Reputation: 3
Why Azure treating 400 (Bad request) response as SCIM implementation error in provider?
Audit Log:
I have chose to not to DELETE group according to scim specification https://www.rfc-editor.org/rfc/rfc7644#section-3.6
Clients request resource removal via DELETE. Service providers MAY choose not to permanently delete the resource
But then Azure treats it as error, Below is what I see in Audit Log, Did I understood the specification correctly or am I missing something?
Failed to delete Group '' in customappsso; Error: The SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client. Please refer to the Azure Active Directory SCIM provisioning documentation and adapt the SCIM endpoint to be able to process provisioning requests from Azure Active Directory. StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"DELETE group not supported","status":null,"scimType":"mutability"}. This operation was retried 0 times. It will be retried again after this date: 2020-03-16T17:42:08.0940986Z UTC
Upvotes: 0
Views: 2951
Answers (1)
Reputation: 61
The error shouldn't come up if you uncheck delete in the attribute mappings. You're right that the delete endpoint does not need to be implemented.
Upvotes: 0
Related Questions
- Use SCIM API to send data from Azure AD to another endpoint
- Resolving SystemForCrossDomainIdentityManagementBadResponse
- Azure failed request error details
- SCIM endpoint. Error when testing from Azure AD
- Patch request in SCIM with Azure AD
- SCIM endpoint and user provisioning with Azure Active Directory & Symfony
- AzureAD SCIM integration not sending DELETE requests
- provisioning using SCIM
- Azure AD User Provisioning with SCIM 2.0
- SCIM Account provisionning not working with a Non-Gallery application