Handling unmapped fields
-
- UpdatedAug 1, 2024
- 3 minutes to read
- Xanadu
- Now Platform Security
You can handle unmapped fields in SCIM customization in different ways.
During SCIM customization, the fields that are not part of the sys_user and sys_user_group tables can be mapped by performing the following functions.
Customize SCIM (Create or Update)
You can create or update the SCIM Client.
- The SCIM admin can add custom scripts in the onBefore and onAfter scripts for fields that are not mapped in ETL Definition or RTE.
- The SCIM admin can override RTE Mappings by adding custom scripts in the onBefore and onAfter scripts.
- You can invoke a scriptable API in the RTE onBefore or onAfter scripts to access incoming request and perform transformations on other tables, lists, and unmapped attributes.
- You can use the
sn_auth.SCIM2Util.getScimProviderCustomizationContext()
method to provide the SCIM request context that contains the
scimResource object. The
scimResource in context represents the following in
each operation:
- POST: The SCIM resource sent in the request payload.
- PUT: The current SCIM resource from database replaced with the SCIM resource sent in thee request payload.
- PATCH: The current SCIM resource from the database after performing the patch operations.
Customize SCIM response
For the GET API calls, any response back to the SCIM client can be customized using the script by extending the SCIMProviderCustomization script.
While extending the script, the author can override the customizeUserResponse and customizeGroupResponse methods to modify the responses for User and Group resources.
The com.snc.integration.scim2.provider.customization.script.id property enables the SCIM plugin to use the script that should be used for response customization.
- The parameter that the customizeUserResponse and customizeGroupResponse methods contain is a context object with one attribute called scimResource. This attribute has all the attributes of a user or group resource object.
- A customized script include can only be created and viewed by the admin.
- If a user or group resource is modified, then you must return the context back.
- If there are no modification of any attribute in the resource object, then set the com.snc.integration.scim2.provider.customization.script.id to empty or return as null.
- If certain attributes are persisted through the onAfter
script, they must be populated with database values in the
scimResource object inside the customized script.
This action is required so that the system can do the following:
- To get the correct scimResource object in onAfter scripts during the PUT and PATCH operation.
- To include the attributes that persisted through the onAfter script in the response back to the client.
Helper functions
The following are some of the helper functions for SCIM customization. These functions enable you to fetch or set different types of information.