Troubleshooting the SCIM 2.0 servlet Extension
To troubleshoot the SCIM 2.0 servlet extension, you must enable the Debug Trace Logger.
About this task
For security reasons, error messages specifically regarding LDAP systems are suppressed and do not appear in the HTTP responses from the server. Instead, you will see something like the following.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "400",
"detail": "Request failed: correlationID='073eb1a8-8c51-48b3-83a0-380e1d4b4ab9'"
}
Steps
-
To view these messages, enable the Debug Trace Logger through the administrative console or with the following
dsconfig
command.Example:
dsconfig set-log-publisher-prop --publisher-name "Debug Trace Logger" \ --set enabled:true --add scim-message-type:error
Result:
After you enable the Debug Trace Logger, the server begins logging information related to SCIM operations to the
/logs/debug-trace
file, as in the following example.[09/Jun/2020:05:23:10.992 -0500] HTTP REQUEST requestID=3 correlationID="073eb1a8-8c51-48b3-83a0-380e1d4b4ab9" product="Ping Identity Directory Server" instanceName="example" startupID="Xt9fJg==" threadID=173 from=[0:0:0:0:0:0:0:1]:53978 method=POST url="https://0:0:0:0:0:0:0:1:9443/scim/v2/Users"
The presence of
correlationID
in these messages allows for matching the ID in the HTTP responses to the messages in thedebug-trace
log so that the appropriate LDAP error message can be determined.