expression language User Model Best Practices /Users?filter=emails.value EQ "bob@example.com" /Users?filter=userName EQ "bob"
  • 18.
    @briandemers / @mraible Userdata is sensitive! I Am Not A Lawyer!
  • 19.
  • 20.
    @briandemers / @mraible ApacheDS ApacheDirectory Studio Apache LDAP API Apache Fortress Apache Kerby Apache SCIMple
  • 21.
    Apache SCIMple History @briandemers/ @mraible 2013: Started at PennState 2018: Moved to Apache Directory 2015: SCIM RFCs 2020: Something happened 2022: Jakarta APIs
  • 22.
    @briandemers / @mraible 04 Demo @briandemers/ @mraible github.com/mraible/okta-scim-spring-boot-example
  • 23.
  • 24.
    @briandemers / @mraible Action GetInvolved with Apache SCIMple @briandemers / @mraible { } YOUR LOGO HERE
  • 25.
    @briandemers / @mraible Action GetInvolved with SCIMple @briandemers / @mraible directory.apache.org/scimple apache/directory-scimple scimple@directory.apache.org
  • 26.
    @briandemers / @mraible Thanks! BrianDemers @briandemers @bdemers @bdemers brian.demers@okta.com Matt Raible @mraible @mraible @mraible matt.raible@okta.com https://speakerdeck.com/mraible
  • 27.