This is a lightly-edited fork of the original at https://github.com/arietimmerman/laravel-scim-server. Any changes we have made we have offered up to the original maintainer. You should look at their fork, not ours - as ours is specific to our needs within Snipe-IT. As of this writing, there are only two:
- One that handles a call to
getNode()
whengetDefaultSchema()
returnsnull
- One that modifies how users are created from SCIM when the username matches an already-existing username in the local database.
Add SCIM 2.0 Server capabilities with ease. Usually, no configuration is needed in order to benefit from the basic functionalities.
composer require arietimmerman/laravel-scim-server
And optionally
php artisan vendor:publish --tag=laravel-scim
The module is used by idaas.nl.
+----------+-----------------------------------------+
| GET|HEAD | scim/v1 |
| GET|HEAD | scim/v1/{fallbackPlaceholder} |
| POST | scim/v2/.search |
| | |
| GET|HEAD | scim/v2/ResourceTypes |
| GET|HEAD | scim/v2/ResourceTypes/{id} |
| GET|HEAD | scim/v2/Schemas |
| GET|HEAD | scim/v2/Schemas/{id} |
| GET|HEAD | scim/v2/ServiceProviderConfig |
| GET|HEAD | scim/v2/{fallbackPlaceholder} |
| | |
| GET|HEAD | scim/v2/{resourceType} |
| | |
| POST | scim/v2/{resourceType} |
| | |
| GET|HEAD | scim/v2/{resourceType}/{resourceObject} |
| | |
| PUT | scim/v2/{resourceType}/{resourceObject} |
| | |
| PATCH | scim/v2/{resourceType}/{resourceObject} |
| | |
| DELETE | scim/v2/{resourceType}/{resourceObject} |
| | |
+----------+-----------------------------------------+
The configuration is retrieved from SCIMConfig::class
.
Extend this class and register your extension in app/Providers/AppServiceProvider.php
like this.
$this->app->singleton('ArieTimmerman\Laravel\SCIMServer\SCIMConfig', YourCustomSCIMConfig::class);
Here's one way to override the default configuration without copying too much of the SCIMConfig file into your app.
<?php
class YourCustomSCIMConfig extends \ArieTimmerman\Laravel\SCIMServer\SCIMConfig
{
public function getUserConfig()
{
$config = parent::getUserConfig();
// Modify the $config variable however you need...
return $config;
}
}
By default, this package does no security checks on its own. This can be dangerous, in that a functioning SCIM Server can view, add, update, delete, or list users. You are welcome to implement your own security checks at the middleware layer, or somehow/somewhere else that makes sense for your application. But make sure to do something.
If you want to integrate into already existing middleware, you'll want to take the following steps -
Modify config/scim.php
like this:
<?php
return [
"publish_routes" => false
];
In either your RouteServiceProvider, or in a particular route file, add the following:
use ArieTimmerman\Laravel\SCIMServer\RouteProvider as SCIMServerRouteProvider;
SCIMServerRouteProvider::publicRoutes(); // Make sure to add public routes *first*
Route::middleware('auth:api')->group(function () { // or any other middleware you choose
SCIMServerRouteProvider::routes(
[
'public_routes' => false // but do not hide public routes (metadata) behind authentication
]
);
SCIMServerRouteProvider::meRoutes();
});
docker-compose up
Now visit http://localhost:18123/scim/v2/Users
.