Add SCIM support as service provider

As already mentioned here I think it would be a nice feature if Discourse would support the SCIM protocol. SCIM is a standard proposed by the IETF through RFC7644 and RFC7643 which aims to provide solution for user/group management through a simple Rest API. Our use case would be to manage user identities and group memberships via a separate service that acts as a SCIM client, Keycloak in our case. Discourse would act as a SCIM service provider. In addition to any existing SSO and centralized account creation that would have the following advantages:

  • assign users to groups;
  • change user information immediately in several apps;
  • delete the user when they are removed from the SSO;
  • get the list of users or groups in a standard way;
  • ...

We received some funding from NGI via NLNet for SCIM implementations, you can read the proposal and about related work in our forum here. I would try to implement a first solution in a Discourse plugin for now, but it would be nice to integrate this into Discourse core at some point. Let me know about any thoughts and opinions!



Discuss this on our forum.