PingAuthorize

Disabling the SCIM REST API

Disable the System for Cross-domain Identity Management (SCIM) REST API.

About this task

If you have no need to expose data through the SCIM REST API, disable it by removing the SCIM2 HTTP servlet extension from the HTTPS connection handler, or from any other HTTP connection handler, and restart the handler.

Steps

  • Use the following command to remove the extension from the HTTP connection handler and restart it:

    dsconfig set-connection-handler-prop \
      --handler-name "HTTPS Connection Handler" \
      --remove http-servlet-extension:SCIM2 \
      --set enabled:false
    dsconfig set-connection-handler-prop \
      --handler-name "HTTPS Connection Handler" \
      --set enabled:true

    When the SCIM REST API is disabled, access token validators still use PingAuthorize Server’s SCIM system to look up token owners.