ScimGateway

Author: Jarle Elshaug

Early Stage code

Overview

With ScimGateway we could do user management by using REST based SCIM protocol, and the gateway will translate and communicate towards destinations using endpoint specific protocols.

ScimGateway is a standalone product, however this document shows how the gateway could be used by products like CA Identity Manager.

Using CA Identity Manager, we could setup one or more endpoints of type SCIM pointing to the gateway. Specific ports could then be used for each type of endpoint, and the ScimGateway would work like a "CA Connector Server" communicating with endpoints.

Instead of using IM-SDK for building our own integration for none supported endpoints, we can now build new integration based on ScimGateway plugins. ScimGateway works with IM as long as IM supports SCIM.

ScimGateway is based on the popular asynchronous event driven framework Node.js using javascripts. It is firewall friendly using REST webservices. Runs on almost all operating systems, and may loadbalance between hosts (horizontal) and cpu's (vertical). Could even be uploaded and run as a cloud application.

Following example plugins are included:

• SAP HANA (database)

• Forwardinc (SOAP Webservice)
  Endpoint that comes with CA IM SDK (SDKWS) for testing SOAP Webservice user-provisioning (please see wiki.ca.com)
  Using WS-Security
  Shows how to use custom SOAP header with signed SAML assertion for authentication or token request towards a Security Token Service
  Shows how to implement a higly configurable multi tenant or multi endpoint solution using "baseEntity" parameter

• Testmode (SCIM)
  SCIM endpoint simulation (in-memory, no physical endpoint)
  Two predefined users
  Supports explore, create, delete, modify and list users (including groups)
  Example of a fully functional ScimGateway plugin

For details and download, please click links on top of this document.