0

As described in https://docs.wso2.com/display/IS500/WSO2+Identity+Server+as+a+SCIM+Service+Provider I can create new users through SCIM in a RESTful way. This is no problem in those cases where I create regular users using an existing admin user. However I would like to create users using several different admin users and, when querying for users, only be able to see the users that I created with that particular admin user. Can this be done out of the box, or do I need to create my own API to get this done? I'm using Identity Server 5.0.0. Thanks!

Community
  • 1
  • 1
cootje
  • 449
  • 1
  • 5
  • 11
  • I'm not sure the admin user that created the user is recorded; I haven't been able to find it. – Michael Geiser Mar 14 '15 at 20:59
  • in a related question...do you know how to get the "id" to show up in a claim? I tried several values for the "Mapped Attribute(s)" in Claim Management and got squat so far. I need to be able to see the id and actually pass it to sso apps as a claim so I can use to identify the user in the app for fine-grained authorizations. I could create a uuid and store it in an attribute like "url", but if the id exists, I want to use it instead of adding another uuid. – Michael Geiser Mar 14 '15 at 21:01
  • You've got a point in stating that it wouldn't be possible if it is not recorded who actually created the user. I guess we'll have to write an API that does matching in the email's domain name or something similar. Thanks! – cootje Mar 17 '15 at 16:12

1 Answers1

0

I looked through a BUNCH of documentation and I'm very sure the answer is that the "Created By user" is not available. There is a created date.

I would use an attribute (like facsimiletelephonenumber for example) to store the Created by User when I create the user. I have to figure out how to query on an arbitrary attribute like facsimiletelephonenumber

You can have the attribute and value show up in the User Profile page as a read-only attribute by configuring in Claim Management.

If you have the API call that will allow me to filter on an attribute like facsimiletelephonenumber, let me know; you can't use https://hostname:9443/wso2/scim/Users?filter=facsimiletelephonenumberEqadminuser for example

Michael Geiser
  • 365
  • 1
  • 14
  • Hmm, your answer popped up after I responded to the initial comment. For matching the admin with the user the best bet so far is to match both emain domains. Can think of several exceptions here but for now this should be enough. Thanks! – cootje Mar 17 '15 at 16:15