The following table maps what each data source support
* Scim 1.1 and 2.0 support devices if they are stored on the User Account object. The Devices is not used.
Dynamic Clients refer to Dynamic Client Registration,
while Database Clients refer to Database Client Management.
Data Sources are general facilities that are referenced throughout the system. A good configuration pattern is to name the Data Source based on usage rather than type. For systems with many different data source this helps when migrating between environments. The only update needed to the data-source configuration during migration is in the facilities section with url, and credentials for the backend.
Good naming examples:
Bad naming examples:
When naming the data source after environment, then all references in the configuration needs to be updated which is a more cumbersome migration.
The Data Sources are used differently depending on what purpuse Curity is used with. Common patterns are described below.
The authentication service uses the data source for session tracking and for user data retrieval and updates.
Session data is heavy on both read and write. It is a single table with simple data.
Depending on datasource type the Account Management and Credential Management features can differ. This section creates an overview of the supported features.
* Resolve links in Scim 2.0 works if the SCIM backend supports filter queries on the externalIds attribute. This is a non-standard element.
The ‘Resolve Links’ operation does a lookup on the linked account to find the original account. This is not available in some backends due to how the
account is structured in the data source.
The token service issues new tokens and introspects tokens. This means a mix of reads and writes, but commonly heavy on the writes.
User management is a different service in that it is normally not used in the regular flows. It provides user information
to systems needing it on demand. Therefore, it cannot be said in general what database load the User Management service produces.
The user management service acts as a SCIM proxy on top of an existing data source. If the underlying data-source is not
optimized for the queries that the SCIM service recieves, the system may perform poorly. Therefore, always analyze the
requests coming in to the SCIM server and make sure the underlying data is indexed properly.
SCIM provides a powerful filter query language. Curity support a large number of these queries. If queries are made against un-indexed elements in the data source frequenly it is strongly recommended to index that element. Consult your data base documentation for more details.
Ephemeral data which has a very short life, such as Sessions and Nonces, can be stored via the Caching Service.
Currently, any data source that supports both Sessions and Nonces can be used as a Caching Service.