WSO2 Charon Library

Future of SCIM2

Hasanthi Purnima Dissanayake
4 min readJun 3, 2019

What is Charon

Charon is a greek mythology that wikipedia says,

Charon is the ferryman of Hades who carries souls of the newly deceased across the rivers Styx and Acheron that divided the world of the living from the world of the dead

When it comes with the context WSO2 and SCIM2, Charon is an open source library, which implemented SCIM protocol which is an open standard for Identity Provisioning.

Why Charon

  • Implements SCIM protocol.
  • Fully open source, so the community can contribute to it.
  • Contains extension points
  • Spec compliance

Architecture of Charon

Charon library is made from main 4 component

Modules of charon library

Charon — Core

As the name implies this is the core part of the library which implements SCIM2 specification and exposes a set of APIs for SCIM2 consumers. The main functionalities of Charon core as below.

  • Create SCIM2 Objects

SCIM is built on an object model where a resource is a common denominator and all SCIM Objects are derived from it. Charon core contains SCIM Object Implementation where the object is a collection of attributes.

  • Decode JSON encoded resource Strings

This implementation allows to decode the JSON encoded resource string and to create SCIM object model adhering to the specification. The class JSONDecoder.java is responsible for this.

  • Encode SCIM objects.

This implementation allows to create the encoded JSON response from the SCIM object model and send out the SCIM response object. The class JSONEncoder.java is responsible for this.

  • Set Attributes

Below set of classes use to represent attributes which needs to represent SCIM objects. These attributes can be simple types such as name, id etc, complex types such as email address and address (attributes which have sub attributes) or multivalued types such as email or telephone number.

  • Define Schema

Schema is a collection of attribute definitions that describe the contents of an entire or partial resource

In AttributeSchema, It defines schema for SCIM attributes and sub attributes. The attribute definitions specify the name of the attribute, and metadata such as type (e.g., string, binary), cardinality (singular, multi, complex) and mutability

In ResourceTypeSchema it defines resource schema definitions.

Examples :

urn:ietf:params:scim:schemas:core:2.0:User

urn:ietf:params:scim:schemas:core:2.0:Group

The class hierarchy is as follows.

  • Exposes Endpoints

UserResourceManager

UserResourceManager API is exposed to perform operations on user resource. A SCIM client can call this API and perform CRUD operations on a user.

GroupResourceManager

GroupResourceManager API is exposed to perform operations on group resource. A SCIM client can call this API and perform CRUD operations on a group.

MeResourceManager

By using MeResourceManager a SCIM client can use the URL like <base_url>/Me to perform CRUD operations as the authenticated subject. This API is also can be accessible from the SCIM client.

BulkResourceManager

The API BulkResourceManage is exposed from charon-core to perform bulk operations. A SCIM Service provider can call this API to perform bulk operations based on the HTTP requests sent from a SCIM client.

ResourceTypesResourceManager

The API ResourceTypesResourceManager specifies the metadata about resource types.

ServiceProviderConfigResourceManager

By using ServiceProviderConfigResourceManager it provides the ability to for a SCIM client to discover the SCIM specification features in a standardized form and other additional implementation details.

There is an abstract layer for all the resource endpoints to abstract out common operations. This abstract layer is the entry point for initiating the charon from outside. It is an implementation of the interface ResourceManager.

The class hierarchy is as follows.

  • Extension Points

There are some extension points which users can plug there own custom implementations with wso2 charon-core. Please find the extension points as below.

UserManager

CharonManager

AbstractSCIMObject

AbstractAttribute

JSONEncoder

JsonDecoder

As charon is a library those extension points are not pluggable to the Identity Server. Instead the clients which use charon for the SCIM implementations can develop own custom implementations by using charon.

Charon — Implementations

This contains sample implementation of SCIM service provider to illustrate how any SCIM implementation can utilize the API and supporting module provided by Charon

Charon — Utils

This contains the default implementations of the extension points. As an example DefaultCharonManager is for initializing the extension points and if we take InMemoryUserManager, it is the default implementation of UserManager. Inside the DefaultCharonManager the InMemoryUserManager instance is created and used it in the charon implementations.

Charon — Samples

This contains samples illustrating the SCIM use cases. Samples mainly contain the SCIM client side implementations which can be run against a SCIM server, and hence can also be referenced to get to know how the API provided by Charon can be used to implement SCIM client side.

--

--