Re: [Dev][IS][APIM] Providing a SCIM Id for admin user in SCIM
On Tue, Jun 13, 2017 at 10:31 AM, Isura Karunaratne <[hidden email]> wrote:
On Mon, Jun 12, 2017 at 2:25 PM, Tharika Madurapperuma <[hidden email]> wrote:
In APIM 3.0, we plan to have a feature for enabling Read, Update, Delete permissions for an API based on roles in API Publisher. For user validation purposes, we need to retrieve the list of roles for the loggedin user. This role list is retrieved using the user's SCIM Id. But since the admin user by default does not have an ID as per  and is not regarded as a SCIM user, we wont be able to retrieve the list of roles for the admin.
There are two possible options for making this work.
Option 1: Either from APIM 3.0 side we should make a call to the SCIM endpoint and update the admin user to have a SCIM ID as in , preferably during startup or
Option 2: We can make the admin user have an Id by default from SCIM Implementation in IS.
If we go with Option 1, it amounts to an additional call to the SCIM endpoint to update the user and a question arises as to where we should be updating it. The SCIM Id for the admin user is needed only in this scenario for retrieving roles currently, hence updating the admin user during startup is questionable.
IMO Option 2 is preferrable because it will not result in an additional update as in Option 1 above.
Will there be any plans to include this capability in IS 5.4.0?
This capability will not include in IS 5.4.0 release, if this is urgent, we can prioritize
Please do include. Otherwise we'll have to do hacks to get the basic functionalitties working for the default (admin) user.
 [Dev] [IS] Admin/Tenant Admin Users cannot be filtered to get the SCIM ID