• Replies 10 replies
  • Subscribers 96 subscribers
  • Views 1270 views
  • Users 0 members are here
Options
Related

Identity Manager 9.2 and SCIM-connector

henrik a johansson
8 months ago

Hi guys!

Just a headsup, but I think the SCIM-connector in 9.2 is broken.

After upgrading, three DPR_Shell_Migrate-processes got frozen (we have three SCIM target systems). When I tried to open the connectors in the sync editor and pasting the Base64-secret it took a while and then it timed out. The only way to get it to connect was to edit the connection and entering client id and client secret (non-Base64), but the edits weren't saved so after I closed the editor and opened it again and tried to go into the SCIM-synk, it asked me for the Base64-secret and it just timed out after that.

/Henrik

Ping  

Parents
  • 8 months ago

    What are the error messages from the frozen jobs? 

  • 8 months ago in reply to Markus Weiss-Ehlers

    [1777292] Error connecting system (SCIM)!
    [1777223] DistributionConnector: Error connecting the system.
    Could not establish a connection to SCIM provider.

    And from the target system:
    The remote server returned an error: (400) Bad Request."
    Method:"Authenticate" Number:"2550120" Message:"Error returned: {"error":"invalid_client"}"

  • 8 months ago in reply to henrik a johansson

    Hi Henrik,

    The client ID is not correct.
    Your original description is the shell migration did not run.
    2 possibilities:
    1.) the SCIM - Connectionstring has not been converted (depending on where you have migrated from)
    2.) the Shell - Migration wanted to apply a patch and the SCIM connect did not work.

    In any case something is missing. SCIM connector is sending the client ID now not only in the header as a base64 encoded string but also in plain text in the body of the authentication request.

    The client should just run the connection wizard completely and enter client ID and client secret in the fields provided, the wizard will then make the Base64 encoded string itself. It is important that both the Base64 encoded string and the two components client secret / client ID are stored in plain text. The wizard is also able to extract the parts from the pre-encoded Base64 string, you will see them in the corresponding fields. As long as this is not the case, something is missing.

    Regards,

       Tino

  • 8 months ago in reply to tlindner

    Like I said in my post, the only way to make a successful connection is to enter client_secret and client_id. Then I can browser the target system, but if I close the project and open it up again I can only enter client_secret in base64 and then it times out. If I then edit the connection only client_secret (base64) has any value. client_secret is blank.

    Hope that helps..

Reply
  • 8 months ago in reply to tlindner

    Like I said in my post, the only way to make a successful connection is to enter client_secret and client_id. Then I can browser the target system, but if I close the project and open it up again I can only enter client_secret in base64 and then it times out. If I then edit the connection only client_secret (base64) has any value. client_secret is blank.

    Hope that helps..

Children
No Data