SCIM API
- Get a list of SAML users
- Get a single SAML user
- Create a SAML user
- Update a single SAML user
- Remove a single SAML user
- Available filters
- Available operations
SCIM API
Introduced in GitLab Silver 11.10.
SCIM API 实现RFC7644 协议 .
警告:此 API 供内部系统用于与 SCIM 提供程序连接. 虽然可以直接使用,但如有更改,恕不另行通知.注意:必须为组启用组 SSO . 有关更多信息,请参见SCIM 设置文档 .
Get a list of SAML users
注意:此端点用作 SCIM 同步机制的一部分,并且它仅基于唯一 ID(应与用户的extern_uid相匹配)返回一个用户.
GET /api/scim/v2/groups/:group_path/Users Parameters:
| Attribute | Type | Required | Description |
|---|---|---|---|
filter |
string | no | A filter expression. |
group_path |
string | yes | 组的完整路径. |
startIndex |
integer | no | 从 1 开始的索引,指示从何处开始返回结果. 小于 1 的值将被解释为 1. |
count |
integer | no | 所需的最大查询结果数. |
注意:分页遵循SCIM 规范,而不是其他地方使用的 GitLab 分页. 如果记录在请求之间更改,则页面可能丢失已移至其他页面的记录,或者重复上一个请求的记录.
请求示例:
curl 'https://example.gitlab.com/api/scim/v2/groups/test_group/Users?filter=id%20eq%20"0b1d561c-21ff-4092-beab-8154b17f82f2"' --header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json" 响应示例:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "itemsPerPage": 20, "startIndex": 1, "Resources": [ { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "0b1d561c-21ff-4092-beab-8154b17f82f2", "active": true, "name.formatted": "Test User", "userName": "username", "meta": { "resourceType":"User" }, "emails": [ { "type": "work", "value": "name@example.com", "primary": true } ] } ] } Get a single SAML user
GET /api/scim/v2/groups/:group_path/Users/:id Parameters:
| Attribute | Type | Required | Description |
|---|---|---|---|
id |
string | yes | 用户的外部 UID. |
group_path |
string | yes | 组的完整路径. |
请求示例:
curl "https://example.gitlab.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" --header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json" 响应示例:
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "0b1d561c-21ff-4092-beab-8154b17f82f2", "active": true, "name.formatted": "Test User", "userName": "username", "meta": { "resourceType":"User" }, "emails": [ { "type": "work", "value": "name@example.com", "primary": true } ] } Create a SAML user
POST /api/scim/v2/groups/:group_path/Users/ Parameters:
| Attribute | Type | Required | Description |
|---|---|---|---|
externalId |
string | yes | 用户的外部 UID. |
userName |
string | yes | 用户的用户名. |
emails |
JSON 字符串 | yes | 工作电子邮件. |
name |
JSON 字符串 | yes | 用户名. |
meta |
string | no | 资源类型( User ). |
请求示例:
curl --verbose --request POST "https://example.gitlab.com/api/scim/v2/groups/test_group/Users" --data '{"externalId":"test_uid","active":null,"userName":"username","emails":[{"primary":true,"type":"work","value":"name@example.com"}],"name":{"formatted":"Test User","familyName":"User","givenName":"Test"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"meta":{"resourceType":"User"}}' --header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json" 响应示例:
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ], "id": "0b1d561c-21ff-4092-beab-8154b17f82f2", "active": true, "name.formatted": "Test User", "userName": "username", "meta": { "resourceType":"User" }, "emails": [ { "type": "work", "value": "name@example.com", "primary": true } ] } 如果成功,则返回201状态代码.
Update a single SAML user
可以更新的字段是:
| SCIM / IdP 字段 | GitLab 领域 |
|---|---|
id/externalId |
extern_uid |
name.formatted |
name |
emails\[type eq "work"\].value |
email |
active |
如果active = false删除身份 |
userName |
username |
PATCH /api/scim/v2/groups/:group_path/Users/:id Parameters:
| Attribute | Type | Required | Description |
|---|---|---|---|
id |
string | yes | 用户的外部 UID. |
group_path |
string | yes | 组的完整路径. |
Operations |
JSON 字符串 | yes | An operations expression. |
请求示例:
curl --verbose --request PATCH "https://example.gitlab.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" --data '{ "Operations": [{"op":"Add","path":"name.formatted","value":"New Name"}] }' --header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json" 如果成功,则返回带有204状态代码的空响应.
Remove a single SAML user
删除用户的 SSO 身份和组成员身份.
DELETE /api/scim/v2/groups/:group_path/Users/:id Parameters:
| Attribute | Type | Required | Description |
|---|---|---|---|
id |
string | yes | 用户的外部 UID. |
group_path |
string | yes | 组的完整路径. |
请求示例:
curl --verbose --request DELETE "https://example.gitlab.com/api/scim/v2/groups/test_group/Users/f0b1d561c-21ff-4092-beab-8154b17f82f2" --header "Authorization: Bearer <your_scim_token>" --header "Content-Type: application/scim+json" 如果成功,则返回带有204状态代码的空响应.
Available filters
它们与RFC7644 过滤部分中指定的表达式匹配.
| Filter | Description |
|---|---|
eq |
该属性与指定值完全匹配. |
Example:
id eq a-b-c-d Available operations
They perform an operation as specified in the RFC7644 update section.
| Operator | Description |
|---|---|
Replace |
该属性的值已更新. |
Add |
该属性具有新值. |
Example:
{ "op": "Add", "path": "name.formatted", "value": "New Name" }