Merge pull request #106117 from ArvindHarinder1/patch-92

Remove code snippets

Author: PRMerger13

articles/active-directory/app-provisioning/use-scim-to-provision-users-and-groups.md

@@ -757,7 +757,7 @@ TLS 1.2 Cipher Suites minimum bar:
 Now that you have desidned your schema and understood the Azure AD SCIM implementation, you can get started developing your SCIM endpoint. Rather than starting from scratch and building the implementation completely on your own, you can rely on a number of open source SCIM libraries published by the SCIM commuinty.  
 The open source .NET Core [reference code](https://aka.ms/SCIMReferenceCode) published by the Azure AD provisioning team is one such resource that can jump start your development. Once you've built your SCIM endpoint, you'll want to test it out. You can use the collection of [postman tests](https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint) provided as part of the reference code or run through the sample requests / responses provided [above](https://docs.microsoft.com/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#user-operations).  
 
- Here’s how it works:
+Here’s how it works:
 
 1. Azure AD provides a common language infrastructure (CLI) library named Microsoft.SystemForCrossDomainIdentityManagement, included with the code samples describe below. System integrators and developers can use this library to create and deploy a SCIM-based web service endpoint that can connect Azure AD to any application’s identity store.
 2. Mappings are implemented in the web service to map the standardized user schema to the user schema and protocol required by the application. 
@@ -823,190 +823,8 @@ The easiest way to implement a SCIM endpoint that can accept provisioning reques
 1. Select **Save** to start the Azure AD provisioning service.
 1. If syncing only assigned users and groups (recommended), be sure to select the **Users and groups** tab and assign the users or groups you want to sync.
 Once the initial cycle has started, you can select **Audit logs** in the left panel to monitor progress, which shows all actions done by the provisioning service on your app. For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](check-status-user-account-provisioning.md).
-
 The final step in verifying the sample is to open the TargetFile.csv file in the \AzureAD-BYOA-Provisioning-Samples\ProvisioningAgent\bin\Debug folder on your Windows machine. Once the provisioning process is run, this file shows the details of all assigned and provisioned users and groups.
 
-### Development libraries
-
-To develop your own web service that conforms to the SCIM specification, first familiarize yourself with the following libraries provided by Microsoft to help accelerate the development process:
-
-* Common Language Infrastructure (CLI) libraries are offered for use with languages based on that infrastructure, such as C#. One of those libraries, Microsoft.SystemForCrossDomainIdentityManagement.Service, declares an interface, Microsoft.SystemForCrossDomainIdentityManagement.IProvider, shown in the following illustration. A developer using the libraries would implement that interface with a class that may be referred to, generically, as a provider. The libraries let the developer deploy a web service that conforms to the SCIM specification. The web service can be either hosted within Internet Information Services, or any executable CLI assembly. Request is translated into calls to the provider’s methods, which would be programmed by the developer to operate on some identity store.
-
-   ![Breakdown: A request translated into calls to the provider's methods](media/use-scim-to-provision-users-and-groups/scim-figure-3.png)
-
-* [Express route handlers](https://expressjs.com/guide/routing.html) are available for parsing node.js request objects representing calls (as defined by the SCIM specification), made to a node.js web service.
-
-### Building a custom SCIM endpoint
-
-Developers using the CLI libraries can host their services within any executable CLI assembly, or within Internet Information Services. Here is sample code for hosting a service within an executable assembly, at the address http://localhost:9000: 
-
-```csharp
- private static void Main(string[] arguments)
- {
- // Microsoft.SystemForCrossDomainIdentityManagement.IMonitor, 
- // Microsoft.SystemForCrossDomainIdentityManagement.IProvider and 
- // Microsoft.SystemForCrossDomainIdentityManagement.Service are all defined in 
- // Microsoft.SystemForCrossDomainIdentityManagement.Service.dll.  
- Microsoft.SystemForCrossDomainIdentityManagement.IMonitor monitor = 
-   new DevelopersMonitor();
- Microsoft.SystemForCrossDomainIdentityManagement.IProvider provider = 
-   new DevelopersProvider(arguments[1]);
- Microsoft.SystemForCrossDomainIdentityManagement.Service webService = null;
- try
- {
-     webService = new WebService(monitor, provider);
-     webService.Start("http://localhost:9000");
-     Console.ReadKey(true);
- }
- finally
- {
-     if (webService != null)
-     {
-         webService.Dispose();
-         webService = null;
-     }
- }
- }
- public class WebService : Microsoft.SystemForCrossDomainIdentityManagement.Service
- {
- private Microsoft.SystemForCrossDomainIdentityManagement.IMonitor monitor;
- private Microsoft.SystemForCrossDomainIdentityManagement.IProvider provider;
- public WebService(
-   Microsoft.SystemForCrossDomainIdentityManagement.IMonitor monitoringBehavior, 
-   Microsoft.SystemForCrossDomainIdentityManagement.IProvider providerBehavior)
- {
-     this.monitor = monitoringBehavior;
-     this.provider = providerBehavior;
- }
- public override IMonitor MonitoringBehavior
- {
-     get
-     {
-         return this.monitor;
-     }
-     set
-     {
-         this.monitor = value;
-     }
- }
- public override IProvider ProviderBehavior
- {
-     get
-     {
-         return this.provider;
-     }
-     set
-     {
-         this.provider = value;
-     }
- }
- }
-```
-
-This service must have an HTTP address and server authentication certificate of which the root certification authority is one of the following names: 
-
-* CNNIC
-* Comodo
-* CyberTrust
-* DigiCert
-* GeoTrust
-* GlobalSign
-* Go Daddy
-* VeriSign
-* WoSign
-
-A server authentication certificate can be bound to a port on a Windows host using the network shell utility:
-
-```
-netsh http add sslcert ipport=0.0.0.0:443 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
-```
-
-Here, the value provided for the certhash argument is the thumbprint of the certificate, while the value provided for the appid argument is an arbitrary globally unique identifier.  
-
-To host the service within Internet Information Services, a developer would build a CLI code library assembly with a class named Startup in the default namespace of the assembly.  Here is a sample of such a class: 
-
-```csharp
- public class Startup
- {
- // Microsoft.SystemForCrossDomainIdentityManagement.IWebApplicationStarter, 
- // Microsoft.SystemForCrossDomainIdentityManagement.IMonitor and  
- // Microsoft.SystemForCrossDomainIdentityManagement.Service are all defined in 
- // Microsoft.SystemForCrossDomainIdentityManagement.Service.dll.  
- Microsoft.SystemForCrossDomainIdentityManagement.IWebApplicationStarter starter;
- public Startup()
- {
-     Microsoft.SystemForCrossDomainIdentityManagement.IMonitor monitor = 
-       new DevelopersMonitor();
-     Microsoft.SystemForCrossDomainIdentityManagement.IProvider provider = 
-       new DevelopersProvider();
-     this.starter = 
-       new Microsoft.SystemForCrossDomainIdentityManagement.WebApplicationStarter(
-         provider, 
-         monitor);
- }
- public void Configuration(
-   Owin.IAppBuilder builder) // Defined in Owin.dll.  
- {
-     this.starter.ConfigureApplication(builder);
- }
- }
-```
-
-### Handling endpoint authentication
-
-Requests from Azure Active Directory include an OAuth 2.0 bearer token.   Any service receiving the request should authenticate the issuer as being Azure Active Directory for the expected Azure Active Directory tenant, for access to the Microsoft Graph API service.  In the token, the issuer is identified by an iss claim, like "iss":"https://sts.windows.net/cbb1a5ac-f33b-45fa-9bf5-f37db0fed422/".  In this example, the base address of the claim value, https://sts.windows.net, identifies Azure Active Directory as the issuer, while the relative address segment, cbb1a5ac-f33b-45fa-9bf5-f37db0fed422, is a unique identifier of the Azure Active Directory tenant for which the token was issued. The audience for the token will be the application template ID for the app in the gallery. The application template ID for all custom apps is 8adf8e6e-67b2-4cf2-a259-e3dc5476c621. The application template ID for each app in the gallery varies. Please contact [email protected] for questions on the application template ID for a gallery application. Each of the applications registered in a single tenant may receive the same `iss` claim with SCIM requests.
-
-   > [!NOTE]
-   > It's ***not*** recommended to leave this field blank and rely on a token generated by Azure AD. This option is primarily available for testing purposes.
-Developers using the CLI libraries provided by Microsoft for building a SCIM service can authenticate requests from Azure Active Directory using the Microsoft.Owin.Security.ActiveDirectory package by following these steps: 
-First, in a provider, implement the Microsoft.SystemForCrossDomainIdentityManagement.IProvider.StartupBehavior property by having it return a method to be called whenever the service is started: 
-
-```csharp
-  public override Action<Owin.IAppBuilder, System.Web.Http.HttpConfiguration.HttpConfiguration> StartupBehavior
-  {
-    get
-    {
-      return this.OnServiceStartup;
-    }
-  }
-  private void OnServiceStartup(
-    Owin.IAppBuilder applicationBuilder,  // Defined in Owin.dll.  
-    System.Web.Http.HttpConfiguration configuration)  // Defined in System.Web.Http.dll.  
-  {
-  }
-```
-
-Next, add the following code to that method to have any request to any of the service’s endpoints authenticated as bearing a token issued by Azure Active Directory for a specified tenant, for access to the Microsoft Graph API service: 
-
-```csharp
-  private void OnServiceStartup(
-    Owin.IAppBuilder applicationBuilder IAppBuilder applicationBuilder, 
-    System.Web.Http.HttpConfiguration HttpConfiguration configuration)
-  {
-    // IFilter is defined in System.Web.Http.dll.  
-    System.Web.Http.Filters.IFilter authorizationFilter = 
-      new System.Web.Http.AuthorizeAttribute(); // Defined in System.Web.Http.dll.configuration.Filters.Add(authorizationFilter);
-    // SystemIdentityModel.Tokens.TokenValidationParameters is defined in    
-    // System.IdentityModel.Token.Jwt.dll.
-    SystemIdentityModel.Tokens.TokenValidationParameters tokenValidationParameters =     
-      new TokenValidationParameters()
-      {
-        ValidAudience = "8adf8e6e-67b2-4cf2-a259-e3dc5476c621"
-      };
-    // WindowsAzureActiveDirectoryBearerAuthenticationOptions is defined in 
-    // Microsoft.Owin.Security.ActiveDirectory.dll
-    Microsoft.Owin.Security.ActiveDirectory.
-    WindowsAzureActiveDirectoryBearerAuthenticationOptions authenticationOptions =
-      new WindowsAzureActiveDirectoryBearerAuthenticationOptions()    {
-      TokenValidationParameters = tokenValidationParameters,
-      Tenant = "03F9FCBC-EA7B-46C2-8466-F81917F3C15E" // Substitute the appropriate tenant’s 
-                                                    // identifier for this one.  
-    };
-    applicationBuilder.UseWindowsAzureActiveDirectoryBearerAuthentication(authenticationOptions);
-  }
-```
-
-
 ## Step 4: Integrate your SCIM endpoint with the Azure AD SCIM client
 
 Azure AD can be configured to automatically provision assigned users and groups to applications that implement a specific profile of the [SCIM 2.0 protocol](https://tools.ietf.org/html/rfc7644). The specifics of the profile are documented in [Step 2: Understand the Azure AD SCIM implementation](#step-2-understand-the-azure-ad-scim-implementation).