Skip to content
This repository has been archived by the owner on Oct 12, 2022. It is now read-only.

Janssen User and Group Management using jans cli

Jump to bottom
HemantKMehta edited this page Feb 1, 2021 · 7 revisions

scim-cli is bundled with jans-cli and it is useful to perform CRUD operations (create, read, update and delete) on user, group, FIDO, FIDO2 device data. It also has option to discover available SCIM features and resources. This article focuses on user and group management using scim-cli. The scim-cli menu has following options:

 Main Menu

 ---------

 1 User

 2 Group

 3 Discovery

 4 Fido Devices

 5 Fido2 Devices

 6 Search

The User sub-menu has following options:

User
----
1 Query User resources (see section 3.4.2 of RFC 7644)
2 Allows creating a User resource via POST (see section 3.3 of RFC 7644)
3 Retrieves a User resource by Id (see section 3.4.1 of RFC 7644)
4 Updates a User resource (see section 3.5.1 of RFC 7644). Update works in a replacement fashion; 
  every attribute value found in the payload sent will replace the one in the existing resource 
  representation. Attributes not passed in the payload will be left intact.
5 Deletes a user resource
6 Updates one or more attributes of a User resource using a sequence of additions, removals, and 
  replacements operations. See section 3.5.2 of RFC 7644
7 Query User resources (see section 3.4.2 of RFC 7644)

Select option 1, to query details of existing user resources. In this option press enter for all the questions and it will display details of all the existing users. Use the count field to limit the number of users to be displayed.

Use option 2 to add new users. In this option just press enter for the id/ inum field as it will be automatically generated. The add user option asks several questions including Id (inum), resourceType, created, lastModified, location, externalId, userName, familyName, givenName, middleName, honorificPrefix, honorificSuffix, formatted, displayName, nickName, profileUrl, title, userType, preferredLanguage, locale, timezone, active [false], password. There are options to add Email, PhoneNumber, InstantMessagingAddress, Photo, Address, Group, Entitlement, Role and X509Certificate.

After getting input for all the questions the CLI will display these values and asks for confirmation to continue the user creation.

The update and delete user operations uses inum/ id to update/ delete the user.

The Group sub-menu has following options:

Group
-----
1 Query Group resources (see section 3.4.2 of RFC 7644)
2 Allows creating a Group resource via POST (see section 3.3 of RFC 7644)
3 Retrieves a Group resource by Id (see section 3.4.1 of RFC 7644)
4 Updates a Group resource (see section 3.5.1 of RFC 7644). Update works in a replacement fashion;
  every attribute value found in the payload sent will replace the one in the existing resource 
  representation. Attributes not passed in the payload will be left intact.
5 Deletes a group resource (see section 3.6 of RFC 7644)
6 Updates one or more attributes of a Group resource using a sequence of additions, removals, and 
  replacements operations. See section 3.5.2 of RFC 7644
7 Query Group resources (see section 3.4.2 of RFC 7644)

Select option 1, to query details of existing group resources. In this option press enter for all the questions and it will display details of all the existing groups.

Use option 2 to add new group. In this option just press enter for the id/ inum field as it will be automatically generated. The add group option asks several questions including id, resourceType, created, lastModified, location, displayName, Add Member($ref, type, display, value), Add another Member?.

After getting input for all the questions the CLI will display these input values and asks for confirmation to continue the group creation.

This sub-menu also has option to update and delete group using id/ inum.

Clone this wiki locally