![Page 1: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/1.jpg)
Prabath Siriwardena (@prabath)
Senior Software Architect
![Page 2: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/2.jpg)
![Page 3: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/3.jpg)
![Page 4: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/4.jpg)
![Page 5: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/5.jpg)
![Page 6: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/6.jpg)
![Page 7: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/7.jpg)
![Page 8: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/8.jpg)
![Page 9: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/9.jpg)
2001 : OASIS PS TC
2003 : SPML 1.0 2003 : WS-‐Provisioning
2006 : SPML 2.0 2010 : SCIM community
2011 : SCIM 1.0
2012 : SCIM 1.1
2011 : RESTPML
![Page 10: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/10.jpg)
![Page 11: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/11.jpg)
SCIM Service Provider
/Users
/Groups SCIM Consumer
![Page 12: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/12.jpg)
{ "schemas":[], "name":{"familyName":”siriwardena","givenName":”prabath"}, "userName":”prabath","password":”prabath123", "emails":[{"primary":true,"value":”[email protected]","type":"home"},
{"value":”[email protected]","type":"work"}] }
curl -‐v -‐k -‐-‐user admin:admin -‐d @add-‐user.json -‐-‐header "Content-‐Type:application/json" https://localhost:9443/wso2/scim/Users
add-‐user.json
curl command
![Page 13: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/13.jpg)
{ "schemas": ["urn:scim:schemas:core:1.0"], "id": "idnext", "displayName": "IdentityNext", }
curl -‐v -‐k -‐-‐user admin:admin -‐d @add-‐group.json -‐-‐header "Content-‐Type:application/json" https://localhost:9443/wso2/scim/Groups
add-‐group.json
curl command
![Page 14: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/14.jpg)
![Page 15: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/15.jpg)
Provisioning
Service Provider
Domain A
Domain B
One way provisioning
Provisioning
Service Provider
Provisioning
Service Provider
Domain C
SCIM Consumer
![Page 16: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/16.jpg)
Provisioning
Service Provider
Domain A
Domain B
One way provisioning with broker mode
Provisioning
Service Provider
Provisioning
Service Provider
Domain C
SCIM Consumer
![Page 17: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/17.jpg)
Provisioning
Service Provider
Domain A
Domain B
Bi-‐directional provisioning
Provisioning
Service Provider
Provisioning
Service Provider
Domain C
SCIM Consumer
SCIM Consumer
SCIM Consumer
![Page 18: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/18.jpg)
Provisioning
Service Provider
Domain A
Domain B
Multi-‐directional provisioning with a centralized PSP
Provisioning
Service Provider
Provisioning
Service Provider
Domain C
SCIM Consumer
SCIM Consumer
SCIM Consumer
Provisioning
Service Provider
![Page 19: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/19.jpg)
Provisioning
Service Provider
Domain A
Domain B
Just-‐in-‐time provisioning with SAML2
SAML2 IdP
1
2
3
4
![Page 20: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/20.jpg)
Provisioning
Service Provider
Domain A
Domain B
Just-‐in-‐time provisioning with SAML2
SAML2 IdP
1
2
3
5
4
![Page 21: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/21.jpg)
Provisioning
Service Provider
SCIM Consumer (facilelogin.com)
SCIM Consumer (wso2.com)
wso2.com
facilelogin.com
![Page 22: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/22.jpg)
Provisioning
Service Provider
SCIM Consumer
OAuth 2.0
Authorization Server
Bearer Token
![Page 23: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/23.jpg)
Provisioning
Service Provider
SCIM Consumer
OAuth 2.0
Authorization Server
Bearer Token
Validate()
![Page 24: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/24.jpg)
Client
Resource Owner
Resource
Scope
Action
SCIM Consumer
Provisioning
Service Provider
![Page 25: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/25.jpg)
Provisioning
Service Provider
SCIM Consumer
OAuth 2.0
Authorization Server
Validate()
XACML PDP
XACML Request
Permit/Deny/…
![Page 26: Open Standard Based identity Provisioning System for Cloud](https://reader037.vdocument.in/reader037/viewer/2022103115/556c0b17d8b42a852a8b4791/html5/thumbnails/26.jpg)