{"id":420,"date":"2019-06-11T22:28:04","date_gmt":"2019-06-11T22:28:04","guid":{"rendered":"https:\/\/mybloguat.n-dol.org\/?p=401"},"modified":"2022-06-07T22:26:13","modified_gmt":"2022-06-07T22:26:13","slug":"install-workspace-one-uem-scim-adapter-on-photon-os","status":"publish","type":"post","link":"https:\/\/blog.n-dol.org\/2019\/06\/11\/install-workspace-one-uem-scim-adapter-on-photon-os\/","title":{"rendered":"Install Workspace ONE UEM SCIM Adapter on Photon OS"},"content":{"rendered":"\n

Joe Rainone<\/strong><\/a> & Matt Williams<\/strong><\/a> have created an awesome piece of work called Workspace ONE SCIM Adapter<\/a><\/strong>, it has been released as a fling, read more about here: https:\/\/blog.virtualprivateer.com\/2019\/06\/08\/ws1-uem-scim-adapter\/<\/a>
In a nutshell, it provides capability to do SCIM provisioning into Workspace ONE UEM.
This blog post is about installing this component on VMware Photon OS, it is meant to be educational so no script here :).<\/p>\n\n\n\n\n\n\n\n

What is Photon OS<\/h2>\n\n\n\n

If you missed the news, VMware photon OS is a lightweight container ready Linux distribution. Created by VMware, in 2015, it help having a quick Linux base for deploying container anywhere. For example, vCenter appliance 6.5+ run on Photon OS.
More info: https:\/\/vmware.github.io\/photon\/<\/a><\/p>\n\n\n\n

How to deploy Photon OS<\/h2>\n\n\n\n

Photon OS can be deployed on multiple type of layer, Azure, Amazon, vSphere, Google Cloud, you name it (yes, Raspberry is in the list).
This blog post assume that you already have deployed Photon OS, meaning network is up, you have either root or sudo permission and you can either type command in the console or SSH to it.
You can follow the documentation from here : https:\/\/vmware.github.io\/photon\/assets\/files\/html\/3.0\/photon_installation\/<\/a><\/p>\n\n\n\n

Preparation for the installation<\/h2>\n\n\n\n

Workspace ONE UEM SCIM Adapter have some prerequisites, detailed here :
https:\/\/labs.vmware.com\/flings\/workspace-one-uem-scim-adapter#requirements<\/a><\/p>\n\n\n\n

Software Installation<\/h3>\n\n\n\n

The adapter requires NodeJS to run. To install it, run<\/p>\n\n\n\n

tdnf install nodejs<\/code><\/pre>\n\n\n\n
The adapter is packed as a tar.gz<\/code> archive. Photon don’t include tar<\/code> by default, so you need to install it.<\/p>\n\n\n\n
tdnf install tar<\/code><\/pre>\n\n\n\n
Network<\/h3>\n\n\n\n
Photon OS use iptables<\/code> and block any port from the outside.
 The adapter can run on any port<\/strong>, the default port is 9000<\/strong>. <\/p>\n\n\n\n
Open Port<\/h4>\n\n\n\n
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT<\/code><\/pre>\n\n\n\n
Save IPtables configuration<\/h4>\n\n\n\n
This will save the configuration for IPv4<\/p>\n\n\n\n
iptables-save > \/etc\/systemd\/scripts\/ip4save<\/code><\/pre>\n\n\n\n
 This will save the configuration for IPv6<\/p>\n\n\n\n
iptables-save > \/etc\/systemd\/scripts\/ip6save<\/code><\/pre>\n\n\n\n
If you want to enable the port on both IPv4 and IPv6, you need to execute both commands.<\/p>\n\n\n\n
Service Account<\/h3>\n\n\n\n
We are going to run the adapter with a service account, to create it:<\/p>\n\n\n\n
useradd --system --no-create-home --shell \/bin\/bash --user-group ws1scimadapter<\/code><\/pre>\n\n\n\n
Folder<\/h3>\n\n\n\n
Create the directory, which will contain the SCIM adapter. In this blog, I’m going to use \/opt\/ws1scim<\/code> but you can use anything else.<\/p>\n\n\n\n
mkdir --parents --mode=755 \/opt\/ws1scim<\/code><\/pre>\n\n\n\n
We now need to change \/opt permission to allow other user to read and execute, mkdir<\/code> only add 755 from the above command on the final directory.<\/p>\n\n\n\n
chmod 755 \/opt<\/code><\/pre>\n\n\n\n
As we are using a service account, the log folder need to be created and owner changed as the service account can’t write in the \/var\/log<\/code> folder<\/p>\n\n\n\n
mkdir --mode=755 \/var\/log\/ws1scim\/\nchown ws1scimadapter:ws1scimadapter \/var\/log\/ws1scim\/<\/code><\/pre>\n\n\n\n
Upload<\/h3>\n\n\n\n
You will need to upload the archive onto the server. My favorite way is curl<\/code> from a web server as curl<\/code> is by default on Photon OS and don’t require any SSH\/SFTP.<\/p>\n\n\n\n
curl http:\/\/mywebserver.domain.tld\/files\/WS1SCIMAdapter\/ws1_uem_scim_adapter.tar.gz -o \/root\/ws1_uem_scim_adapter.tar.gz<\/code><\/pre>\n\n\n\n
Adapter Installation<\/h2>\n\n\n\n
The installation is straight forward. Extract the archive content in the folder previously created.
Change archivelocation<\/code> and installationfolder<\/code> accordingly.<\/p>\n\n\n\n
tar -xzvf <archivelocation>\/ws1_uem_scim_adapter.tar.gz -C <installationfolder><\/code><\/pre>\n\n\n\n
Example:<\/p>\n\n\n\n
tar -xzvf \/root\/ws1_uem_scim_adapter.tar.gz -C \/opt\/ws1scim<\/code><\/pre>\n\n\n\n
Adapter Configuration<\/h2>\n\n\n\n
Now the adapter have been installed, we need to configure it.
Edit the file plugin-airwatch.json<\/code> in installationfolder<\/code><\/p>\n\n\n\n
vi \/opt\/ws1scim\/config\/plugin-airwatch.json<\/code><\/pre>\n\n\n\n
Change:<\/p>\n\n\n\n