我正在尝试在 AAD 中实现 SCIM,但在映射字段时遇到了困难。当用户被添加到组中时。在此示例中,我希望发生以下情况:
(与 scim 的作用差不多)
用户已配置,用户已创建。
用户已取消配置,用户已删除
用户已添加到群组,群组发生变化
用户已从组中删除,组发生变化。
这里是api信息
获取用户
方法:获取
网址:/scim/v2/Users?filter=userName+eq+%22example%40example.com%22
回复:
{
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ],
"Resources": [
{
"emails": [ { "value": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="22475a434f524e4762475a434f524e470c414d4f" rel="noreferrer noopener nofollow">[email protected]</a>" } ],
"appGroups": [ "Unicorn Team" ],
"schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ],
"name": { "familyName": "Family", "givenName": "Given" }, // SCIM requires names, but no real names are stored; you'll always get back these placeholder values
"active": true,
"id": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f6938e979b869a93b6938e979b869a93d895999b" rel="noreferrer noopener nofollow">[email protected]</a>",
"userName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="096c71686479656c496c71686479656c276a6664" rel="noreferrer noopener nofollow">[email protected]</a>",
"status": "success"
},
... // more users
]
}
添加用户
方法:
帖子
网址
/scim/v2/Users
正文
{
"userName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="711409101c011d14311409101c011d145f121e1c" rel="noreferrer noopener nofollow">[email protected]</a>",
"appGroups": [ "Unicorn Team", "Rainbow Team" ],
"active": true
}
回复:
{
"emails": [
{
"value": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="32574a535f425e5772574a535f425e571c515d5f" rel="noreferrer noopener nofollow">[email protected]</a>"
}
],
"appGroups": [
"Unicorn Team",
"Rainbow Team"
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"familyName": "Family",
"givenName": "Given"
},
"active": true,
"id": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="92f7eaf3ffe2fef7d2f7eaf3ffe2fef7bcf1fdff" rel="noreferrer noopener nofollow">[email protected]</a>",
"userName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a3c6dbc2ced3cfc6e3c6dbc2ced3cfc68dc0ccce" rel="noreferrer noopener nofollow">[email protected]</a>",
"status": "success"
}
用户配置:
"users": [
{
"email": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="85e0fde4e8f5e9e0c5e0fde4e8f5e9e0abe6eae8" rel="noreferrer noopener nofollow">[email protected]</a>",
"groups": ["Unicorn Team", "Rainbow Team"]
},
],
"groups": [
{
name: "Unicorn Team",
},
{
name: "Rainbow Team",
},
{
name: "X",
},
{
name: "Y",
},
{
name: "Z",
},
]
putUsers
方法:放置
网址:/scim/v2/Users/example%40example.com
正文:
{
"userName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="acc9d4cdc1dcc0c9ecc9d4cdc1dcc0c982cfc3c1" rel="noreferrer noopener nofollow">[email protected]</a>",
"appGroups": [ "Unicorn Team", "X" ],
"active": true
}
用户配置:
"users": [
{
"email": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="284d50494558444d684d50494558444d064b4745" rel="noreferrer noopener nofollow">[email protected]</a>",
"groups": ["Unicorn Team", "X"]
},
],
"groups": [
{
name: "Unicorn Team",
},
{
name: "Rainbow Team",
},
{
name: "X",
},
{
name: "Y",
},
{
name: "Z",
},
]
补丁用户
方法:补丁
网址:/scim/v2/Users/example%40example.com
正文:
{
"active": false
}
回复:
{
"emails": [
{
"value": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="94f1ecf5f9e4f8f1d4f1ecf5f9e4f8f1baf7fbf9" rel="noreferrer noopener nofollow">[email protected]</a>"
}
],
"appGroups": [
"Unicorn Group"
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"familyName": "Family",
"givenName": "Given"
},
"active": false,
"id": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="badfc2dbd7cad6dffadfc2dbd7cad6df94d9d5d7" rel="noreferrer noopener nofollow">[email protected]</a>",
"userName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="83e6fbe2eef3efe6c3e6fbe2eef3efe6ade0ecee" rel="noreferrer noopener nofollow">[email protected]</a>",
"status": "success"
}
用户配置
"users": [
],
"groups": [
{
name: "Unicorn Team",
},
{
name: "Rainbow Team",
},
{
name: "X",
},
{
name: "Y",
},
{
name: "Z",
},
]
最佳答案
为了在 SCIM AZURE AD 实现中将用户添加到组,您必须实现/Groups 端点,如下所示:
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-add-members
HTTP 补丁请求如引用中所示。
关于Azure Active Directory SCIM 映射,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60896792/