question

SamaraSoucyMSFT avatar image
0 Votes"
SamaraSoucyMSFT asked ·

[MSDN Redirect] Getting 400 Bad Request while trying to establish a SCIM Test connection from Azure AD

I am trying to configure SCIM based provisioning to a non-gallery app in Azure AD. The target application is a home-grown SCIM server implementing SCIM V2.0. I can very well establish SCIM connection to my app from other IDM products like OneLogin for an instance. But when I am trying to do the same from AAD, its giving me 400 bad request error. I can see that the request does not even reach the SCIM server.
the server expects Authorization Bearer in the SCIM payload. So i am providing following values in provisioning configs of my non-gallery enterprise application

Admin Credentials ->

Tenant URL: https://<Public IP of my system>:9443/scim/v2

Secret Token: Authorization bearer token generated at my SCIM server side.

Its been a while I am struggling with this one and any pointers would really expedite the things.

==>

Update: Added 400 bad request error message details below-

 {
   "error": {
     "code": "InvalidCredentials",
     "message": "You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account.",
     "innerError": {
       "code": "SystemForCrossDomainIdentityManagementCredentialValidationUnavailable",
       "details": [],
       "message": "Message: We received this unexpected response from your System for Cross Domain Identity Management service: \r\n\r\nMessage: Message: An error occurred while sending the request.\r\nWeb Response: \r\n\r\nWeb Response: \r\n\r\n\r\nPlease check the service and try again.  \r\nWeb Response: \r\n",
       "target": null,
       "innerError": {
         "code": "SystemForCrossDomainIdentityManagementCredentialValidationUnavailable",
         "details": [],
         "message": "Message:Message: We received this unexpected response from your System for Cross Domain Identity Management service: \r\n\r\nMessage: Message: An error occurred while sending the request.\r\nWeb Response: \r\n\r\nWeb Response: \r\n\r\n\r\nPlease check the service and try again.  \r\nWeb Response: \r\n",
         "target": null
       },
       "request-id": "fcbb63db-b39f-4887-8002-edeef94ef3f7",
       "date": "2020-02-20T10:45:42"
     }
   }
 }

Source: https://social.msdn.microsoft.com/Forums/en-US/aff2a8b8-176f-4343-9353-005d18a820b1/getting-400-bad-request-while-trying-to-establish-a-scim-test-connection-from-azure-ad?forum=azureappconfiguration

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

A couple of things to try:

  1. In the Admin Username field, try entering the username in the domain\user format instead of user if you're not doing this already. The account should have all necessary tenant and API permissions.

  2. Try enabling Application Insights and check the trace logs. https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview

It would be helpful if you could also share screenshots of what you see when you do this from AAD.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.