Schemas

Schemas #

Resource and extension schema definition #

Both resource and extension are defined in the same format. Example of a custom User resource schema:

"%custom":
  universalid:
    schemas: [
      {
        id: "urn:se:universalid:User",
        name: "customUser",
        description: "A minimal User Schema",
        attributes: [
          {
            attributeField: "value"
          }
        ]
      }
    ]

id #

The unique URI of the schema e.g. "urn:ietf:params:scim:schemas:core:2.0:User".

name (optional) #

The schema’s human-readable name.

description (optional) #

A description of the schema and its usage.

attributes #

A list with the attributes and their sub-attributes defined for the schema.

Attribute #

For example, you can configure a userName attribute as follows:

"%custom":
  universalid:
    schemas: [
      {
        id: "urn:se:universalid:User",
        name: "customUser",
        description: "A minimal User Schema",
        attributes: [
          {
            name: "userName",
            type: "string",
            description: "Username",
            required: true,
            caseExact: false,
            mutability: "readWrite",
            returned: "always",
            uniqueness: "server"
          }
        ]
      }
    ]

Sub-attributes that have a default value don’t have to be defined explicitly.

name #

The attribute’s name.

type #

The attribute’s data type. Valid values are “string”, “boolean”, “decimal”, “integer”, “dateTime”, “reference”, and “complex”. When an attribute is of type “complex”, there SHOULD be a corresponding schema attribute “subAttributes” defined, listing the sub-attributes of the attribute.

subAttributes (if type: complex) #

When an attribute is of type “complex”, “subAttributes” defines a set of sub-attributes. “subAttributes” has the same schema sub-attributes as “attributes”.

multiValued #

A Boolean value indicating the attribute’s plurality. The value assigned to this attribute returns a list. DEFAULT is false.

description #

The attribute’s human-readable description. When applicable, service providers MUST specify the description.

required #

A Boolean value that specifies whether or not the attribute is required.

caseExact #

A Boolean value that specifies whether or not a string attribute is case sensitive. The server SHALL use case sensitivity when evaluating filters. For attributes that are case exact, the server SHALL preserve case for any value submitted.

If the attribute is case insensitive, the server MAY alter case for a submitted value. Case sensitivity also impacts how attribute values MAY be compared against filter values.

mutability #

A single keyword indicating the circumstances under which the value of the attribute can be (re) defined:

  • readOnly The attribute SHALL NOT be modified.
  • readWrite The attribute MAY be updated and read at any time. This is the default value.
  • immutable The attribute MAY be defined at resource creation (e.g., POST) or at record replacement via a request (e.g., a PUT). The attribute SHALL NOT be updated.
  • writeOnly The attribute MAY be updated at any time. Attribute values SHALL NOT be returned ( e.g., because the value is a stored hash).

Note: An attribute with a mutability of “writeOnly” usually also has a returned setting of “never”.

returned #

A single keyword that indicates when an attribute and associated values are returned in response to a GET request or in response to a PUT, POST, or PATCH request. Valid keywords are as follows:

  • always The attribute is always returned, regardless of the contents of the “attributes” parameter. For example, “id” is always returned to identify a SCIM resource.
  • never The attribute is never returned. This may occur because the original attribute value ( e.g., a hashed value) is not retained by the service provider. A service provider MAY allow attributes to be used in a search filter.
  • default The attribute is returned by default in all SCIM operation responses where attribute values are returned. If the GET request “attributes” parameter is specified, attribute values are only returned if the attribute is named in the “attributes” parameter. DEFAULT.
  • request The attribute is returned in response to any PUT, POST, or PATCH operations if the attribute was specified by the client (for example, the attribute was modified). The attribute is returned in a SCIM query operation only if specified in the “attributes” parameter.

uniqueness #

A single keyword value that specifies how the service provider enforces uniqueness of attribute values:

  • none The values are not intended to be unique in any way. DEFAULT.
  • server The value SHOULD be unique within the context of the current SCIM endpoint (or tenancy) and MAY be globally unique (e.g., a “username”, email address, or other server-generated key or counter).
  • global The value SHOULD be globally unique (e.g., an email address, a GUID, or other value).

referenceTypes (optional) #

A multivalued array of JSON strings that indicate the SCIM resource types that may be referenced.

canonicalValues (optional) #

A collection of suggested canonical values that MAY be used (e.g., “work” and “home”). In some cases, service providers MAY choose to ignore unsupported values.