Enterprise-Ready Workshop: SCIM

oktadev-blog · July 29, 2023, 1:50am

Hello SaaS developers! You sell your software to technologically mature enterprises, and they expect it to interface seamlessly with all their other tools. In our Enterprise-Ready Workshop on OpenID Connect, you learned how to solve part of this problem, by creating user accounts in your application for your customers’ employees whenever they log in.

This is a companion discussion topic for the original entry at https://developer.okta.com/blog/2023/07/28/scim-workshop

tech-binder · February 10, 2024, 12:19pm

Hello there, The issue mentioned at 19:25 in the workshop video is occurring even after adding the bodyParser code in main.ts. I’m on npm 20. Wondering if it has anything to do with the “unable to load tsconfig-paths”? As of today there are no open issues on Github related to this

tech-binder · February 19, 2024, 11:41am

@alisaduncan appreciate if you can help here as well

alisaduncan · February 20, 2024, 2:46pm

Hi there @tech-binder !

Thanks for the nudge and for working through the workshop! I haven’t tried this on Node 20, but my guess is it’s not a Node version (I could be mistaken though). Let’s see if we can figure this out together.

Double checks never hurt, so why don’t we start by clearing out dependencies, re-installing the dependencies, and resetting the tooling. Please run the following commands to do so

rm -rf node_modules
npm ci
npx nx reset

Does that resolve the error you’re seeing with the content-type parsing?

If not, the next step is verifying the completed project runs on your machine. Please try cloning the project to a new location on your machine, then checkout the completed branch for the SCIM workshop to run it locally and ensure it works:

git clone git@github.com:oktadev/okta-enterprise-ready-workshops.git
git checkout scim-workshop-complete
npm ci
npm run init-db
npm start

Let us know what you see! If you’re still running into trouble, I’m happy to try installing Node 20 or to set up an office hours call to troubleshoot.

sigama · February 20, 2024, 8:13pm

Hi @tech-binder, can you try updating line 177 to the following instead app.use(bodyParser.json({ type: 'application/scim+json' })); and see if the error goes away?

tech-binder · February 23, 2024, 5:18am

@sigama thanks your response. After I reinstalled the dependencies as suggested by @alisaduncan it works with both either of the code samples

app.use(bodyParser.json({type: [‘application/json’, ‘application/scim+json’]}));

or

app.use(bodyParser.json({ type: 'application/scim+json' }));

tech-binder · February 23, 2024, 5:42am

@alisaduncan thanks a ton. Reinstalling the dependencies fixed it!

alisaduncan · February 23, 2024, 10:41pm

Awesome! Glad to hear it! Let us know if you run into anything else. Happy coding!

tech-binder · March 19, 2024, 12:50pm

@sigama just finished the workshop and it was fun putting SCIM to work. Amazed at how quickly the sync is happening between Okta Idp and the application. I plan on trying the last part of “Scaling SCIM server to support multitenancy” myself to understand how that can be handled. Thanks again for putting this together.

sigama · March 19, 2024, 5:17pm

@tech-binder Awesome to know you were able to set up SCIM with Okta! Thanks for letting us know. Let us know if you have other questions. Happy to help!

tech-binder · March 25, 2024, 2:38pm

@sigama in the Developer Okta Portal Application Configuration I noticed that for the SCIM 2.0 Test App under “Sign On” tab the Sign on method configured is SAML 2.0. I couldn’t understand how this is related to any of the workflows in the webinar. Could you explain?

sigama · March 26, 2024, 5:00am

@tech-binder good question. There are two ways to create a SCIM application: 1) via the App Integration Wizard (private SCIM app) which you can add SSO (SAML or SWA), and 2) the Template App (public SCIM app), which doesn’t support SSO.

What I have demonstrated in the workshop is the Template App option of integrating SCIM with Okta. Although it has the SSO settings as you pointed out, this Template App is primarily used for submitting a SCIM integration to our Okta Integration Network (OIN). You can read more about the difference here - Publish an OIN integration | Okta Developer.

If you want to submit an SSO-enabled app to our OIN you must submit it separately from your SCIM integration – per our instructions here https://oinmanager.okta.com/.

Are you looking to submit an OIDC or SAML app with your SCIM integration? I am happy to guide you.

tech-binder · March 28, 2024, 2:42pm

My question is regarding the SCIM workflows and related concepts. Since this is purely syncing of entities (users) between two applications (Okta and the test application) I do not understand a need for SSO. In the workshop, there was no user login in step - isn’t it?

sigama · March 28, 2024, 3:55pm

Hi @tech-binder great question! So this workshop was part of an Enterprise-Ready series. Besides adding SCIM as a feature in your Todo app, you can also add OpenID Connect (OIDC). Supporting both SCIM and OIDC in the Todo app allows you to provision users to your database and so when your users log in for the first time they will be able to SSO/login through an Identity Provider (IdP) such as Okta. OIDC will redirect to the IdP to take care of the login process for you .

tech-binder · March 30, 2024, 6:39am

Got it. Thanks for your patience!

BTW, at the moment I’m not planning any App for submitting to OIN. Appreciate your offer for assistance.