- Created by Phillip Hanegan, last modified on May 10, 2021
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 3 Next »
Workflow Studio provides a SCIM Microservice template that you can use to create your own microservices using the SCIM protocol. As a developer, all you need to do is add the appropriate logic needed for your implementation. Once you have added your own logic, you then build and deploy the microservice to the appropriate environment (such as Azure), and connect EmpowerID to that environment.
In this tutorial, you will learn how to do the following:
▪ Create an microservice project in Workflow Studio
▪ Open the project in Visual Studio
▪ Add your implementation logic to the microservice
▪ Publish and deploy the microservice
▪ Create the SCIM account store used to connect EmpowerID to the microservice
In this article, the microservice is published to an app service in Azure. The details of setting this up is assumed on the part of the reader. It is also assumed that the reader has a basic understanding of the SCIM protocol and microservices.
When developing SCIM microservices, you use Workflow Studio to create the template and then use Visual Studio to write the code for your particular implementation of the microservice.
Create a SCIM microservice in Workflow Studio
In Workflow Studio, right-click on the source control folder in which you want to create the SCIM microservice and select New Extension or Library > SCIM Microservice v2 (.NET Core 2.2).
Click the Save button on the Workflow Studio toolbar to save the SCIM microservice, giving it an appropriate name as you do.
Workflow Studio generates a stub for the new SCIM microservice.
If you expand the Code Tree for the project, you can see that the template generated a number of classes for the project. You use these classes to define your models, controllers and repositories for the SCIM microservice.Class
Description
LocationsController.cs
Controller for location endpoint(s)
LocationsRepository.cs
Contains the following implementation methods for retrieving and sending location data to and from the connected system:
Create()
– Create locations in the external systemQuery()
– Query and return location data from the external systemGet()
– Returns a single location from the external systemUpdate()
– Updates a single location in the external systemPatch()
– Adds a new locationDelete()
– Deletes a single location in the external system
Group.cs
Model for SCIM groups
GroupDataExtension.cs
Class that can be used to extend the group model with additional attributes as needed
Location.cs
Model for SCIM locations
Role.cs
Model for SCIM roles
User.cs
Model for SCIM users
UserDataExtension.cs
Class that can be used to extend the user model with additional attributes as needed
UserLocation.cs
Class for SCIM user locations
UserRole.cs
Class for SCIM user roles
UserRoleLocation.cs
Class for SCIM role locations
RolesController.cs
Controller for role endpoint(s)
RolesRepository.cs
Contains the following implementation methods for retrieving and sending role data to and from the connected system:
Create()
– Create roles in the external systemQuery()
– Query and return role data from the external systemGet()
– Returns a single role from the external systemUpdate()
– Updates a single role in the external systemPatch()
– Adds a new roleDelete()
– Deletes a single role in the external system
UserLocationsController.cs
Controller for user location endpoint(s)
UserLocationRepository.cs
Contains the following implementation methods for retrieving and sending user location data to and from the connected system:
Create()
– Create user locations in the external systemQuery()
– Query and return user location data from the external systemGet()
– Returns a single user location from the external systemUpdate()
– Updates a single user location in the external systemPatch()
– Adds a new user locationDelete()
– Deletes a single user location in the external system
GroupsController.cs
Controller for group endpoint(s)
GroupsRepository.cs
Contains the following implementation methods for retrieving and sending group data to and from the connected system:
Create()
– Create groups in the external systemQuery()
– Query and return group data from the external systemGet()
– Returns a single group from the external systemUpdate()
– Updates a single group in the external systemPatch()
– Adds a new groupDelete()
– Deletes a single group in the external system
UsersController.cs
Controller for user endpoint(s)
UsersRepository.cs
Contains the following implementation methods for retrieving and sending user data to and from the connected system:
Create()
– Create users in the external systemQuery()
– Query and return user data from the external systemGet()
– Returns a single user from the external systemUpdate()
– Updates a single user in the external systemPatch()
– Adds a new userDelete()
– Deletes a single user in the external system
Open the project in Visual Studio
Close the Workflow Studio project and then locate it your source control tree.
From your source control tree, double-click the project.
This opens the project in Visual Studio.Write code to implement the class stubs for your specific scenario and when finished build the solution.
This publishes the solution as a zip file to the microservices folder in the source control folder on your local machine (e.g., .\empowerid\WFS\microservices).
Next, deploy the microservice to the desired environment. If you are using Azure and have defined an app service for the microservice, you can do this in Workflow Studio.
Deploy the microservice to Azure
In Workflow Studio, select Cloud Explorer.
Right-click Azure App Services Deployment and select Publish App to App Service…
In the Publish to Azure App Service Credentials window that opens, click the Browse from Publish Profile button.
Locate and select the .PublishSettings file for the app service. The .PublishSettings file is the file downloaded for the app service from Azure.
This populates the fields of the Azure App Service Credentials window with the needed deployment information.Click OK to close the Publish to Azure App Service Credentials window.
In the Open File dialog that appears, search for and select the zip file for the microservice you just published.
Wait for Workflow Studio to deploy the microservice to the app service and then click OK to close the Success messagebox.
Next, create a SCIM account store in EmpowerID for the system to which you are connecting EmpowerID and verify that the configuration parameters are correct for your system.
Create the SCIM account store
From the navbar of the EmpowerID Web interface, expand Admin > Applications and Directories and select Account Stores and Systems.
Select the Actions tab and then click Create Account Store.
Search for SCIM Connector.
Click the SCIM Connector record to select it and then click Submit.
Enter the following information in the SCIM connector form:
Name – Name of the connector
Base URL – URL for the site hosting the microservice. For example, if the microservice is hosted in an Azure app service, enter the URL for the app service.
Client Secret – If using OAuth authentication, enter the Client Secret for the app.
Client ID – If using OAuth authentication, enter the Client ID for the app.
Certificate – If using certificate-based authentication, enter the thumbprint of the certificate.
When ready, click Submit.
After EmpowerID creates the account store, it displays the Account Store Details page for the account store.
Select the Resource System tab and then expand the Configuration Parameters accordion.
The accordion contains the following parameters, some of which may not pertain to your specific implementation.Configuration Parameter
Description
AccessTokenUrl
Endpoint for fetching an OAuth token
AuthorizationUrl
Authorization endpoint
certificateThumbPrint
Thumbprint of the certificate used for authentication
ClientKey
Value of the Client key
ClientSecret
Value of the Client Secret
CreateUserUrl
Endpoint for creating users in the external system.
GetOrDeleteOrUpdateGroupByIDUrl
Endpoint for fetching, deleting or updating groups in the external system.
GetGroupMemberURl
Endpoint for fetching a single user in the external system.
QueryGroupsUrl
Endpoint for fetching group data in the external system.
QueryRolesURl
Endpoint for fetching role data in the external system.
QueryZonesUrl
Endpoint for fetching location data in the external system.
ServiceUrl
Endpoint for the accessing the application in the hosted environment, such as an Azure app service.
Edit the parameters as needed. To do so, click the Edit button for the parameter to be updated as shown below.
Enter the appropriate value for parameter in the Value field and click Save.
Repeat for each parameter that needs to be updated.
As a final step, the account store needs to be configured by an administrator before inventory. This includes configuring attribute flow, account store settings and enabling the Account Inbox Permanent Workflow. For an example of what needs to be done, see Connecting to Zendesk in the Admin guide.
IN THIS ARTICLE
- No labels