Troubleshoot the SCIM 2.0 servlet extension
For security reasons, error messages specifically regarding LDAP systems are suppressed and do not appear in the HTTP responses from the server. Instead, you will see something similar to the following:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "400",
"detail": "Request failed: correlationID='073eb1a8-8c51-48b3-83a0-380e1d4b4ab9'"
}
To view these messages, the Debug Trace Logger needs to be enabled. You can do this through the Administrative Console or with the following dsconfig
command:
dsconfig set-log-publisher-prop --publisher-name "Debug Trace Logger" \ --set enabled:true --add scim-message-type:error
After the Debug Trace Logger is enabled, the server will begin logging information related to SCIM operations to the file /logs/debug-trace , which will look somewhat like the following:
[09/Jun/2020:05:23:10.992 -0500] HTTP REQUEST requestID=3 correlationID="073eb1a8-8c51-48b3-83a0-380e1d4b4ab9" product="Ping Identity Directory Server" instanceName="example" startupID="Xt9fJg==" threadID=173 from=[0:0:0:0:0:0:0:1]:53978 method=POST url="https://0:0:0:0:0:0:0:1:9443/scim/v2/Users"
Note the presence of correlationID in these messages. By matching the id in the HTTP responses to the messages in the debug-trace log, the appropriate LDAP error message can be determined.