This is an example WSGI-SCIM server using scim2-models. It utilizes werkzeug and scim2-filter-parser and keeps all resources in-memory, they are lost once the process exits.
/v2/ServiceProviderConfig, /v2/ResourceTypes, /v2/Schemas)POST, GET, PUT, DELETE)The only optional feature currently missing is support for Bulk operations (RFC 7644, Section 3.7).
$ scim2-server [-h] [--schema SCHEMA] [--resource-type RESOURCE_TYPE] [--bearer-token BEARER_TOKEN] [--hostname HOSTNAME] [--port PORT] [--reverse-proxy] [--dump-resources DUMP_RESOURCES]
-h/--help: Show help message--reverse-proxy: Allow using the provider behind a Reverse Proxy (required for URL rewriting).--schema: Register schemas from specified JSON file. If not provided, loads the default schemas from RFC 7643.--resource-type: Register resource types from specified JSON file. If not provided, loads the default resource types from RFC 7643.--bearer-token: Registers a bearer token that can be used for accessing the service. If no tokens are provided, anonymous access without authentication is allowed.--hostname: The hostname to listen on. Defaults to 127.0.0.1.--port: The port to listen on. Defaults to 8080.--dump-resources: Dump a JSON document containing all resources when the provider exits normally.This provider can be used as a starting point if you want to implement a SCIM provider. You should probably change the following things, if you want to use it in production:
scim2_server.backend.Backend/Me endpoint, if it applies in your use caseThe provider in its current state has been tested successfully against a live Microsoft Entra system as well as a live Okta system.
Parts of this software were initially developed at CONTACT Software (GitHub) and subsequently made available under the Apache License Version 2.0.
FAQs
Lightweight SCIM2 server prototype
We found that scim2-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
Research
/Security News
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.
Security News
TC39 advances 11 JavaScript proposals, with two moving to Stage 4, bringing better math, binary APIs, and more features one step closer to the ECMAScript spec.