April 14, 2020 at 7:29 pm #27819[email protected]Participant
I’m trying to connect our local IDM to the zoom.us-SCIM-API.
I’ve never used SCIM before, so I might be mistaken, but the way I see it
– zoom offers Authentication via OAuth2 and the authorization code grant
– IDM could use OAuth2 and client credentials
– zoom would accept a JWT bearer token
– IDM could provide basic authentication
SCIM specification seems to be quite neutral on authentication, basically “use good authentication”, so I can’t blame either party.
Any workarouds I’m missing? I’m considering getting an API gateway to perform translation.
Anybody got some “scripted scim” samples?
PatrickApril 21, 2020 at 4:26 pm #27831Thomas WolframParticipant
the SCIM connector by Forgerock IDM also supports static bearer token for authentication. Just use “TOKEN” for authenticationMethod and set authToken to the token. See chapter 18.4.1 in the connector reference guide 6.5. There is also a sample for Slack included in 6.5 which uses it.
This is also what I had to use to provision Cisco Webex with the Forgerock SCIM connector. But I would recommend to ask Forgerock for version 126.96.36.199 of it because the older 1.4.x.x versions have some bugs. See https://backstage.forgerock.com/docs/idm/6.5/connector-release-notes/#scim-188.8.131.52
ThomasMay 5, 2020 at 1:57 pm #27886[email protected]Participant
thank you for your input. I already had installed an API gateway, receiving requests with basic authentication from IDM and passing them on with JWT-token to zoom, since I stopped reading the connector reference upon “the authenticationMethod can be either OAUTH or BASIC” in 18.0, the token-method is only mentioned in 18.4.1.
Wasn’t a complete waste of time, though, since IDM sends “Accept: application/json”, while zoom requires Accept: ‘*/*’ and sends an html-error-page otherwise.
Now I just need to slow down IDM to meet the rate-limiting of zoom. Endless fun.
You must be logged in to reply to this topic.