libre.sh/scimserviceprovider
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Packages Wiki Activity Actions
scimserviceprovider/README.md

3.3 KiB
Raw Blame History

SCIM Service Provider

This app allows to provision users and groups in Nextcloud from a scim client. It is based on audriga/scim-server-php SCIM library.

You can see the video that shows how it works.

Installation

Like any other app, it's available on Nextcloud's app store.

Authentication

Basic and bearer authentication are supported. For now, only admin users are authorized to access SCIM APIs.

Basic authentication

You just have to generate an app password in /settings/user/security.

Bearer authentication

It requires a JWT secret, to be enabled.

php occ config:app:set scimserviceprovider jwt-secret --value="CHANGE_ME"

Then you should generate a JWT signed with this secret and with sub in the payload referring to an existing username. (Handy CLI tool)

jwt encode --secret "CHANGE_ME" '{"sub":"admin"}'

Usage

$ curl http://<path-to-nextcloud>/index.php/apps/scimserviceprovider/<Resource> -H 'Authorization: <Auth>' -H 'Content-Type: application/scim+json'

Where <Resource> designates a SCIM resource, such as Users or Groups.

With Keycloak

You can use with the SCIM plugin we developped for keycloak.

With AzureAD

You can provision users from AzureAD to Nextcloud with this app. For this, you need to setup Bearer authentication.

Running tests

Broken.

Todo

  • Meta -> (can't implement yet)
    • createdAt
    • lastModified
  • ExternalID
  • json exceptions
  • group member removal
  • pagination
  • CI/CD
    • Lint cs:check
    • test psalm
    • test insomnia
    • publish app on app store
  • Allow for simultaneous usage of basic auth and bearer token auth (see Authentication TODOs / Open issues)

Disclaimer

This app relies on the fixes, being introduced to Nextcloud in PR #34172, since Nextcloud can't properly handle the Content-Type header value for SCIM (application/scim+json) otherwise. In the meantime until this PR is merged, SCIM clients interacting with this app might need to resort to using the standard value of application/json instead.

Funding

This app was started during the Nextgov hackathon!

This project is funded through NGI0 Entrust, a fund established by NLnet with financial support from the European Commission's Next Generation Internet program. Learn more at the NLnet project page.

NLnet foundation logo NGI Zero Logo