iam Expose attributes via the SCIM endpoint

Could the attributes (like nickname) be exposed via the SCIM interface please ? Thanks !

May 03 '24 09:05 chaen

Hi, by attributes you mean the ones listed on the bottom-right part of the IAM homepage (also visible at /iam/account/<uuid>/attributes)? If yes, you can query that endpoint to get your attributes either fom web interface (indicating your uuid) or with a token where the sub claim is your uuid.

May 06 '24 09:05 federicaagostini

Hi, thanks for your answer ! The /iam/account/<uuid>/attributes requires the admin.read scope, and I'd prefer to stick to the scim:read. Moreover, the scim api allows for a bulk query, while otherwise I'd need to query each user individually

May 06 '24 10:05 chaen

Can I bump this issue please. This would be really important for LHCb migration

May 22 '24 10:05 chaen

Hi @chaen , I'm including this feature request into another PR which will be included in next IAM release. #764 The logic will be the same of SCIM labels inclusions into SCIM User object:

scim:
  include_attributes:
  - name: Affiliation

If this configuration parameter is not present, no attributes will be added to the user. Example of output:

"urn:indigo-dc:scim:schemas:IndigoUser": {
    attributes: [
      {
        "name": "Affiliation",
        "value": "INFN-CNAF"
      }
    ],
  ...
}

Can this fix be enough?

May 22 '24 14:05 enricovianello

Ciao @enricovianello, Thanks for the follow up ! Do I understand correctly that a configuration change of the IAM instance will be enough to expose the nickname when listing the users ? If so, yes, that should be enough thanks !

May 22 '24 15:05 chaen

Exactly. Perfect! The idea is to allow administrators to select which attributes are exposed through SCIM endpoint.

May 23 '24 08:05 enricovianello