Using SCIM to modify/remove users from an SP account store

[Dustin J Luck]

I have received a request from one of our SPs to use CAS to modify and/or remove users from their account store upon separation from the university.

From the limited CAS SCIM documentation on GitHub, I'm not sure what capabilities CAS has for modifying the account store for a specific SP. If anyone can direct me to where I can find more information, I'd be grateful.

Thanks

[Ray Bon]

Dustin,

From the docs, it sounds like CAS SCIM is only for provisioning users (with REST or groovy script). You would have to have a different system for managing users after that.

Does your university have some identity management software (i.e. midpoint or grouper)?

Ray

On Fri, 2021-02-05 at 10:56 -0800, Dustin J Luck wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

I have received a request from one of our SPs to use CAS to modify and/or remove users from their account store upon separation from the university.

From the limited CAS SCIM documentation on GitHub, I'm not sure what capabilities CAS has for modifying the account store for a specific SP. If anyone can direct me to where I can find more information, I'd be grateful.

Thanks

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

[Francesco Chicchiriccò]

On 5 feb 2021 20:20:13 CET, Ray Bon <rb...@uvic.ca> wrote:
>Dustin,
>
>From the docs, it sounds like CAS SCIM is only for provisioning users
>(with REST or groovy script). You would have to have a different system
>for managing users after that.
>
>Does your university have some identity management software (i.e.
>midpoint or grouper)?

...or maybe Apache Syncope :blink :blink
which also features SCIM 2.0 native endpoints

Regards.

>On Fri, 2021-02-05 at 10:56 -0800, Dustin J Luck wrote:
>Notice: This message was sent from outside the University of Victoria
>email system. Please be cautious with links and sensitive information.
>
>
>I have received a request from one of our SPs to use CAS to modify
>and/or remove users from their account store upon separation from the
>university.
>
>From the limited CAS SCIM

>documentation<https://apereo.github.io/cas/6.3.x/integration/SCIM-Integration.html>

>on GitHub, I'm not sure what capabilities CAS has for modifying the
>account store for a specific SP. If anyone can direct me to where I can
>find more information, I'd be grateful.
>
>
>Thanks
>
>--
>
>Ray Bon
>Programmer Analyst
>Development Services, University Systems

>2507218831 | CLE 019 | rb...@uvic.ca<mailto:rb...@uvic.ca>

>
>I respectfully acknowledge that my place of work is located within the
>ancestral, traditional and unceded territory of the Songhees, Esquimalt
>and WSÁNEĆ Nations.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

[Dustin J Luck]

Thank you, Ray & Francesco.

Based on your replies, I surmise that CAS is not the right tool for this. We do use an IDM to sync Google Workspace accounts to AD; I'll reach out and see if the same can be done for other applications.