PingDirectory

Troubleshooting the SCIM 2.0 servlet Extension

To troubleshoot the SCIM 2.0 servlet extension, you must enable the Debug Trace Logger.

About this task

For security reasons, error messages specifically regarding LDAP systems are suppressed and do not appear in the HTTP responses from the server. Instead, you will see something like the following.

{
	"schemas": [
	"urn:ietf:params:scim:api:messages:2.0:Error"
	],
	"status": "400",
	"detail": "Request failed: correlationID='073eb1a8-8c51-48b3-83a0-380e1d4b4ab9'"
}

Steps

  • To view these messages, enable the Debug Trace Logger through the administrative console or with the following dsconfig command.

    Example:

    dsconfig set-log-publisher-prop --publisher-name "Debug Trace Logger" \
    			--set enabled:true --add scim-message-type:error

    Result:

    After you enable the Debug Trace Logger, the server begins logging information related to SCIM operations to the /logs/debug-trace file, as in the following example.

    [09/Jun/2020:05:23:10.992 -0500] HTTP REQUEST requestID=3
    correlationID="073eb1a8-8c51-48b3-83a0-380e1d4b4ab9" product="Ping Identity
    Directory Server" instanceName="example" startupID="Xt9fJg==" threadID=173
    from=[0:0:0:0:0:0:0:1]:53978 method=POST
    url="https://0:0:0:0:0:0:0:1:9443/scim/v2/Users"

    The presence of correlationID in these messages allows for matching the ID in the HTTP responses to the messages in the debug-trace log so that the appropriate LDAP error message can be determined.