scimgateway 4.3.0 → 4.4.0

package/README.md

@@ -16,8 +16,8 @@ Validated through IdP's:
   
 Latest news:  
 
+- **BREAKING**: [SCIM Stream](https://elshaug.xyz/docs/scim-stream) is the modern way of user provisioning letting clients subscribe to messages instead of traditional IGA top-down provisioning. SCIM Gateway now offers enhanced functionality with support for message subscription and automated provisioning using SCIM Stream
 - Authentication PassThrough letting plugin pass authentication directly to endpoint for avoid maintaining secrets at the gateway. Kubernetes health checks and shutdown handler support
-- **BREAKING**: [SCIM Stream](https://elshaug.xyz/docs/scim-stream) is the modern way of user provisioning letting clients subscribe to messages instead of traditional IGA top-down provisioning. SCIM Stream includes **SCIM Stream Gateway**, the next generation SCIM Gateway that supports message subscription and automated provisioning
 - Supports OAuth Client Credentials authentication
 - Major version v4.0.0. getUsers() and getGroups() replacing some deprecated methods. No limitations on filtering/sorting. Admin user access can be linked to specific baseEntities. New MongoDB plugin
 - ipAllowList for restricting access to allowlisted IP addresses or subnets e.g. Azure IP-range  
@@ -185,9 +185,9 @@ When maintaining a set of modifications it useful to disable the postinstall ope
 	const loki = require('./lib/plugin-loki')
 	// const mongodb = require('./lib/plugin-mongodb')
 	// const scim = require('./lib/plugin-scim')
-	// const soap = require('./lib/plugin-soap')
+	// const soap = require('./lib/plugin-soap') // prereq: npm install soap
 	// const mssql = require('./lib/plugin-mssql')
-	// const saphana = require('./lib/plugin-saphana')  // prereq: npm install hdb
+	// const saphana = require('./lib/plugin-saphana') // prereq: npm install hdb
 	// const entra = require('./lib/plugin-entra-id')
 	// const ldap = require('./lib/plugin-ldap')
 	// const api = require('./lib/plugin-api')
@@ -295,7 +295,31 @@ Below shows an example of config\plugin-saphana.json
           "enabled": false,
           "shutdownTimeout": 15000,
           "forceExitTimeout": 1000
-        }
+        },
+	    "stream": {
+	      "baseUrls": [],
+	      "certificate": {
+	        "ca": null
+	      },
+	      "subscriber": {
+	        "enabled": false,
+	        "entity": {
+	          "undefined": {
+	            "nats": {
+	              "tenant": null,
+	              "subject": null,
+	              "jwt": null,
+	              "secret": null
+	            },
+	            "deleteUserOnLastGroupRoleRemoval": false,
+	            "convertRolesToGroups": false,
+	            "generateUserPassword": false,
+	            "modifyOnly": false,
+	            "replaceDomains": []
+	          }
+	        }
+	      }
+	    }
 	  },
 	  "endpoint": {
 	    "host": "hostname",
@@ -420,6 +444,8 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 - **kubernetes.shutdownTimeout** - Number of milliseconds to wait before shutting down (default 15000).
 - **kubernetes.forceExitTimeout** - Number of milliseconds before forceful exiting (default 1000).
 
+- **stream** - See [SCIM Stream](https://elshaug.xyz/docs/scim-stream) for configuration details
+
 - **endpoint** - Contains endpoint specific configuration according to our **plugin code**.    
  
 #### Configuration notes
@@ -1173,12 +1199,21 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v4.4.0  
+
+[Added]
+
+- SCIM Gateway now offers enhanced functionality with support for message subscription and automated provisioning using [SCIM Stream](https://elshaug.xyz/docs/scim-stream)
+- plugin-entra-id, plugin-scim and plugin-api having updated `REST endpoint helpers-template` to address and resolve endpoint throttling
+
+Note, module soap is not default included anymore. SOAP based plugins e.g., plugin-soap therefore needs `npm install soap` for including module in your package
+
 ### v4.3.0
   
 [Added] 
 
-- configuration **scimgateway.scim.port** can now be set to 0 or removed for deactivating listener
-- configuration **scimgateway.scim.usePutSoftSync** set to `true` now includes additional logic that do not change existing user attributes not included in PUT body content
+- configuration `scimgateway.scim.port` can now be set to 0 or removed for deactivating listener
+- configuration `cimgateway.scim.usePutSoftSync` set to `true` now includes additional logic that do not change existing user attributes not included in PUT body content
 - createUser/createGroup no longer return id if id have not been returned by plugin or by getUser filtering on userName. Previously userName was returned as id when missing plugin logic.
 - plugin-ldap supporting simpel filtering
 - plugin-loki using baseEntity configuration for supporting multi loki endpoints

package/config/plugin-api.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {
@@ -101,8 +125,9 @@
         "baseUrls": [
           "http://fakerestapi.azurewebsites.net"
         ],
-        "username": "endpointuser",
-        "password": "password",
+        "oauth": null,
+        "bearerAuth": null,
+        "basicAuth": null,
         "proxy": {
           "host": null,
           "username": null,
@@ -111,4 +136,4 @@
       }
     }
   }
-}
+}

package/config/plugin-entra-id.json

@@ -4,7 +4,7 @@
     "localhostonly": false,
     "payloadSize": null,
     "scim": {
-      "version": "1.1",
+      "version": "2.0",
       "customSchema": null,
       "skipTypeConvert": false,
       "usePutSoftSync": false
@@ -92,6 +92,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {
@@ -104,6 +128,8 @@
           "clientId": "Application ID",
           "clientSecret": "Generated application secret value"
         },
+        "bearerAuth": null,
+        "basicAuth": null,
         "proxy": {
           "host": null,
           "username": null,

package/config/plugin-ldap.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {

package/config/plugin-loki.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {

package/config/plugin-mongodb.json

@@ -99,6 +99,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {

package/config/plugin-mssql.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {

package/config/plugin-saphana.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {

package/config/plugin-scim.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {
@@ -102,6 +126,8 @@
           "http://localhost:8880"
         ],
         "scimVersion": "2.0",
+        "oauth": null,
+        "bearerAuth": null,
         "basicAuth": {
           "username": "gwadmin",
           "password": "password"
@@ -117,6 +143,8 @@
           "http://localhost:8880"
         ],
         "scimVersion": "2.0",
+        "oauth": null,
+        "bearerAuth": null,
         "basicAuth": {
           "username": "gwadmin",
           "password": "password"

package/config/plugin-soap.json

@@ -93,6 +93,30 @@
       "enabled": false,
       "shutdownTimeout": 15000,
       "forceExitTimeout": 1000
+    },
+    "stream": {
+      "baseUrls": [],
+      "certificate": {
+        "ca": null
+      },
+      "subscriber": {
+        "enabled": false,
+        "entity": {
+          "undefined": {
+            "nats": {
+              "tenant": null,
+              "subject": null,
+              "jwt": null,
+              "secret": null
+            },
+            "deleteUserOnLastGroupRoleRemoval": false,
+            "convertRolesToGroups": false,
+            "generateUserPassword": false,
+            "modifyOnly": false,
+            "replaceDomains": []
+          }
+        }
+      }
     }
   },
   "endpoint": {

package/index.js

@@ -12,9 +12,9 @@
 const loki = require('./lib/plugin-loki')
 // const mongodb = require('./lib/plugin-mongodb')
 // const scim = require('./lib/plugin-scim')
-// const soap = require('./lib/plugin-soap')
+// const soap = require('./lib/plugin-soap') // prereq: npm install soap
 // const mssql = require('./lib/plugin-mssql')
-// const saphana = require('./lib/plugin-saphana')  // prereq: npm install hdb --save
+// const saphana = require('./lib/plugin-saphana') // prereq: npm install hdb
 // const entra = require('./lib/plugin-entra-id')
 // const ldap = require('./lib/plugin-ldap')
 // const api = require('./lib/plugin-api')