WSO2 Charon Library
Future of SCIM2
What is Charon
Charon is a greek mythology that wikipedia says,
Charon is the ferryman of Hades who carries souls of the newly deceased across the rivers Styx and Acheron that divided the world of the living from the world of the dead
When it comes with the context WSO2 and SCIM2, Charon is an open source library, which implemented SCIM protocol which is an open standard for Identity Provisioning.
Why Charon
- Implements SCIM protocol.
- Fully open source, so the community can contribute to it.
- Contains extension points
- Spec compliance
Architecture of Charon
Charon library is made from main 4 component
Charon — Core
As the name implies this is the core part of the library which implements SCIM2 specification and exposes a set of APIs for SCIM2 consumers. The main functionalities of Charon core as below.
- Create SCIM2 Objects
SCIM is built on an object model where a resource is a common denominator and all SCIM Objects are derived from it. Charon core contains SCIM Object Implementation where the object is a collection of attributes.
- Decode JSON encoded resource Strings
This implementation allows to decode the JSON encoded resource string and to create SCIM object model adhering to the specification. The class JSONDecoder.java is responsible for this.
- Encode SCIM objects.
This implementation allows to create the encoded JSON response from the SCIM object model and send out the SCIM response object. The class JSONEncoder.java is responsible for this.
- Set Attributes
Below set of classes use to represent attributes which needs to represent SCIM objects. These attributes can be simple types such as name, id etc, complex types such as email address and address (attributes which have sub attributes) or multivalued types such as email or telephone number.
- Define Schema
Schema is a collection of attribute definitions that describe the contents of an entire or partial resource
In AttributeSchema, It defines schema for SCIM attributes and sub attributes. The attribute definitions specify the name of the attribute, and metadata such as type (e.g., string, binary), cardinality (singular, multi, complex) and mutability
In ResourceTypeSchema it defines resource schema definitions.
Examples :
urn:ietf:params:scim:schemas:core:2.0:User
urn:ietf:params:scim:schemas:core:2.0:Group
The class hierarchy is as follows.
- Exposes Endpoints
UserResourceManager
UserResourceManager API is exposed to perform operations on user resource. A SCIM client can call this API and perform CRUD operations on a user.
GroupResourceManager
GroupResourceManager API is exposed to perform operations on group resource. A SCIM client can call this API and perform CRUD operations on a group.
MeResourceManager
By using MeResourceManager a SCIM client can use the URL like <base_url>/Me to perform CRUD operations as the authenticated subject. This API is also can be accessible from the SCIM client.
BulkResourceManager
The API BulkResourceManage is exposed from charon-core to perform bulk operations. A SCIM Service provider can call this API to perform bulk operations based on the HTTP requests sent from a SCIM client.
ResourceTypesResourceManager
The API ResourceTypesResourceManager specifies the metadata about resource types.
ServiceProviderConfigResourceManager
By using ServiceProviderConfigResourceManager it provides the ability to for a SCIM client to discover the SCIM specification features in a standardized form and other additional implementation details.
There is an abstract layer for all the resource endpoints to abstract out common operations. This abstract layer is the entry point for initiating the charon from outside. It is an implementation of the interface ResourceManager.
The class hierarchy is as follows.
- Extension Points
There are some extension points which users can plug there own custom implementations with wso2 charon-core. Please find the extension points as below.
UserManager
CharonManager
AbstractSCIMObject
AbstractAttribute
JSONEncoder
JsonDecoder
As charon is a library those extension points are not pluggable to the Identity Server. Instead the clients which use charon for the SCIM implementations can develop own custom implementations by using charon.
Charon — Implementations
This contains sample implementation of SCIM service provider to illustrate how any SCIM implementation can utilize the API and supporting module provided by Charon
Charon — Utils
This contains the default implementations of the extension points. As an example DefaultCharonManager is for initializing the extension points and if we take InMemoryUserManager, it is the default implementation of UserManager. Inside the DefaultCharonManager the InMemoryUserManager instance is created and used it in the charon implementations.
Charon — Samples
This contains samples illustrating the SCIM use cases. Samples mainly contain the SCIM client side implementations which can be run against a SCIM server, and hence can also be referenced to get to know how the API provided by Charon can be used to implement SCIM client side.