Ticket #470 : SCIM is secured with APIKEY

Can update the default SCIM Schema Name
Update the documentation and README

Author: habarthierry-hue

README.md

@@ -91,7 +91,7 @@ By default, there is one administrator account configured. It is possible to acc
 
 The IdentityServer UI uses Bootstrap 5.
 
-![IdentityServer](docs/documentation/gettingstarted/images/IdentityServer-1.png)
+![IdentityServer](images/docs/documentation/gettingstarted/images/IdentityServer-1.png)
 
 ## Create IdentityServer website project
 
@@ -117,7 +117,17 @@ Using the website, you can perform configurations of users and clients.
 
 The IdentityServer website UI uses Radzen.
 
-![IdentityServerWebsite](docs/documentation/gettingstarted/images/IdentityServerWebsite-2.png)
+![IdentityServerWebsite](images/docs/documentation/gettingstarted/images/IdentityServerWebsite-2.png)
+
+## SCIM Security
+
+By default SCIM is configured to use API KEY authentication.
+Any clients who want to execute one operation must pass one of those keys into `HTTP HEADER Authorization Bearer`.
+
+| Owner    | Value                                |
+| -------- | ------------------------------------ |
+| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 |
+| AzureAd  | 1595a72a-2804-495d-8a8a-2c861e7a736a |
 
 ## Create SCIM project with EF support
 
@@ -142,7 +152,7 @@ cd src/SCIMEF
 dotnet run --urls=http://localhost:5003
 ```
 
-Now the SCIM server is running, you can check its Schemas endpoint on [http://localhost:5003/Schemas][http://localhost:5003/Schemas].
+Now the SCIM server is running, you can check its Schemas endpoint on [http://localhost:5003/Schemas](http://localhost:5003/Schemas).
 
 ## Create SCIM project with MongoDB support
 
@@ -167,7 +177,7 @@ cd src/ScimMongoDB
 dotnet run --urls=http://localhost:5003
 ```
 
-Now the SCIM server is running, you can check its Schemas endpoint on [http://localhost:5003/Schemas][http://localhost:5003/Schemas].
+Now the SCIM server is running, you can check its Schemas endpoint on [http://localhost:5003/Schemas](http://localhost:5003/Schemas).
 
 # Running with docker
 

docs/documentation/gettingstarted/index.md

@@ -94,6 +94,16 @@ The IdentityServer website UI uses Radzen.
 
 ![IdentityServerWebsite](images/IdentityServerWebsite-2.png)
 
+## SCIM Security
+
+By default SCIM is configured to use API KEY authentication.
+Any clients who want to execute one operation must pass one of those keys into `HTTP HEADER Authorization Bearer`.
+
+| Owner    | Value                                |
+| -------- | ------------------------------------ |
+| IdServer | ba521b3b-02f7-4a37-b03c-58f713bf88e7 |
+| AzureAd  | 1595a72a-2804-495d-8a8a-2c861e7a736a |
+
 ## Create SCIM project with EF support
 
 Create a web project named `ScimEF` with the `SimpleIdServer.Scim.Persistence.EF` package installed and Entity Framework (EF) configured to use SQLServer.

src/IdServer/SimpleIdServer.IdServer.Startup/Converters/FacebookOptionsLite.cs

@@ -8,9 +8,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters
 {
     public class FacebookOptionsLite : IDynamicAuthenticationOptions<FacebookOptions>
     {
-        [VisibleProperty("AppId")]
+        [SimpleIdServer.IdServer.Serializer.VisibleProperty("AppId")]
         public string AppId { get; set; }
-        [VisibleProperty("AppSecret")]
+        [SimpleIdServer.IdServer.Serializer.VisibleProperty("AppSecret")]
         public string AppSecret { get; set; }
 
         public FacebookOptions Convert() => new FacebookOptions

src/IdServer/SimpleIdServer.IdServer.Startup/Converters/OpenIdConnectLiteOptions.cs

@@ -8,9 +8,9 @@ namespace SimpleIdServer.IdServer.Startup.Converters
 {
     public class OpenIdConnectLiteOptions : IDynamicAuthenticationOptions<OpenIdConnectOptions>
     {
-        [VisibleProperty("ClientId")]
+        [SimpleIdServer.IdServer.Serializer.VisibleProperty("ClientId")]
         public string ClientId { get; set; }
-        [VisibleProperty("ClientSecret")]
+        [SimpleIdServer.IdServer.Serializer.VisibleProperty("ClientSecret")]
         public string ClientSecret { get; set; }
 
         public OpenIdConnectOptions Convert()

src/Scim/SimpleIdServer.Scim.Persistence.EF/SCIMDbContext.cs

@@ -1,15 +1,19 @@
 // Copyright (c) SimpleIdServer. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Options;
 using SimpleIdServer.Scim.Domains;
 using SimpleIdServer.Scim.Persistence.EF.Configurations;
 
 namespace SimpleIdServer.Scim.Persistence.EF
 {
     public class SCIMDbContext : DbContext
     {
-        public SCIMDbContext(DbContextOptions<SCIMDbContext> dbContextOptions) : base(dbContextOptions)
+        private readonly SCIMEFOptions _options;
+
+        public SCIMDbContext(DbContextOptions<SCIMDbContext> dbContextOptions, IOptions<SCIMEFOptions> options) : base(dbContextOptions)
         {
+            _options = options.Value;
         }
 
         public DbSet<SCIMAttributeMapping> SCIMAttributeMappingLst { get; set; }
@@ -22,6 +26,7 @@ public SCIMDbContext(DbContextOptions<SCIMDbContext> dbContextOptions) : base(db
         protected override void OnModelCreating(ModelBuilder modelBuilder)
         {
             base.OnModelCreating(modelBuilder);
+            if (!string.IsNullOrWhiteSpace(_options.DefaultSchema)) modelBuilder.HasDefaultSchema(_options.DefaultSchema);
             modelBuilder.ApplyConfiguration(new ProvisioningConfConfiguration());
             modelBuilder.ApplyConfiguration(new ProvisioningConfigurationHistoryConfiguration());
             modelBuilder.ApplyConfiguration(new ProvisioningConfigurationRecordConfiguration());

src/Scim/SimpleIdServer.Scim.Persistence.EF/SCIMEFOptions.cs

@@ -0,0 +1,9 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+namespace SimpleIdServer.Scim.Persistence.EF
+{
+    public class SCIMEFOptions
+    {
+        public string DefaultSchema { get; set; } = "dbo";
+    }
+}

src/Scim/SimpleIdServer.Scim.Persistence.EF/ServiceCollectionExtensions.cs

@@ -9,15 +9,17 @@ namespace Microsoft.Extensions.DependencyInjection
 {
     public static class ServiceCollectionExtensions
     {
-        public static IServiceCollection AddScimStoreEF(this IServiceCollection services, Action<DbContextOptionsBuilder> optionsAction = null)
+        public static IServiceCollection AddScimStoreEF(this IServiceCollection services, Action<DbContextOptionsBuilder> dbContextOptsCallback = null, Action<SCIMEFOptions> optionsCallback = null)
         {
             services.AddTransient<ISCIMRepresentationCommandRepository, EFSCIMRepresentationCommandRepository>();
             services.AddTransient<ISCIMRepresentationQueryRepository, EFSCIMRepresentationQueryRepository>();
             services.AddTransient<ISCIMSchemaQueryRepository, EFSCIMSchemaQueryRepository>();
             services.AddTransient<ISCIMSchemaCommandRepository, EFSCIMSchemaCommandRepository>();
             services.AddTransient<ISCIMAttributeMappingQueryRepository, EFSCIMAttributeMappingQueryRepository>();
             services.AddTransient<IProvisioningConfigurationRepository, EFProvisioningConfigurationRepository>();
-            services.AddDbContext<SCIMDbContext>(optionsAction);
+            services.AddDbContext<SCIMDbContext>(dbContextOptsCallback);
+            if (optionsCallback == null) services.Configure<SCIMEFOptions>(o => { });
+            else services.Configure(optionsCallback);
             return services;
         }
     }