GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → elimity-com → scim

elimity-com / scim

Licence: MIT license
Golang Implementation of the SCIM v2 Specification

Programming Languages

go
31211 projects - #10 most used programming language

Labels

iamscimscim-2

Projects that are alternatives of or similar to scim

Startup Aws Iam Roles
A list of typical positions in a startup and their policies for IAM AWS.
Stars: ✭ 118 (+9.26%)
Mutual labels:  iam
Home
Welcome to Janssen: the world's fastest cloud native identity and access management platform
Stars: ✭ 176 (+62.96%)
Mutual labels:  iam
Aaia
AWS Identity and Access Management Visualizer and Anomaly Finder
Stars: ✭ 218 (+101.85%)
Mutual labels:  iam
Awsprocesscreds
Process credential providers for AWS SDKs and Tools
Stars: ✭ 123 (+13.89%)
Mutual labels:  iam
Iam Floyd
AWS IAM policy statement generator with fluent interface
Stars: ✭ 165 (+52.78%)
Mutual labels:  iam
Iamy
A cli tool for importing and exporting AWS IAM configuration to YAML files
Stars: ✭ 200 (+85.19%)
Mutual labels:  iam
Zitadel
ZITADEL - Cloud Native Identity and Access Management
Stars: ✭ 105 (-2.78%)
Mutual labels:  iam
Authing
🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.
Stars: ✭ 247 (+128.7%)
Mutual labels:  iam
Theidserver
OpenID/Connect server based on IdentityServer4
Stars: ✭ 170 (+57.41%)
Mutual labels:  iam
Pomerium
Pomerium is an identity-aware access proxy.
Stars: ✭ 2,860 (+2548.15%)
Mutual labels:  iam
Aws Iam Authenticator
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
Stars: ✭ 1,713 (+1486.11%)
Mutual labels:  iam
Kube Aws Iam Controller
Distribute different AWS IAM credentials to different pods in Kubernetes via secrets.
Stars: ✭ 137 (+26.85%)
Mutual labels:  iam
Drf Access Policy
Declarative access policies/permissions modeled after AWS' IAM policies.
Stars: ✭ 200 (+85.19%)
Mutual labels:  iam
Cipheridaas
CipherIDaaS —— Open-source IDaaS/IAM product by CipherChina , Hangzhou .
Stars: ✭ 121 (+12.04%)
Mutual labels:  iam
Keymaker
Lightweight SSH key management on AWS EC2
Stars: ✭ 221 (+104.63%)
Mutual labels:  iam
Trackiam
A project to collate IAM actions, AWS APIs and managed policies from various public sources.
Stars: ✭ 115 (+6.48%)
Mutual labels:  iam
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+72.22%)
Mutual labels:  iam
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+7350%)
Mutual labels:  iam
Complete Aws Iam Reference
Complete AWS IAM Reference
Stars: ✭ 236 (+118.52%)
Mutual labels:  iam
Osiam
MIT licensed Open Source Identity and Access Management implementing OAuth 2.0 and SCIMv2.
Stars: ✭ 205 (+89.81%)
Mutual labels:  iam
View All Similar Projects ➔

scim-logo

GoVersion GoDoc

Tag

This is an open source implementation of the SCIM v2.0 specification for use in Golang. SCIM defines a flexible schema mechanism and REST API for managing identity data. The goal is to reduce the complexity of user management operations by providing patterns for exchanging schemas using HTTP.

In this implementation it is easy to add custom schemas and extensions with the provided structures. Incoming resources will be validated by their corresponding schemas before being passed on to their callbacks.

The following features are supported:

  • GET for /Schemas, /ServiceProviderConfig and /ResourceTypes
  • CRUD (POST/GET/PUT/DELETE and PATCH) for your own resource types (i.e. /Users, /Groups, /Employees, ...)

Other optional features such as sorting, bulk, etc. are not supported in this version.

Installation

Assuming you already have a (recent) version of Go installed, you can get the code with go get:

$ go get github.com/elimity-com/scim

Usage

! errors are ignored for simplicity.

1. Create a service provider configuration.

RFC Config | Example Config

config := scim.ServiceProviderConfig{
    DocumentationURI: optional.NewString("www.example.com/scim"),
}

! no additional features/operations are supported in this version.

2. Create all supported schemas and extensions.

RFC Schema | User Schema | Group Schema | Extension Schema

schema := schema.Schema{
    ID:          "urn:ietf:params:scim:schemas:core:2.0:User",
    Name:        optional.NewString("User"),
    Description: optional.NewString("User Account"),
    Attributes:  []schema.CoreAttribute{
        schema.SimpleCoreAttribute(schema.SimpleStringParams(schema.StringParams{
            Name:       "userName",
            Required:   true,
            Uniqueness: schema.AttributeUniquenessServer(),
        })),
    },
}

extension := schema.Schema{
    ID:          "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
    Name:        optional.NewString("EnterpriseUser"),
    Description: optional.NewString("Enterprise User"),
    Attributes: []schema.CoreAttribute{
        schema.SimpleCoreAttribute(schema.SimpleStringParams(schema.StringParams{
            Name: "employeeNumber",
        })),
        schema.SimpleCoreAttribute(schema.SimpleStringParams(schema.StringParams{
            Name: "organization",
        })),
    },
}

3. Create all resource types and their callbacks.

RFC Resource Type | Example Resource Type

3.1 Callback (implementation of ResourceHandler)

Simple In Memory Example

var userResourceHandler scim.ResourceHandler
// initialize w/ own implementation

! each resource type should have its own resource handler.

3.2 Resource Type

resourceTypes := []ResourceType{
    {
        ID:          optional.NewString("User"),
        Name:        "User",
        Endpoint:    "/Users",
        Description: optional.NewString("User Account"),
        Schema:      schema,
        SchemaExtensions: []SchemaExtension{
            {Schema: extension},
        },
        Handler:     userResourceHandler,
    },
},

4. Create Server

server := Server{
    Config:        config,
    ResourceTypes: resourceTypes,
}

Addition Checks/Tests

Not everything can be checked by the SCIM server itself. Below are some things listed that we expect that the implementation covers.

! this list is currently incomplete!

We want to keep this list as short as possible. If you have ideas how we could enforce these rules in the server itself do not hesitate to open an issue or a PR.

Mutability

Immutable Attributes

PUT Handler: If one or more values are already set for the attribute, the input value(s) MUST match.

WriteOnly Attributes

ALL Handlers: Attribute values SHALL NOT be returned.
Note: These attributes usually also has a returned setting of "never".

Contributing

Contributors

We are happy to review pull requests, but please first discuss the change you wish to make via issue, email, or any other method with the owners of this repository before making a change.

If you would like to propose a change please ensure the following:

  • All checks of GitHub Actions are passing (GolangCI-Lint: misspell, godot and whitespace)
  • All already existing tests are passing.
  • You have written tests that cover the code you are making, make sure to include edge cases.
  • There is documentation for at least all public functions you have added.
  • New public functions and structures are kept to a minimum.
  • The same practices are applied (such as the anatomy of methods, names, etc.)
  • Your changes are compliant with SCIM v2.0 (released as RFC7642, RFC7643 and RFC7644 under IETF).
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].