npm - scimgateway - Versions diffs - 6.1.0 → 6.1.2 - Mend

scimgateway 6.1.0 → 6.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md CHANGED Viewed

@@ -1,25 +1,26 @@
 # SCIM Gateway
-[![Build Status](https://app.travis-ci.com/jelhub/scimgateway.svg?branch=master)](https://app.travis-ci.com/github/jelhub/scimgateway) [![npm Version](https://img.shields.io/npm/v/scimgateway.svg?style=flat-square&label=latest)](https://www.npmjs.com/package/scimgateway)[![npm Downloads](https://img.shields.io/npm/dm/scimgateway.svg?style=flat-square)](https://www.npmjs.com/package/scimgateway) [![chat disqus](https://jelhub.github.io/images/chat.svg)](https://elshaug.xyz/docs/scimgateway#disqus_thread) [![GitHub forks](https://img.shields.io/github/forks/jelhub/scimgateway.svg?style=social&label=Fork)](https://github.com/jelhub/scimgateway)
+[![Build Status](https://app.travis-ci.com/jelhub/scimgateway.svg?branch=master)](https://app.travis-ci.com/github/jelhub/scimgateway) [![npm Version](https://img.shields.io/npm/v/scimgateway.svg?style=flat-square&label=latest)](https://www.npmjs.com/package/scimgateway)[![npm Downloads](https://img.shields.io/npm/dm/scimgateway.svg?style=flat-square)](https://www.npmjs.com/package/scimgateway) [![chat disqus](https://jelhub.github.io/images/chat.svg)](https://elshaug.xyz/docs/scimgateway#disqus_thread) [![GitHub forks](https://img.shields.io/github/forks/jelhub/scimgateway.svg?style=social&label=Fork)](https://github.com/jelhub/scimgateway)
----
-Author: Jarle Elshaug
+---
+**Author:** Jarle Elshaug
-Validated through IdP's:
+**Validated through IdPs:**
-- Symantec/Broadcom Identity Manager
-- Microsoft Entra ID
-- One Identity Manager/OneLogin
-- Okta
-- Omada
-- SailPoint/IdentityNow
+*   Symantec/Broadcom Identity Manager
+*   Microsoft Entra ID
+*   One Identity Manager
+*   Okta
+*   Omada
+*   SailPoint/IdentityNow
+---
 Latest news:
-- tsx is now included, allowing SCIM Gateway to be run as a module in Node.js. Bun binary build is now supported. A single binary can be compiled that includes both the gateway and the plugin.
+- Bun binary build is now supported, allowing SCIM Gateway to be compiled into a single executable binary for simplified deployment and execution. SCIM Gateway can now run as an ES module (TypeScript) in Node.js.
 - Major release **v6.0.0** introduces changes to API method response bodies (not SCIM-related) and a new method `publicApi()` for handling public path `/pub/api` requests with no authentication required. In addition, the configuration option `bearerJwtAzure.tenantIdGUID` has been replaced by `bearerJwt.azureTenantId`. See the version history for details.
-- Entra ID [Federated Identity Credentials](https://learn.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0) is now supported. Identity federation allows SCIM Gateway to access Microsoft Entra protected resources without needing to manage secrets
-- External JWKS (JSON Web Key Set) is now supported by JWT Authentication. These are public and typically frequent rotated by modern identity providers
+- Support for Entra ID [Federated Identity Credentials](https://learn.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0) has been added through internal JWKS (JSON Web Key Set), allowing SCIM Gateway to access Microsoft Entra–protected resources without the need to manage secrets
+- External JWKS (JSON Web Key Set) is now supported by JWT authentication, allowing external applications to access SCIM Gateway without the need to manage secrets
 - [Azure Relay](https://learn.microsoft.com/en-us/azure/azure-relay/relay-what-is-it) is now supported for secure and hassle-free outbound communication — with just one minute of configuration
 - [ETag](https://datatracker.ietf.org/doc/html/rfc7644#section-3.14) is now supported
 - [Bulk Operations](https://datatracker.ietf.org/doc/html/rfc7644#section-3.7) is now supported
@@ -42,90 +43,50 @@ Latest news:
 - Includes API Gateway for none SCIM/provisioning - becomes what you want it to become
 - Running SCIM Gateway as a Docker container
+---
 ## Overview
 SCIM Gateway facilitates user management using the standardized REST-based SCIM 1.1 or 2.0 protocol, offering easier, more powerful, and consistent provisioning while avoiding vendor lock-in. Acting as a translator for incoming SCIM requests, the gateway seamlessly enables CRUD functionality (create, read, update, and delete) for users and groups. By implementing endpoint-specific protocols, it ensures provisioning across diverse destinations. With the gateway, your destinations become SCIM-compatible interfaces, streamlining integration and simplifying user management.
 ![](https://jelhub.github.io/images/ScimGateway.svg)
-SCIM Gateway is based on popular asynchronous event driven framework [Bun](https://bun.sh/) or [Node.js](https://nodejs.dev/) using TypeScript/JavaScript. It is cloud and firewall friendly. Runs on almost all operating systems, and may load balance between hosts (horizontal) and cpu's (vertical).
-**Following example plugins are included:**
-* **Loki** (NoSQL Document-Oriented Database)
-SCIM Gateway becomes a standalone SCIM endpoint
-Demonstrates user provisioning towards document-oriented database
-Using [LokiJS](https://github.com/techfort/LokiJS) for a fast, in-memory document-oriented database (much like MongoDB/PouchDB)
-Default gives two predefined test users loaded using in-memory only (no persistence)
-Configuration `{"persistence": true}` gives persistence file store (no test users)
-Example of a fully functional SCIM Gateway plugin
-* **MongoDB** (NoSQL Document-Oriented Database)
-Same as plugin "Loki", but using external MongoDB
-Shows how to implement a highly configurable multi tenant or multi endpoint solution through `baseEntity` in URL
-* **SCIM** (REST Webservice)
-Demonstrates user provisioning towards REST-Based endpoint (type SCIM)
-Using plugin Loki as SCIM endpoint through HelperRest
-Can be used as SCIM version-gateway e.g. 1.1=>2.0 or 2.0=>1.1
-* **Soap** (SOAP Webservice)
-Demonstrates user provisioning towards SOAP-Based endpoint
-Example WSDLs are included
-Using endpoint "Forwardinc" as an example (comes with Symantec/Broadcom/CA IM SDK - SDKWS)
-Shows how to implement a highly configurable multi tenant or multi endpoint solution through `baseEntity` in URL
-* **MSSQL** (MSSQL Database)
-Demonstrates user provisioning towards MSSQL database
-* **SAP HANA** (SAP HANA Database)
-Demonstrates SAP HANA specific user provisioning
-* **Entra ID** (REST Webservices)
-Entra ID user provisioning including license management (App Service plans) e.g. Office 365
-Using Microsoft Graph API through HelperRest
-Using customized SCIM attributes according to Microsoft Graph API
-Includes Symantec/Broadcom ConnectorXpress metafile for creating provisioning "Azure - ScimGateway" endpoint type
-* **LDAP** (Directory)
-Fully functional LDAP plugin
-Pre-configured for Microsoft Active Directory
-Using endpointMapper (like plugin-entra-id) for attribute mapping flexibility
-* **API** (REST Webservices)
-Demonstrates API Gateway/plugin functionality using post/put/patch/get/delete combined with HelperRest
-None SCIM plugin, becomes what you want it to become.
-Methods included can also be used in standard SCIM plugins
-Endpoint complexity could be put in this plugin, and client could instead communicate through Gateway using your own simplified REST specification.
-One example of usage could be creation of tickets in ServiceDesk and also the other way, closing a ticket could automatically approve/reject corresponding workflow in IdP.
+SCIM Gateway is built on the modern, asynchronous, event-driven framework [Bun](https://bun.sh/) or [Node.js](https://nodejs.dev/) using TypeScript/JavaScript. It is designed to be cloud and firewall friendly, runs on nearly all operating systems
+The following fully functional plugins are included for demonstration and production use:
+| Plugin | Endpoint Type | Description |
+| :--- | :--- | :--- |
+| **Loki** | NoSQL Database | Transforms the SCIM Gateway into a standalone SCIM endpoint utilizing the internal [LokiJS](https://github.com/techfort/LokiJS) database. Includes two test users and groups |
+| **MongoDB** | NoSQL Database | Similar to the Loki plugin, but using an externally managed MongoDB database, showcasing multi-tenant and multi-endpoint capabilities via `baseEntity` |
+| **Entra ID** | REST Webservices | Entra ID user provisioning via Microsoft Graph API |
+| **SCIM** | REST Webservice | Using plugin Loki as a SCIM provisioning endpoint. May become a SCIM version-gateway (e.g., 1.1 => 2.0) |
+| **API** | REST Webservices | A non-SCIM plugin demonstrating API Gateway functionality for custom REST specifications |
+| **Soap** | SOAP Webservice | Demonstrates user provisioning to a SOAP-based endpoint with example WSDLs |
+| **MSSQL** | Database | Demonstrates user provisioning to an MSSQL database |
+| **SAP HANA** | Database | Demonstrates SAP HANA-specific user provisioning |
+| **LDAP** | Directory | A fully functional LDAP plugin pre-configured for Microsoft Active Directory |
 ## Installation
+To get started with SCIM Gateway, follow the instructions below.
 #### Install Bun
-[Bun](https://bun.sh/) is a prerequisite and must be installed on the server.
+[Bun](https://bun.sh/) is a prerequisite and must be installed
 Note, Bun installs by default in the current user’s `HOMEPATH\.bun`. To install it elsewhere, set `BUN_INSTALL=<install-path>` as a global or system environment variable before installing. The installation will add Bun to the current user’s path, but consider adding it to the global or system path for easier access across all users.
-#### Install SCIM Gateway
+#### SCIM Gateway Installation
-Open a command window (run as administrator)
-Create your own package directory e.g. c:\my-scimgateway and install SCIM Gateway within this package.
+Create a package directory and install the SCIM Gateway:
 	mkdir c:\my-scimgateway
 	cd c:\my-scimgateway
 	bun init -y
 	bun install scimgateway
 	bun pm trust scimgateway
-**c:\\my-scimgateway** will now be `<package-root>`
-index.ts, lib and config directories containing example plugins have been copied to your package from the original scimgateway package located under node_modules. Bun requires `bun pm trust scimgateway` for allowing postinstall copying these files.
-If internet connection is blocked, we could install on another machine and copy the `<package-root>` folder.
+index.ts, lib and config directories containing example plugins are copied to your package. The command `bun pm trust scimgateway` is required to allow the `postinstall` script to copy these files.
 #### Startup and verify default Loki plugin
@@ -134,7 +95,7 @@ If internet connection is blocked, we could install on another machine and copy
 	Start a browser
 	http://localhost:8880/ping
-	=> Health check with a "hello" response
+	=> Returns a health check with a "hello" response
 	http://localhost:8880/Users
 	http://localhost:8880/Groups
@@ -159,30 +120,17 @@ If internet connection is blocked, we could install on another machine and copy
 	"Ctrl + c" to stop the SCIM Gateway
->Tip, take a look at bun test scripts located in `node_modules\scimgateway\test\lib`
-> If using Node.js instead of Bun, startup will then be:
+> For Node.js, the startup command is:
 `node --import=tsx ./index.ts`
-#### Upgrade SCIM Gateway
-Not needed after a fresh install
-The best and easiest way to upgrade is renaming existing scimgateway package folder, create a new one and do a fresh installation. After the installation we copy `index.ts, config and lib folder` (customized plugins) from previous installation to the new installation. You should also read the version history to see if custom plugins needs to be updated.
-Alternatives are:
-Upgrade to latest minor version:
-	cd c:\my-scimgateway
-	bun install scimgateway
+#### Upgrade Process
-Note, always backup/copy c:\\my-scimgateway before upgrading. Custom plugins and corresponding configuration files will not be affected.
+The recommended upgrade method is to rename the existing package folder, perform a fresh installation, and then copy your custom `index.ts`, `config`, and `lib` folders from the previous installation.
-To force a major upgrade (version x.\*.\* => y.\*.\*) that will brake compability with any existing custom plugins, we have to include the `@latest` suffix in the install command:
-`bun install scimgateway@latest`
+- Minor Upgrade: `bun install scimgateway`
+- Major Upgrade: `bun install scimgateway@latest` (Use with caution, as it may break compatibility with existing custom plugins)
-##### Avoid (re-)adding the files created during `postinstall`
+##### Avoid (re-)adding the example plugins created during `postinstall`
 For production we do not need example plugins to be incuded by the `postinstall` job
 Bun will by default exlude any `postinstall` jobs unless we have trusted the scimgateway package using the `bun pm trust scimgateway` that updates package.json `{ trustedDependencies: ["scimgateway"] }`
@@ -191,201 +139,62 @@ For Node.js (and also Bun), we might set the property `scimgateway_postinstall_s
 ## Configuration
-**index.ts** defines one or more plugins to be started by the `import statement`.
+The `index.ts` file defines the plugins to be started.
 	// start one or more plugins:
-	// import './lib/plugin-scim.ts'
-	// import './lib/plugin-entra-id.ts'
-	// import './lib/plugin-ldap.ts'
-	// import './lib/plugin-mongodb.ts'
-	// import './lib/plugin-api.ts'
-	// import './lib/plugin-mssql.ts'
-	// import './lib/plugin-saphana.ts'
-	// import './lib/plugin-soap.ts'
-	import './lib/plugin-loki.ts'
+	import './lib/plugin-entra-id.ts'
 	export {}
 Each endpoint plugin needs a TypeScript file (.ts) and a configuration file (.json).
-**They both must have the same naming prefix**. For SAP Hana endpoint we have:
->lib\plugin-saphana.ts
->config\plugin-saphana.json
+They both must have the **same naming prefix**. For the Entra ID endpoint, the corresponding files are:
+>lib\plugin-entra-id.ts
+>config\plugin-entra-id.json
+A plugin configuration file has two main JSON objects: `scimgateway` and `endpoint`
-Edit specific plugin configuration file according to your needs.
-Below shows an example of config\plugin-saphana.json
 	{
 	  "scimgateway": {
-	    "port": 8884,
-	    "localhostonly": false,
-	    "chainingBaseUrl": null,
-        "scim": {
-          "version": "2.0",
-          "skipTypeConvert" : false,
-          "skipMetaLocation" false,
-          "groupMemberOfUser": false
-          "usePutSoftSync" : false
-        },
-        "log": {
-          "loglevel": {
-            "file": "debug",
-            "console": "error"
-          },
-          "customMasking": []
-        },
-        "auth": {
-          "basic": [
-            {
-              "username": "gwadmin",
-              "password": "password",
-              "readOnly": false,
-              "baseEntities": []
-            }
-          ],
-          "bearerToken": [
-            {
-              "token": null,
-              "readOnly": false,
-              "baseEntities": []
-            }
-          ],
-          "bearerJwt": [
-            {
-              "secret": null,
-              "publicKey": null,
-              "wellKnownUri": null,
-              "azureTenantId": null,
-              "options": {
-                "issuer": null
-               },
-              "readOnly": false,
-              "baseEntities": []
-            }
-          ],
-          "bearerOAuth": [
-            {
-              "clientId": null,
-              "clientSecret": null,
-              "readOnly": false,
-              "baseEntities": []
-            }
-          ],
-          "passThrough": {
-             "enabled": false,
-             "readOnly": false,
-             "baseEntities": []
-          }
-        },
-	    "certificate": {
-	      "key": null,
-	      "cert": null,
-	      "ca": null,
-	      "pfx": {
-	        "bundle": null,
-	        "password": null
-	      }
-	    },
-	    "ipAllowList": [],
-	    "email": {
-	      "auth": {
-	        "type": "oauth",
-	        "options": {
-	          "azureTenantId": null,
-	          "clientId": null,
-	          "clientSecret": null
-	        }
-	      },
-	      "emailOnError": {
-	        "enabled": false,
-	        "from": null,
-	        "to": null
-	      }
-	    },
-	    "stream": {
-	      "baseUrls": [],
-	      "certificate": {
-	        "ca": null
-	      },
-	      "subscriber": {
-	        "enabled": false,
-	        "entity": {
-	          "undefined": {
-	            "nats": {
-	              "tenant": null,
-	              "subject": null,
-	              "jwt": null,
-	              "secret": null
-	            },
-	            "deleteUserOnLastGroupRoleRemoval": false,
-	            "convertRolesToGroups": false,
-	            "generateUserPassword": false,
-	            "modifyOnly": false,
-	            "replaceDomains": []
-	          }
-	        }
-	      },
-	      "publisher": {
-	        "enabled": false,
-	        "entity": {
-	          "undefined": {
-	            "nats": {
-	              "tenant": null,
-	              "subject": null,
-	              "jwt": null,
-	              "secret": null
-	            }
-	          }
-	        }
-	      }
-	    }
+	    ...
 	  },
 	  "endpoint": {
-	    "host": "hostname",
-	    "port": 30015,
-	    "username": "username",
-	    "password": "password",
-	    "saml_provider": "saml_provider_name"
+	    ...
 	  }
 	}
+`scimgateway`: Contains fixed attributes used by the core gateway functionality, such as port, logging, and authentication.
-Configuration file have two main JSON objects: `scimgateway` and `endpoint`
+`endpoint`: Contains customized definitions required by the plugin code for communication with the destination system, including host, port, and credentials.
-Definitions in `scimgateway` object have fixed attributes, but values can be modified. Sections not used/configured can be removed. This object is used by the core functionality of the SCIM Gateway.
+- **port**: The gateway will listen on this port number. Clients, such as a provisioning server, will use this port to communicate with the gateway.
-Definitions in `endpoint` object are customized according to our plugin code. Plugin typically need this information for communicating with endpoint
+- **localhostonly**: Set to `true` to accept incoming requests only from localhost (127.0.0.1). Set to `false` to accept requests from all clients.
-- **port** - Gateway will listen on this port number. Clients (e.g. Provisioning Server) will be using this port number for communicating with the gateway
+- **chainingBaseUrl**: The base URL for chaining another gateway, with the syntax `http(s)://host:port`. When defined, the gateway behaves like a reverse proxy, validating authorization unless PassThrough mode is enabled. See `Configuration notes` for details.
-- **localhostonly** - true or false. False means gateway accepts incoming requests from all clients. True means traffic from only localhost (127.0.0.1) is accepted.
+- **idleTimeout**: The number of seconds to wait before timing out a connection due to inactivity. The default value is 120 seconds.
-- **chainingBaseUrl** - baseUrl for chaining anohter gateway, syntax: `http(s)://host:port`. If defined, gateway beave much like a reverse proxy, validating authorization unless PassThrough mode is enabled. See `Configuration notes` for details
+- **scim.version**: Specifies the SCIM protocol version to use, either "1.1" or "2.0". The default is "2.0".
-- **idleTimeout** - default 120, sets the the number of seconds to wait before timing out a connection due to inactivity
-- **scim.version** - "1.1" or "2.0". Default is "2.0".
-- **scim.skipTypeConvert** - true or false, default false. Multivalue attributes supporting types e.g. emails, phoneNumbers, ims, photos, addresses, entitlements and x509Certificates (but not roles, groups and members) will be become "type converted objects" when sent to modifyUser and createUser. This for simplicity of checking attributes included and also for the endpointMapper method (used by plugin-ldap and plugin-entra-id), e.g.:
+- **scim.skipTypeConvert**: When set to `true`, multivalue attributes with types (e.g., emails, phoneNumbers, ims, photos, addresses, entitlements, and x509Certificates, but not roles, groups, and members) will not be converted into "type converted objects" when sent to `modifyUser` and `createUser`. This is useful for simplifying attribute checks and for the `endpointMapper` method used by `plugin-ldap` and `plugin-entra-id`. For example:
 		"emails": {
 		  "work": {"value": "jsmith@example.com", "type": "work"},
 		  "home": {"value": "", "type": "home", "operation": "delete"},
 		  "undefined": {"value": "jsmith@hotmail.com"}
 		}
-        skipTypeConvert set to true gives attribute "as-is": array, allow duplicate types including blank, but values to be deleted have been marked with "operation": "delete"
+        When `skipTypeConvert` is set to `true`, the attribute is provided "as-is" as an array, allowing duplicate types including blank types. Values to be deleted are marked with `"operation": "delete"`.
 		"emails": [
 		  {"value": "jsmith@example.com", "type": "work"},
 		  {"value": "john.smith.org", "type": "home", "operation": "delete"},
 		  {"value": "jsmith@hotmail.com"}
 		]
-- **scim.skipMetaLocation** - true or false, default false. If set to true, `meta.location` which contains protocol and hostname from request-url, will be excluded from response e.g. `"{...,meta":{"location":"https://my-company.com/<...>"}}`. If using reverse proxy and not including headers `X-Forwarded-Proto` and `X-Forwarded-Host`, originator will be the proxy and we might not want to expose internal protocol and hostname being used by the proxy request.
+- **scim.skipMetaLocation**: When set to `true`, the `meta.location` attribute, which contains the protocol and hostname from the request URL, will be excluded from the response (e.g., `"{...,meta":{"location":"https://my-company.com/<...>"}}`). This is useful when using a reverse proxy and not including the `X-Forwarded-Proto` and `X-Forwarded-Host` headers, as the originator will be the proxy and the internal protocol and hostname should not be exposed.
-- **scim.groupMemberOfUser** - true or false, default false. If body contains groups and groupMemberOfUser=true, groups attribute will remain at user object (groups are member of user) instead of default user member of groups that will use modifyGroup method for maintaining group members.
+- **scim.groupMemberOfUser**: When set to `true`, and the request body contains groups, the `groups` attribute will remain on the user object (groups are members of the user). The default behavior is for the user to be a member of the groups, which uses the `modifyGroup` method to maintain group members.
 - **scim.usePutSoftSync** - true or false, default false. `PUT /Users/bjensen` will replace the user bjensen with body content. If set to `true`, only PUT body content will be replaced. Any additional existing user attributes and groups supported by plugin will remain as-is.
@@ -916,16 +725,16 @@ If several SCIM Gateway´s (same plugin) connect listeners using the same Azure
 ### Configuration notes - running SCIM Gateway as a single binary
-A single binary can be compiled that includes both the gateway and the plugin. The binary must have the same name (prefix) as the configuration file in the config directory, and this directory must be located in the same folder as the binary.
+Bun binary build allowing SCIM Gateway to be compiled into a single executable binary for simplified deployment and execution. The binary must have the same name (prefix) as the configuration file in the config directory, and this directory must be located in the same folder as the binary.
 	cd my-scimgateway
-	bun build --compile --target=bun-darwin-arm64 --outfile ./build/plugin-loki ./lib/plugin-loki.ts
-	// for target options, see: https://bun.com/docs/bundler/executables#cross-compile-to-other-platforms
+	bun build --compile ./lib/plugin-loki.ts --target=bun-darwin-arm64 --outfile ./build/plugin-loki
+	# for target options, see: https://bun.com/docs/bundler/executables#cross-compile-to-other-platforms
 	cp -r ./config ./build
-	// build directory now have what is needed and can be put into production
+	# build directory now ready for production deployment
 	cd build
-	// run the binary - note, binary must have same name (prefix) as the configuration file in the config directory
+	# run the binary - note, binary must have same name (prefix) as the configuration file in the config directory
 	./plugin-loki
@@ -1364,36 +1173,6 @@ Endpoint configuration example:
 For details, please see section "CA Identity Manager as IdP using SCIM Gateway"
-## SCIM Gateway REST API
-	Create = POST http://localhost:8880/Users
-	(body contains the user information)
-	Update = PATCH http://localhost:8880/Users/<id>
-	(body contains the attributes to be updated)
-	Search/Read = GET http://localhost:8880/Users?userName eq
-	"userID"&attributes=<comma separated list of scim-schema defined attributes>
-	Search/explore all users:
-	GET http://localhost:8880/Users?attributes=userName
-	Delete = DELETE http://localhost:8880/Users/<id>
-Discovery:
-	GET http://localhost:8880/ServiceProviderConfigs
-	Specification compliance, authentication schemes, data models.
-	GET http://localhost:8880/Schemas
-	Introspect resources and attribute extensions.
-Note:
-- userName (mandatory) = UserID
-- id (mandatory) = Unique id. Could be set to the same as UserID but don't have to.
 ## API Gateway
 SCIM Gateway also works as an API Gateway when using url `/api` or `/<baseEntity>/api`
@@ -1408,35 +1187,33 @@ Following methods for the none SCIM based api-plugin are supported:
 		PATCH /api/{id} + body
 		DELETE /api/{id}
-These methods can also be used in standard SCIM plugins
+These methods can also be included in standard SCIM plugins
 Please see example plugin: **plugin-api.ts**
 ## How to build your own plugins
-For JavaScript coding editor you may use [Visual Studio Code](https://code.visualstudio.com/ "Visual Studio Code")
+For coding editor you may use [Visual Studio Code](https://code.visualstudio.com/ "Visual Studio Code")
 Preparation:
 * Copy "best matching" example plugin e.g. `lib\plugin-mssql.ts` and `config\plugin-mssql.json` and rename both copies to your plugin name prefix e.g. plugin-mine.ts and plugin-mine.json
 * Edit plugin-mine.json and define a unique port number for the gateway setting
-* Edit index.ts and include your plugin in the startup e.g. `const plugins = ['mine']');`
-* Start SCIM Gateway and verify using using your own SCIM API requests or your IdP/IGA system.
+* Edit index.ts and include your plugin in the startup e.g. `import './lib/plugin-mine.ts'`
+* Start SCIM Gateway and verify
-Now we are ready for custom coding by editing plugin-mine.ts
+We are now ready for custom coding by editing plugin-mine.ts
 Coding should be done step by step and each step should be verified and tested before starting the next
 1. **Turn off group functionality** - getGroups to return empty response (gateway automatically use getGroups for some of the methods if groups not included)
 Please see plugin-saphana that do not use groups.
 2. **getUsers** (test provisioning retrieve all accounts and single account)
-4. **createUser** (test provisioning new account)
-5. **deleteUser** (test provisioning delete account)
-6. **modifyUser** (test provisioning modify account)
-7. **Turn on group functionality** - getGroups having logic for returning groups if groups are supported
+3. **createUser** (test provisioning new account)
+4. **deleteUser** (test provisioning delete account)
+5. **modifyUser** (test provisioning modify account)
+6. **Turn on group functionality** - getGroups having logic for returning groups if groups are supported
 7. **getGroups** (test provisioning retrieve groups)
 8. **modifyGroup** (test provisioning modify group members)
-12. **createGroup** (test provisioning new group)
-13. **deleteGroup** (test provisioning delete account)
+9.  **createGroup** (test provisioning new group)
+10.  **deleteGroup** (test provisioning delete account)
 Template used by CA Provisioning role should only include endpoint supported attributes defined in our plugin. Template should therefore have no links to global user for none supported attributes (e.g. remove %UT% from "Job Title" if our endpoint/code do not support title)
@@ -1488,33 +1265,14 @@ advanced options - **Synchronized** = enabled (toggled on)
 Plugins should have following initialization:
 	// start - mandatory plugin initialization
-	const ScimGateway: typeof import('scimgateway').ScimGateway = await (async () => {
-	  try {
-	    return (await import('scimgateway')).ScimGateway
-	  } catch (err) {
-	    const source = './scimgateway.ts'
-	    return (await import(source)).ScimGateway
-	  }
-	})()
+	import { ScimGateway, HelperRest } from 'scimgateway'
 	const scimgateway = new ScimGateway()
+	const helper = new HelperRest(scimgateway)
 	const config = scimgateway.getConfig()
 	scimgateway.authPassThroughAllowed = false
 	// end - mandatory plugin initialization
-If using REST, we could also include the HelperRest:
-	// start - mandatory plugin initialization
-	...
-	const HelperRest: typeof import('scimgateway').HelperRest = await (async () => {
-	  try {
-	    return (await import('scimgateway')).HelperRest
-	  } catch (err) {
-	    const source = './scimgateway.ts'
-	    return (await import(source)).HelperRest
-	  }
-	})()
-	...
-	// end - mandatory plugin initialization
+	HelperRest could included and used by REST plugins
 Plugins should include following SCIM Gateway methods:
@@ -1545,11 +1303,28 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 ## Change log
+### v6.1.2
+[Fixed]
+- SMTP mail functionality failed because of an updated dependency
+- endpointMapper failed when `mapTo` included multiple comma-separated attributes and one of them was a multivalued attribute, e.g. `{ "mail": { "mapTo": "userName,emails.work.value" } }`
+### v6.1.1
+[Fixed]
+- plugin-ldap, a createUser operation followed immediately by a readUser (automatically performed by SCIM Gateway) may not find the newly created user on some systems, such as Samba AD, due to timing issues
+[Improved]
+- the final info log message now includes a JSON serialization of all elements, such as durationMs, status, requestBody, responseBody, ...
 ### v6.1.0
 [Improved]
-- tsx is now included, allowing SCIM Gateway to be run as a module in Node.js. The mandatory plugin section, which previously required complex dynamic loading, can now be simplified using static imports
+- `tsx` is now included, allowing SCIM Gateway to run as an ES module (TypeScript) in Node.js. The mandatory plugin section, which previously required complex dynamic loading, can now be simplified using static imports
 	**Old plugin-xxx.ts:**
@@ -1613,17 +1388,16 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 		import './lib/plugin-loki.ts'
 		export {}
-- Bun binary build is now supported. A single binary can be compiled that includes both the gateway and the plugin. The binary must have the same name (prefix) as the configuration file in the config directory, and this directory must be located in the same folder as the binary.
+- Bun binary build is now supported allowing SCIM Gateway to be compiled into a single executable binary for simplified deployment and execution. The binary must have the same name (prefix) as the configuration file in the config directory, and this directory must be located in the same folder as the binary.
 		cd my-scimgateway
-		bun build --compile --target=bun-darwin-arm64 --outfile ./build/plugin-loki ./lib/plugin-loki.ts
-		// for target options, see: https://bun.com/docs/bundler/executables#cross-compile-to-other-platforms
+		bun build --compile ./lib/plugin-loki.ts --target=bun-darwin-arm64 --outfile ./build/plugin-loki
+		# for target options, see: https://bun.com/docs/bundler/executables#cross-compile-to-other-platforms
 		cp -r ./config ./build
-		// build directory now have what is needed and can be put into production
+		# build directory now ready for production deployment
 		cd build
-		// run the binary - note, binary must have same name (prefix) as the configuration file in the config directory
+		# run the binary - note, binary must have same name (prefix) as the configuration file in the config directory
 		./plugin-loki
 - Dependencies bump
@@ -3757,5 +3531,3 @@ This plugin now replace previous `plugin-testmode`
 ### v0.2.0
 Initial version

package/config/plugin-ldap.json CHANGED Viewed

@@ -144,13 +144,13 @@
           "namingAttribute": {
             "user": [
               {
-                "attribute": "cn",
+                "attribute": "CN",
                 "mapTo": "userName"
               }
             ],
             "group": [
               {
-                "attribute": "cn",
+                "attribute": "CN",
                 "mapTo": "displayName"
               }
             ]