diff --git a/docs/UAA-APIs.rst b/docs/UAA-APIs.rst index 1621c74f9a4..42fd7b91693 100644 --- a/docs/UAA-APIs.rst +++ b/docs/UAA-APIs.rst @@ -126,7 +126,11 @@ Several modes of operation and other optional features can be set in configurati * Other Authentication sources - Other standard external authentication sources can also be used. The most common and therefore the expected starting point are LDAP server, or an external OpenID provider (e.g. Google). Another expected authentication source would be Horizon Application Manager either through OAuth2 (preferred), or SAML protocols. General SAML2 support is not currently planned but could be added and would provide capabilities similar to OpenID and OAuth. + * LDAP - LDAP is currently supported for user authentication and group integration + + * SAML - SAML is currently supported for user authentication and group integration. Limitation is that the username returned from the SAML assertion should be an email address + + * Keystone - Keystone authentication is experimental and disabled in the Travis CI tests Authentication and Delegated Authorization APIs =============================================== @@ -1036,114 +1040,274 @@ See `SCIM - Creating Resources`__ __ http://www.simplecloud.info/specs/draft-scim-rest-api-01.html#create-resource -* Request: ``POST /Users`` -* Request Headers: Authorization header containing an `OAuth2`_ bearer token with:: - - scope = scim.write - aud = scim +================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== +Request ``POST /Users`` +Header Authorization Bearer token +Scopes Required scim.write or scim.create +Request body *example* :: -* Request Body:: + { + "externalId":"", + "userName":"JOE_tpcqlm", + "name": { + "formatted":"Joe User", + "familyName":"User", + "givenName":"Joe" + }, + "emails":[{"value":"joe@blah.com"}], + "active":true, + "verified":false, + "origin":"uaa", + "schemas":["urn:scim:schemas:core:1.0"]} - { - "schemas":["urn:scim:schemas:core:1.0"], - "userName":"bjensen", - "name":{ - "formatted":"Ms. Barbara J Jensen III", - "familyName":"Jensen", - "givenName":"Barbara" - } - } -The ``userName`` is unique in the UAA, but is allowed to change. Each user also has a fixed primary key which is a UUID (stored in the ``id`` field of the core schema). + The ``userName`` / ``origin`` combination is unique in the UAA, but is allowed to change. Each user also has a fixed primary key which is a UUID (stored in the ``id`` field of the core schema). * Response Body:: - HTTP/1.1 201 Created - Content-Type: application/json - Location: https://example.com/v1/User/uid=123456 - ETag: "0" + HTTP/1.1 201 Created + Content-Type: application/json + Location: https://example.com/Users/c72518a7-8f68-4de6-b9b7-22a14292ef3f + ETag: "0" - { - "schemas":["urn:scim:schemas:core:1.0"], - "id":"123456", - "externalId":"bjensen", - "meta":{ - "version":0, - "created":"2011-08-01T21:32:44.882Z", - "lastModified":"2011-08-01T21:32:44.882Z" - }, - "name":{ - "formatted":"Ms. Barbara J Jensen III", - "familyName":"Jensen", - "givenName":"Barbara" - }, - "userName":"bjensen" - } + { + "id":"c72518a7-8f68-4de6-b9b7-22a14292ef3f", + "meta":{"version":0,"created":"2015-04-01T11:42:59.420Z","lastModified":"2015-04-01T11:42:59.420Z"}, + "userName":"JOE_tpcqlm", + "name":{ + "familyName":"User", + "givenName":"Joe" + }, + "emails":[{"value":"joe@blah.com"}], + "groups":[ + {"value":"e3087175-49d7-416f-829a-dd5c45d81e57","display":"password.write","type":"DIRECT"}, + {"value":"cac347d6-e1d2-4f7f-ac7a-3e915fd395cc","display":"oauth.approvals","type":"DIRECT"}, + {"value":"8373425c-df35-4e6a-ac50-36fc4287ad7e","display":"cloud_controller.read","type":"DIRECT"}, + {"value":"a000dba5-81f9-4f4f-b73a-15d03d3958a9","display":"approvals.me","type":"DIRECT"}, + {"value":"d479a26a-090a-45ce-b0cf-a0eb9a28ba93","display":"scim.me","type":"DIRECT"}, + {"value":"ad228b94-a553-4122-a111-31eb9970c050","display":"scim.userids","type":"DIRECT"}, + {"value":"2c90cc32-15f9-4c10-8926-b99688324ae6","display":"cloud_controller.write","type":"DIRECT"}, + {"value":"395d8a63-190e-4152-baf4-26c830e6d3c4","display":"uaa.user","type":"DIRECT"}, + {"value":"1b27d514-8179-41fb-80e9-057b1d88c6d0","display":"openid","type":"DIRECT"}, + {"value":"7db41ba4-b503-43a4-9c5f-b57d840176b6","display":"cloud_controller_service_permissions.read","type":"DIRECT"} + ], + "approvals":[], + "active":true, + "verified":false, + "origin":"uaa", + "zoneId":"uaa", + "schemas":["urn:scim:schemas:core:1.0"] + } * Response Codes:: 201 - Created successfully - 400 - Bad Request (unparseable, syntactically incorrect etc) - 401 - Unauthorized + 400 - Bad Request - unparseable, syntactically incorrect etc + 401 - Unauthorized - Invalid token + 403 - Forbidden - insufficient scope +Fields *Available Fields* :: + + User Fields + ====================== =============== ======== ======================================================= + id String(36) Auto Unique identifier for this provider - GUID generated by the UAA + userName String(255) Required Username, typically an email address + name Map Optional Map containing the fields + givenName String Optional First name + familyName String Optional Last name + emails List Required List of email addresses, currently only one is supported + active boolean Required Set to true to allow this user to login + verified boolean Required Set to true to indicate that this user has been verified. + origin String Optional Set the origin of this user. If empty default of 'uaa' will be set + schemas List Optional Singleton list of 'urn:scim:schemas:core:1.0' + externalId String Optional If this user has an external ID in another system + +Curl Example POST Create a user:: + + curl -v + -H"Authorization: Bearer $TOKEN" + -XPOST -H"Accept:application/json" + -H"Content-Type:application/json" + --data '{"userName":"JOE_tpcqlm","name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"},"emails":[{"value":"joe@blah.com"}]}' + http://localhost:8080/uaa/Users + +================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== + Update a User: ``PUT /Users/{id}`` ----------------------------------------- +---------------------------------- See `SCIM - Modifying with PUT `_ -* Request: ``PUT /Users/{id}`` -* Request Headers: Authorization header containing an `OAuth2`_ bearer token with:: - scope = scim.write - aud = scim +================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== +Request ``PUT /Users/{id}`` +Header Authorization Bearer token +Header If-Match with the value of the current version of the user, or * to disable version check +Scopes Required scim.write or the user id in the token is {id} +Request body *example* :: -* Request Body:: + { + "externalId":"", + "userName":"JOE_tpcqlm", + "name": { + "formatted":"Joe User", + "familyName":"User", + "givenName":"Joe" + }, + "emails":[{"value":"joe@blah.com"}], + "active":true, + "verified":false, + "origin":"uaa", + "schemas":["urn:scim:schemas:core:1.0"]} - Host: example.com - Accept: application/json - Authorization: Bearer h480djs93hd8 - If-Match: "2" - { - "schemas":["urn:scim:schemas:core:1.0"], - "id":"123456", - "userName":"bjensen", - "externalId":"bjensen", - "name":{ - "formatted":"Ms. Barbara J Jensen III", - "familyName":"Jensen", - "givenName":"Barbara", - "middleName":"Jane" - }, - "emails":[ - { - "value":"bjensen@example.com" - }, - { - "value":"babs@jensen.org" - } - ], - "meta":{ - "version":2, - "created":"2011-11-30T21:11:30.000Z", - "lastModified":"2011-12-30T21:11:30.000Z" - } - } +* Response Body:: -* Response Body: - As for create operation, returns the entire, updated record, with the Location header pointing to the resource. + HTTP/1.1 200 Ok + Content-Type: application/json + Location: https://example.com/Users/c72518a7-8f68-4de6-b9b7-22a14292ef3f + ETag: "1" + + { + "id":"c72518a7-8f68-4de6-b9b7-22a14292ef3f", + "meta":{"version":0,"created":"2015-04-01T11:42:59.420Z","lastModified":"2015-04-01T11:42:59.420Z"}, + "userName":"JOE_tpcqlm", + "name":{ + "familyName":"User", + "givenName":"Joe" + }, + "emails":[{"value":"joe@blah.com"}], + "groups":[ + {"value":"e3087175-49d7-416f-829a-dd5c45d81e57","display":"password.write","type":"DIRECT"}, + {"value":"cac347d6-e1d2-4f7f-ac7a-3e915fd395cc","display":"oauth.approvals","type":"DIRECT"}, + {"value":"8373425c-df35-4e6a-ac50-36fc4287ad7e","display":"cloud_controller.read","type":"DIRECT"}, + {"value":"a000dba5-81f9-4f4f-b73a-15d03d3958a9","display":"approvals.me","type":"DIRECT"}, + {"value":"d479a26a-090a-45ce-b0cf-a0eb9a28ba93","display":"scim.me","type":"DIRECT"}, + {"value":"ad228b94-a553-4122-a111-31eb9970c050","display":"scim.userids","type":"DIRECT"}, + {"value":"2c90cc32-15f9-4c10-8926-b99688324ae6","display":"cloud_controller.write","type":"DIRECT"}, + {"value":"395d8a63-190e-4152-baf4-26c830e6d3c4","display":"uaa.user","type":"DIRECT"}, + {"value":"1b27d514-8179-41fb-80e9-057b1d88c6d0","display":"openid","type":"DIRECT"}, + {"value":"7db41ba4-b503-43a4-9c5f-b57d840176b6","display":"cloud_controller_service_permissions.read","type":"DIRECT"} + ], + "approvals":[], + "active":true, + "verified":false, + "origin":"uaa", + "zoneId":"uaa", + "schemas":["urn:scim:schemas:core:1.0"] + } * Response Codes:: - 200 - Updated successfully - 400 - Bad Request - 401 - Unauthorized - 404 - Not found + 201 - Created successfully + 400 - Bad Request - unparseable, syntactically incorrect etc + 401 - Unauthorized - Invalid token + 403 - Forbidden - insufficient scope + 404 - Not Found - non existent ID + 409 - Conflict - If-Match header, version mismatch + + +Fields *Available Fields* :: + + User Fields + ====================== =============== ======== ======================================================= + id String(36) Auto Unique identifier for this provider - GUID generated by the UAA + userName String(255) Required Username, typically an email address + name Map Optional Map containing the fields + givenName String Optional First name + familyName String Optional Last name + emails List Required List of email addresses, currently only one is supported + active boolean Required Set to true to allow this user to login + verified boolean Required Set to true to indicate that this user has been verified. + origin String Optional Set the origin of this user. If empty default of 'uaa' will be set + schemas List Optional Singleton list of 'urn:scim:schemas:core:1.0' + externalId String Optional If this user has an external ID in another system + +Curl Example PUT Create a user:: + + curl -v + -H"If-Match:*" + -H"Authorization: Bearer $TOKEN" + -XPUT + -H"Accept:application/json" + -H"Content-Type:application/json" + --data '{"userName":"JOE_tpcqlsm","name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"},"emails":[{"value":"joe@blah.com"}]}' + http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + +================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== Note: SCIM also optionally supports partial update using PATCH. +Delete a User: ``DELETE /Users/{id}`` +------------------------------------- + +The UAA has two modes of deleting a user. Either a hard delete, or setting ``active=false`` +This behavior is controlled by the boolean property ``scim.delete.deactivate`` + +================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== +Request ``DELETE /Users/{id}`` +Header Authorization Bearer token +Header If-Match with the value of the current version of the user, or * to disable version check +Scopes Required scim.write + +* Response Body:: + + HTTP/1.1 200 Ok + Content-Type: application/json + Location: https://example.com/Users/c72518a7-8f68-4de6-b9b7-22a14292ef3f + ETag: "2" + + { + "id":"c72518a7-8f68-4de6-b9b7-22a14292ef3f", + "meta":{"version":0,"created":"2015-04-01T11:42:59.420Z","lastModified":"2015-04-01T11:42:59.420Z"}, + "userName":"JOE_tpcqlm", + "name":{ + "familyName":"User", + "givenName":"Joe" + }, + "emails":[{"value":"joe@blah.com"}], + "groups":[ + {"value":"e3087175-49d7-416f-829a-dd5c45d81e57","display":"password.write","type":"DIRECT"}, + {"value":"cac347d6-e1d2-4f7f-ac7a-3e915fd395cc","display":"oauth.approvals","type":"DIRECT"}, + {"value":"8373425c-df35-4e6a-ac50-36fc4287ad7e","display":"cloud_controller.read","type":"DIRECT"}, + {"value":"a000dba5-81f9-4f4f-b73a-15d03d3958a9","display":"approvals.me","type":"DIRECT"}, + {"value":"d479a26a-090a-45ce-b0cf-a0eb9a28ba93","display":"scim.me","type":"DIRECT"}, + {"value":"ad228b94-a553-4122-a111-31eb9970c050","display":"scim.userids","type":"DIRECT"}, + {"value":"2c90cc32-15f9-4c10-8926-b99688324ae6","display":"cloud_controller.write","type":"DIRECT"}, + {"value":"395d8a63-190e-4152-baf4-26c830e6d3c4","display":"uaa.user","type":"DIRECT"}, + {"value":"1b27d514-8179-41fb-80e9-057b1d88c6d0","display":"openid","type":"DIRECT"}, + {"value":"7db41ba4-b503-43a4-9c5f-b57d840176b6","display":"cloud_controller_service_permissions.read","type":"DIRECT"} + ], + "approvals":[], + "active":true, + "verified":false, + "origin":"uaa", + "zoneId":"uaa", + "schemas":["urn:scim:schemas:core:1.0"] + } + +* Response Codes:: + + 200 - Ok success + 401 - Unauthorized - Invalid token + 403 - Forbidden - insufficient scope + 404 - Not Found - non existent ID + + +Curl Example DELETE Delete a user:: + + curl -v + -H"If-Match:*" + -H"Authorization: Bearer $TOKEN" + -XDELETE + -H"Accept:application/json" + http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + +================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== + + Change Password: ``PUT /Users/{id}/password`` --------------------------------------------- diff --git a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java index 6f3c3554bc6..82edaa92d02 100644 --- a/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java +++ b/scim/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserIdConversionEndpoints.java @@ -13,13 +13,6 @@ package org.cloudfoundry.identity.uaa.scim.endpoints; -import java.util.HashSet; -import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.servlet.http.HttpServletRequest; - import com.unboundid.scim.sdk.SCIMException; import com.unboundid.scim.sdk.SCIMFilter; import org.apache.commons.logging.Log; @@ -35,12 +28,13 @@ import org.springframework.util.Assert; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.servlet.View; +import javax.servlet.http.HttpServletRequest; + /** * @author Dave Syer * @author Luke Taylor