Fluent Commerce Logo
Docs
Sign In

SCIM Connector Project Configuration

Essential knowledge

Author:

Fluent Commerce

Changed on:

13 Dec 2023

Overview

SCIM Connector Project Configuration

Key points

  • A guide on how to setup the SCIM Connector Project

The project's resource folder contains all build time configurations for the SCIM connector.

  • application-connector.yml - Project and Connector specific configuration.
  • application.yml - Core Connect SDK configuration. These are mostly default configurations and core settings.
  • bootstrap.yml - Server/Container configuration. This file includes settings for all different environments and follows the spring profile standards.
  • logback-spring.xml - Log configuration also supports different configurations based on spring profiles.

It is possible to have dedicated configuration files for each environment. This is often used to override a common setting for a particular environment. To create such a file, follow SpringBoot's format having the additional desired spring profile name at the end of the application.yml file, for example, application-dev.yml

Property

Description

connector-name

This is the name of the connector and this property is used to both name the connector as well as build the path of other configuration keys. Keep characters limited to 'a-z' and '-'.

fluent-account

Account name of Fluent system (e.g, CNCTSSO)

cache

Cache configuration

user-update.renderFluentRoles

Enable when a SCIM client implements role handling according to SCIM RFC-7644 Spec (with add, replace, remove roles patch operations)
When patching user:
If user-update.renderFluentRoles = false: the roles for the user will be overwritten, and any existing roles will be disregarded.If user-update.renderFluentRoles = true: the patch operations will determine how the roles are modified. SCIM client can use the "add", "replace", and "remove" operations to add new roles, update existing roles, or remove roles from the user, respectively.

enable-listeners

Enable/disable listeners feature of Connect SDK

credential.credential-manager

Sets the credential manager. When using AWS, keep the value as "

`aws-secrets-manager`
"

security

The configuration of security layer for SCIM endpoints

1fluent-connect:
2  connector-name: "scim-connector"
3
4  fluent-account: "CNCTSSO"
5
6  cache:
7    caffeine:
8      - name: location
9        expiry-in-seconds: 300
10        max-size: 10000
11      - name: retailer
12        expiry-in-seconds: 300
13        max-size: 10000
14
15  user-update:
16#    enable when a scim-connector client implements role handling according to SCIM RFC-7644 Spec (with add,replace,remove roles patch ops)
17    renderFluentRoles: false
18
19  enable-listeners: false
20
21  credential:
22    credential-manager: "aws-secrets-manager"
23
24  security:
25    web:
26      publicEndpoints:
27        - "/actuator/**"
28        - "/api/docs"
29        - "/swagger-ui.html"
30      customAuthFilters:
31        - "com.fluentcommerce.connect.core.web.security.filters.ScimApiKeyAuthenticationFilter"
32

Language: json

Name: Example

Description:

[Warning: empty required content area]

Cache

Configuration for the cache is mentioned here

By default, the SCIM Connector requires two cache keys:

  • `Location`
    : This cache stores the details of the location obtained by using the CONTEXT_ID when the CONTEXT_TYPE is set to AGENT.
  • `Retailer`
    : This cache stores the retailer's details obtained using the CONTEXT_ID when the CONTEXT_TYPE is set to RETAILER.

Security

Configuration for security is mentioned here.

Proper security configuration for the Authentication Filter is essential to establish a secure connection between SCIM and its client.

1  security:
2    web:
3      publicEndpoints:
4        - "/actuator/**"
5        - "/api/docs"
6        - "/swagger-ui.html"
7      customAuthFilters:
8        - "com.fluentcommerce.connect.core.web.security.filters.ScimApiKeyAuthenticationFilter"

Language: yaml

Name: Authentication Filter

Description:

[Warning: empty required content area]

`publicEndpoints`
 :

  • Authentication credentials should not be required for any requests made to those endpoints.
  • Requests that do not correspond to any of those endpoints should be prohibited.

Although these endpoints are designated as public, all requests made through them will still pass through the Authentication Filter Chain. This means that even if custom authentication filters are specified, and an attempt is made to add authentication to the header, the filter will still verify it.

`customAuthFilters`
 :

  • To ensure proper security, the SCIM connector will use the security module provided by the Connect SDK: 
    `connect-sdk-web-security`
    , with a custom Authentication Filter, added. The authorization request header sent to Fluent must adhere to Fluent's security specifications.
  • The default Authentication Filter used is 
    `ScimApiKeyAuthenticationFilter`
    .


Fluent Commerce

Fluent Commerce

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

Fluent Logo