0

I am currently trying to develop a SCIM endpoint to be called from AAD. I pretty much understand the setup of SCIM and the idea behind it (I think). The problem is that I can't wrap my head around how to practically work with the Schemas. Should I make a model in C# that reflects the Schema that we end up using or should I try to do some clever logic that "looks up" the schema in the endpoint when a AAD for instance tries to create a user and then parse the JSON based on that or is there another approach that I am totally missing?

I am using a .NET Core Web API and have a Users controller so far as I do not really need anything else for now from AAD.

Any help with how to "use" these schemas in practice will be greatly appreciated!

PNS
  • 750
  • 1
  • 5
  • 19
  • You need to have separate SCIM endpoints for different entities such as groups. and each endpoint should accept predefined payload as per the SCIM defined schema. So you need to create c# class to reflect json schema. Also the schema need not to have all the attributes except the required ones. – Chetan Mar 21 '20 at 15:06
  • Hi Chetan, thanks. I figured that would be the way to do it, but I do not understand where the “mandatory” fields are defined. I get that there are some mandatory fields Per the SCIM definitions, but what if a client has more mandatory fields, where are these defined? – PNS Mar 21 '20 at 19:42

1 Answers1

0

This sample may be helpful - https://github.com/AzureAD/SCIMReferenceCode/blob/master/Microsoft.SystemForCrossDomainIdentityManagement/Schemas/Core2UserBase.cs

namespace Microsoft.SCIM
{
    using System.Collections.Generic;
    using System.Runtime.Serialization;

    [DataContract]
    public abstract class GroupBase : Resource
    {
        [DataMember(Name = AttributeNames.DisplayName)]
        public virtual string DisplayName
        {
            get;
            set;
        }

        [DataMember(Name = AttributeNames.Members, IsRequired = false, EmitDefaultValue = false)]
        public virtual IEnumerable<Member> Members
        {
            get;
            set;
        }
    }

When configuring your app in AAD you will also be able to go into the app > provisioning > attribute mappings > show advanced options > and then specify which attributes are required

user12999568
  • 41
  • 2