[英]SCIM endpoint and user provisioning with Azure Active Directory & Symfony
i'm developing a SCIM endpoint API to enable automatic provisioning of users between my symfony v5 application and Azure AD .我正在开发一个SCIM 端点API 以在我的symfony v5应用程序和Azure AD之间自动配置用户。 Actually i did not find enough documentation to help me develop this, also i am not an expert but i followed docs.microsoft for some guidelines.
实际上我没有找到足够的文档来帮助我开发这个,我也不是专家,但我遵循了 docs.microsoft 的一些指导方针。 i start by building a symfony REST API CRUD without using any bundle,all my endpoints start by /Users.
我首先在不使用任何捆绑包的情况下构建 symfony REST API CRUD,我的所有端点都由 /Users 开始。
Then i hosted my application on a remote site (PLESK) with this url: https://example.com/ and now i want to Integrate my SCIM endpoint with the Azure AD SCIM client.然后我用这个 url: https://example.com/将我的应用程序托管在远程站点 (PLESK) 上,现在我想将我的 SCIM 端点与 Z3A580F142203667F1F0BC3088 客户端集成。 In the Tenant URL field i put this URL: https://example.com/scim but i receive this error, can anyone please explain me if i am doing the right thing?
在租户 URL字段中,我输入了这个 URL: https://example.com/scim ,但如果我收到这个错误,谁能解释一下吗? and why i receive this error?
为什么我会收到这个错误?
You appear to have entered invalid credentials.
您似乎输入了无效的凭据。 Please confirm you are using the correct information for an administrative account.
请确认您为管理帐户使用了正确的信息。 Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable Details: We received this unexpected response from your application: An HTTP/404 Not Found response was returned rather than the expected HTTP/200 OK response.
错误代码:SystemForCrossDomainIdentityManagementCredentialValidationUnavailable 详细信息:我们从您的应用程序收到此意外响应:返回的是 HTTP/404 Not Found 响应,而不是预期的 HTTP/200 OK 响应。 To address this issue, ensure that the tenant URL is correct.
为解决此问题,请确保租户 URL 正确。 The tenant URL is usually in a format like: https://<>/scim.
租户 URL 通常采用如下格式:https://<>/scim。 If this does not resolve the issue, contact the application developer to ensure their SCIM endpoint conforms with the protocol https://tools.ietf.org/html/rfc7644#section-3.4.2
如果这不能解决问题,请联系应用程序开发人员以确保他们的 SCIM 端点符合协议https://tools.ietf.org/html/rfc7644#section-3.4.2
this is my API Controller Class example create user:这是我的 API Controller Class 示例创建用户:
class APIController extends AbstractController
{
//Create User
/**
* @Route("/Users", name="ajout", methods={"POST"})
*/
public function addUser(Request $request){
//On verifie si on a une requette
// On vérifie si la requête est une requête Ajax
//if($request->isXmlHttpRequest()) {
// On instancie un nouvel article
$user = new User();
// On décode les données envoyées
$donnees = json_decode($request->getContent());
// On hydrate l'objet
$user->setEmail($donnees->email);
$user->setRoles($donnees->roles);
// On sauvegarde en base
$entityManager = $this->getDoctrine()->getManager();
$entityManager->persist($user);
$entityManager->flush();
// On retourne la confirmation
return new Response('ok', 201);
}
//return new Response('Failed', 404); }
}
Azure AD us expecting a response that looks.like this. Azure AD 我们期待一个看起来像这样的响应。 That would allow you to validate creds.
这将允许您验证信用。
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 0,
"Resources": [],
"startIndex": 1,
"itemsPerPage": 20
}
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#get-user-by-query---zero-results https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#get-user-by-query---zero-结果
URL https://example.com/scim
will not work, because you have no prefix scim
defined in @Route annotations, only "Users". URL
https://example.com/scim
将不起作用,因为您在 @Route 注释中没有定义前缀scim
,只有“用户”。 Url https://example.com
also. Url
https://example.com
也是。 Probably Azure wants check GET method - because in SCIM docs http://www.simplecloud.info/ only such a method returns 200 response code.可能 Azure 想要检查 GET 方法 - 因为在 SCIM 文档http://www.simplecloud.info/只有这样的方法返回 200 响应代码。
First of all - specify all the needed routes defined in the SCIM.首先 - 指定 SCIM 中定义的所有需要的路由。
Secondly - use Postman and test routes manually based on http://www.simplecloud.info/ documentation or even better - write e2e tests for it https://symfony.com/doc/current/testing.html#functional-tests其次 - 使用 Postman 并根据http://www.simplecloud.info/文档手动测试路线,甚至更好 - 为它编写 e2e 测试Z5E056C500A1C4B6A7110B50D80D807BADE/testing.html#functional
Next - make sure what is your really working URL下一步 - 确保你真正工作的 URL
Finally - test the integration within Azure test tool最后 - 测试 Azure 测试工具内的集成
PS. PS。 Why not the ApiPlatform based on Symfony 5?
为什么不是基于 Symfony 5 的 ApiPlatform? You will make it everything much faster.
你会让一切变得更快。
PS2. PS2。 You can watch some ready to go Microsoft Reference Codes for SCIM (for C#, but still worthwhile to read - especially README).
您可以观看一些准备好的 go Microsoft Reference Codes for SCIM(适用于 C#,但仍然值得一读——尤其是自述文件)。 https://github.com/AzureAD/SCIMReferenceCode
https://github.com/AzureAD/SCIMReferenceCode
Also, wiki page about testing is great, you should check it https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint此外,关于测试的 wiki 页面很棒,你应该检查它https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.