[EC-261] SCIM (#2105)

* scim project stub * some scim models and v2 controllers * implement some v2 scim endpoints * fix spacing * api key auth * EC-261 - SCIM Org API Key and connection type config * EC-261 - Fix lint errors/formatting * updates for okta implementation testing * fix var ref * updates from testing with Okta * implement scim context via provider parsing * support single and list of ids for add/remove groups * log ops not handled * touch up scim context * group list filtering * EC-261 - Additional SCIM provider types * EC-265 - UseScim flag and license update * EC-265 - SCIM provider type of default (0) * EC-265 - Add Scim URL and update connection validation * EC-265 - Model validation and cleanup for SCIM keys * implement scim org connection * EC-265 - Ensure ServiceUrl is not persisted to DB * EC-265 - Exclude provider type from DB if not configured * EC-261 - EF Migrations for SCIM * add docker builds for scim * EC-261 - Fix failing permissions tests * EC-261 - Fix unit tests and pgsql migrations * Formatting fixes from linter * EC-265 - Remove service URL from scim config * EC-265 - Fix unit tests, removed wayward validation * EC-265 - Require self-hosted for billing sync org conn * EC-265 - Fix formatting issues - whitespace * EC-261 - PR feedback and cleanup * scim constants rename * no scim settings right now * update project name * delete package lock * update appsettings configs for scim * use default scim provider for context Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
2025-06-30 15:42:48 -05:00 · 2022-07-14 15:58:48 -04:00
parent c5852db6ed
commit 19b8d8281a
117 changed files with 8553 additions and 169 deletions
--- a/util/Setup/Configuration.cs
+++ b/util/Setup/Configuration.cs
@ -103,6 +103,9 @@ namespace Bit.Setup
        [Description("Enable Key Connector (https://bitwarden.com/help/article/deploy-key-connector)")]
        public bool EnableKeyConnector { get; set; } = false;

+        [Description("Enable SCIM")]
+        public bool EnableScim { get; set; } = false;
+
        [YamlIgnore]
        public string Domain
        {
--- a/util/Setup/DockerComposeBuilder.cs
+++ b/util/Setup/DockerComposeBuilder.cs
@ -48,6 +48,7 @@
                }
                MssqlDataDockerVolume = context.Config.DatabaseDockerVolume;
                EnableKeyConnector = context.Config.EnableKeyConnector;
+                EnableScim = context.Config.EnableScim;
                HttpPort = context.Config.HttpPort;
                HttpsPort = context.Config.HttpsPort;
                if (!string.IsNullOrWhiteSpace(context.CoreVersion))
@ -67,6 +68,7 @@
            public string ComposeVersion { get; set; } = "3";
            public bool MssqlDataDockerVolume { get; set; }
            public bool EnableKeyConnector { get; set; }
+            public bool EnableScim { get; set; }
            public string HttpPort { get; set; }
            public string HttpsPort { get; set; }
            public bool HasPort => !string.IsNullOrWhiteSpace(HttpPort) || !string.IsNullOrWhiteSpace(HttpsPort);
--- a/util/Setup/NginxConfigBuilder.cs
+++ b/util/Setup/NginxConfigBuilder.cs
@ -68,6 +68,7 @@
                Captcha = context.Config.Captcha;
                Ssl = context.Config.Ssl;
                EnableKeyConnector = context.Config.EnableKeyConnector;
+                EnableScim = context.Config.EnableScim;
                Domain = context.Config.Domain;
                Url = context.Config.Url;
                RealIps = context.Config.RealIps;
@ -116,6 +117,7 @@
            public bool Captcha { get; set; }
            public bool Ssl { get; set; }
            public bool EnableKeyConnector { get; set; }
+            public bool EnableScim { get; set; }
            public string Domain { get; set; }
            public string Url { get; set; }
            public string CertificatePath { get; set; }
--- a/util/Setup/Templates/DockerCompose.hbs
+++ b/util/Setup/Templates/DockerCompose.hbs
@ -211,6 +211,23 @@ services:
      - default
      - public
 {{/if}}
+{{#if EnableScim}}
+
+  scim:
+    image: bitwarden/scim:{{{CoreVersion}}}
+    container_name: bitwarden-scim
+    restart: always
+    volumes:
+      - ../ca-certificates:/etc/bitwarden/ca-certificates
+      - ../logs/api:/etc/bitwarden/logs
+    env_file:
+      - global.env
+      - ../env/uid.env
+      - ../env/global.override.env
+    networks:
+      - default
+      - public
+{{/if}}
 {{#if MssqlDataDockerVolume}}

 volumes:
--- a/util/Setup/Templates/NginxConfig.hbs
+++ b/util/Setup/Templates/NginxConfig.hbs
@ -104,7 +104,7 @@ server {
  location = /captcha-connector.html {
    proxy_pass http://web:5000/captcha-connector.html;
  }
-  
+
  location = /captcha-mobile-connector.html {
    proxy_pass http://web:5000/captcha-mobile-connector.html;
  }
@ -168,4 +168,10 @@ server {
    proxy_pass http://key-connector:5000/;
  }
 {{/if}}
+{{#if EnableScim}}
+
+  location /scim/ {
+    proxy_pass http://scim:5000/;
+  }
+{{/if}}
 }