Question

Error in SCIM configurations to manage the user creation in IFS Cloud

  • 28 July 2023
  • 9 replies
  • 383 views
N
Rank
Userlevel 7
Badge +13

Hi,

I’m creating this case on behalf of customer who are currently in App9 and planning to go-live with IFSCloud. Customer done SCIM configuration based on the technical document shared and they stuck in Attribute mapping and issue noted below. Is it possible to guide customer to resolve this error. 

It’s a bit confusing that in your guide you are giving mappings without a column “Azure AD” so there is no option to check if from Azure side mapping is correct.

So, I’ve added only one user ******* to the application to make provision on demand to check it.
As for me it looks that mapping is correct, but we are getting an error

Failed to update User '*******' in customappsso

Error code
SystemForCrossDomainIdentityManagementServiceIncompatible
Error message
StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"scimType":"noTarget","detail":"No matching filter value found.","status":"400"}
 

Best Regards

Narmada

9 replies

S
Rank
Userlevel 5
Badge +10

Hi, May I know the version please?

/Subhashini  

N
Rank
Userlevel 7
Badge +13

Hi @subslk,

22.2.7 

BR/Narmada

D
Rank
Userlevel 2
Badge +7

Hi @subslk @Narmada 

same error, on 23R1, any solution that worked?

Thanks

Dominik

L
Rank
Badge +1

We got the same error when trying to install a clean Cloud environment by migrating users from an App10 environment. The cause for us was that we did not migrate addresses; so after migrating addresses we got rid of the error message. (that is, it seems that if you SCIM-provision a user that exists, it have to have an address registered.

 

ps.

we had 2 addresses registered for our users, so after 1 successful SCIM-provisioning, a new error appeared: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"null","status":"500"}.

After deleting all addresses except 1 we can continuously provision a user.

 

ps2.

Even with the workaround; we noticed that registered email-addresses and phone-numbers are disconnected from the addresses they were originally connected to. eg instead of having different email-addresses connected to different addresses; after running SCIM-provisioning all comm-methods no long are connected to an address-id.

 

D
Rank
Userlevel 2
Badge +7

@linkri thank you for trying.

I have an open case CS0182667 where IFS confirmed a bug. waiting for an update

K
Rank
Userlevel 5
Badge +15

Hi @dominikdurrer 

 

Have You received any valuable output on You ticket? I am asking because we have customer on 23R2 release and SCIM configuration(Azure AD). The behaviour is very upredictible. One time user identity is ADAM967 next time ADAKAM for Adam Kaminsky. Once phone number is synchronized on the other time not. Azure privisioning logs show many errors event if we using only supported SCIM attributes follow the documentation

Index - Technical Documentation For IFS Cloud

When user is removed from AD group then on IFS side sometimes is not removed, etc. Last one problem is most important because we manage permissions through the user groups.

I spent many hours but still do not understand it and predict behaviour. Is seems that provisioning on demand is a bit different than automatic provisioning.

I need any kind of help to be closer with understanding this. 

Piotr --> https://www.linkedin.com/in/piotr-skowronek-8425aa6/
D
Rank
Userlevel 2
Badge +7

Hi @knepiosko 

Planned versions of fixing this issue according to IFS support for my case CS0182667 is:
22.1.23 - 22R1 SU23
22.2.16 - 22R2 SU16
23.1.9 - 23R1 SU9
23.2.2 - 23R2 SU2
24.1E.0 - 24R1 EA

I have not managed a single user to sync. We sync address type ‘WORK’ as well as use field Initials containing the person ID to match the cycle from IFS employee file to AD → AAD → back to IFS. User Identity appears to be correct, we use firstname.lastname

I have not even yet tried with the AAD groups, but its also important for us that they manage the permission sets.

D
Rank
Userlevel 2
Badge +7

Dear all

23R2 SU02 applied but still same error. Ticket reopened. Anybody successfully implented SCIM from an existing Apps10 DB?

Thanks

Dominik

D
Rank
Userlevel 2
Badge +7

Dear all

I finally managed by deleting all default attribute mappings and sticking to just the bare minimum described here:

Index - Technical Documentation For IFS Cloud

will gradually try to increase the amount of information, especially address and communication methods.

Thanks

Dominik

Reply


Terms & ConditionsCookie settings