question

kajann-2506 avatar image
0 Votes"
kajann-2506 asked ZollnerD commented

Error while trying to save User provisiong with SCIM

After inputting the Tenant URL and token, I test the connection which succeeded.
Then when trying to save it gives me this Error:
"We encountered an error while updating provisioning configuration for ..."

There are two activity logs showing up:

one for "Update external secrets"
CORRELATION ID: bb7aac39-c2d8-45a2-b8e6-0d6346bd4d1d

one for "User Provisioning"
CORRELATION ID: a3257057-cf41-4703-af55-b0a05a32b304


ACTIVITY
DATE
1/13/2020, 3:17:24 PM
ACTIVITY TYPE
Update external secrets
CORRELATION ID
bb7aac39-c2d8-45a2-b8e6-0d6346bd4d1d
CATEGORY
ApplicationManagement
STATUS
Failure
STATUS REASON
System.ArgumentException



DATE
1/13/2020, 3:17:24 PM
ACTIVITY TYPE
User Provisioning
CORRELATION ID
a3257057-cf41-4703-af55-b0a05a32b304
CATEGORY
ApplicationManagement
STATUS
Failure
STATUS REASON
Updated credentials for

azure-ad-user-provisioning
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can anyone confirm if the limit of 1KB (1024bytes) has been increased?
To get around this limit in the past we were using a smaller JWT signing key but it seems recently the failure is not happening with our default 2048 byte RSA key.

0 Votes 0 ·
ZollnerD avatar image ZollnerD AntonioGianni-9367 ·

The limit has been increased in most scenarios - there are a few exceptions for specific gallery apps that still use the older/smaller secret storage due to some quality-related reasons. I believe any custom SCIM apps and 99% of gallery SCIM apps should have the new higher capacity limit, however.

1 Vote 1 ·
kajann-2506 avatar image
2 Votes"
kajann-2506 answered

Found what was wrong.
The configuration data stored has a limit of 1KB (1024bytes). And the OAuth token I was using was larger than that.

Reduce the amount of configuration data stored - All data entered in the Admin credentials section of the provisioning tab is stored in the same place as the SAML certificate. While it may not be possible to reduce the length of all of this data, some optional configuration fields like the Notification Email can be removed.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Is this for a G-suite app? If so, this might be a known issue. If you send me an email at AzCommunity@microsoft.com I can open a support case for you to get this resolved.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

martiveen avatar image
0 Votes"
martiveen answered

Dude you are a lifesaver! This was the fix

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.