feat: UMA mode for SCIM (ref: #752)

setup_app/installers/scim.py

@@ -48,6 +48,14 @@ def installed(self):
         return os.path.exists(os.path.join(Config.jetty_base, self.service_name, 'start.ini'))
 
     def generate_configuration(self):
+
+        if base.argsp.enable_scim_test_mode:
+            Config.scim_protection_mode = 'TEST'
+        elif base.argsp.enable_scim_uma_mode:
+            Config.scim_protection_mode = 'UMA'
+        else:
+            Config.scim_protection_mode = 'OAUTH'
+
         self.logIt("Generating {} configuration".format(self.service_name))
         client_var_id_list = (
                     ('scim_rs_client_id', '1201.'),
@@ -64,7 +72,6 @@ def generate_configuration(self):
         if not Config.get('scim_rp_client_jks_pass'):
             Config.scim_rp_client_jks_pass = 'secret'
 
-        Config.scimTestMode = Config.get('scimTestMode', 'false')
         Config.enable_scim_access_policy = 'true' if Config.installPassport else 'false'
 
         #backup current jks files if exists

setup_app/setup_options.py

@@ -93,9 +93,6 @@ def get_setup_options():
     if base.argsp.no_httpd:
         setupOptions['installHTTPD'] = False
 
-    if base.argsp.enable_scim_test_mode:
-        setupOptions['scimTestMode'] = 'true'
-
     setupOptions['installSaml'] = base.argsp.install_shib
     setupOptions['downloadWars'] = base.argsp.w
     setupOptions['installOxAuthRP'] = base.argsp.install_oxauth_rp

setup_app/utils/arg_parser.py

@@ -23,7 +23,11 @@ def arg_parser():
     parser.add_argument('-t', help="Load test data", action='store_true')
     parser.add_argument('-x', help="Load test data and exit", action='store_true')
     parser.add_argument('-csx', help="Collect setup properties, save and exit", action='store_true')
-    parser.add_argument('-stm', '--enable-scim-test-mode', help="Enable Scim Test Mode", action='store_true')
+
+    scim_mode_group = parser.add_mutually_exclusive_group()
+    scim_mode_group.add_argument('-stm', '--enable-scim-test-mode', help="Enable Scim Test Mode", action='store_true')
+    scim_mode_group.add_argument('-sum', '--enable-scim-uma-mode', help="Enable Scim Uma Mode", action='store_true')
+
     parser.add_argument('--allow-pre-released-features', help="Enable options to install experimental features, not yet officially supported", action='store_true')
     parser.add_argument('--import-ldif', help="Render ldif templates from directory and import them in LDAP")
     parser.add_argument('--listen_all_interfaces', help="Allow the LDAP server to listen on all server interfaces", action='store_true')

setup_app/utils/collect_properties.py

@@ -203,8 +203,10 @@ def collect(self):
         if 'scimUmaResourceId' in oxTrustConfApplication:
             Config.scim_resource_oxid =  oxTrustConfApplication['scimUmaResourceId']
 
-        if 'scimTestMode' in oxTrustConfApplication:
-            Config.scimTestMode =  oxTrustConfApplication['scimTestMode']
+        if 'ScimProperties' in oxTrustConfApplication and 'protectionMode' in oxTrustConfApplication['ScimProperties']:
+            Config.scim_protection_mode = oxTrustConfApplication['ScimProperties']['protectionMode']
+        else:
+            Config.scim_protection_mode = 'OAUTH'
 
         if 'apiUmaClientKeyStorePassword' in oxTrustConfApplication:
             Config.api_rp_client_jks_pass = self.unobscure(oxTrustConfApplication['apiUmaClientKeyStorePassword'])

templates/scim/oxtrust_config.json

@@ -1,7 +1,7 @@
 {
     "ScimProperties": {
         "maxCount": 200,
-        "protectionMode": "OAUTH"
+        "protectionMode": "%(scim_protection_mode)s"
     },
     "scimUmaClientKeyId": "",
     "scimUmaResourceId": "%(scim_resource_oxid)s",