[MSDN Redirect] Getting 400 Bad Request while trying to establish a SCIM Test connection from Azure AD

Samara Soucy - MSFT 21 Reputation points
2020-02-20T15:26:42.86+00:00

I am trying to configure SCIM based provisioning to a non-gallery app in Azure AD. The target application is a home-grown SCIM server implementing SCIM V2.0. I can very well establish SCIM connection to my app from other IDM products like OneLogin for an instance. But when I am trying to do the same from AAD, its giving me 400 bad request error. I can see that the request does not even reach the SCIM server.
the server expects Authorization Bearer in the SCIM payload. So i am providing following values in provisioning configs of my non-gallery enterprise application

Admin Credentials ->

Tenant URL: https://<Public IP of my system>:9443/scim/v2

Secret Token: Authorization bearer token generated at my SCIM server side.

Its been a while I am struggling with this one and any pointers would really expedite the things.

==>

Update: Added 400 bad request error message details below- 

{
  "error": {
    "code": "InvalidCredentials",
    "message": "You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account.",
    "innerError": {
      "code": "SystemForCrossDomainIdentityManagementCredentialValidationUnavailable",
      "details": [],
      "message": "Message: We received this unexpected response from your System for Cross Domain Identity Management service: \r\n\r\nMessage: Message: An error occurred while sending the request.\r\nWeb Response: \r\n\r\nWeb Response: \r\n\r\n\r\nPlease check the service and try again.  \r\nWeb Response: \r\n",
      "target": null,
      "innerError": {
        "code": "SystemForCrossDomainIdentityManagementCredentialValidationUnavailable",
        "details": [],
        "message": "Message:Message: We received this unexpected response from your System for Cross Domain Identity Management service: \r\n\r\nMessage: Message: An error occurred while sending the request.\r\nWeb Response: \r\n\r\nWeb Response: \r\n\r\n\r\nPlease check the service and try again.  \r\nWeb Response: \r\n",
        "target": null
      },
      "request-id": "fcbb63db-b39f-4887-8002-edeef94ef3f7",
      "date": "2020-02-20T10:45:42"
    }
  }
}

Source: https://social.msdn.microsoft.com/Forums/en-US/aff2a8b8-176f-4343-9353-005d18a820b1/getting-400-bad-request-while-trying-to-establish-a-scim-test-connection-from-azure-ad?forum=azureappconfiguration

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 34,306 Reputation points Microsoft Employee
    2020-03-02T22:34:55.157+00:00

    A couple of things to try:

    1. In the Admin Username field, try entering the username in the domain\user format instead of user if you're not doing this already. The account should have all necessary tenant and API permissions.
    2. Try enabling Application Insights and check the trace logs. https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview

    It would be helpful if you could also share screenshots of what you see when you do this from AAD.

    0 comments