Lookthrough limit for SCIM searches - PingAuthorize

Page created: 17 Feb 2022 |

Page updated: 29 Jul 2022

| 1 min read

Product PingAuthorize 9.1 Content Type Product documentation Administration User task

Because a policy evaluates every System for Cross-domain Identity Management (SCIM) resource in a search result, some searches might exhaust server resources. To avoid this scenario, cap the total number of resources that a search matches.

The configuration for each SCIM resource type contains a lookthrough-limit property that defines this limit, with a default value of 500. If a search request exceeds the lookthrough limit, the client receives a 400 response with an error message that resembles the following example.

{
  "detail": "The search request matched too many results",
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "scimType": "tooMany",
  "status": "400"
}

To avoid this error, you have these options:

The client must refine its search filter to return fewer matches.
Configure paged searches as explained in Using paged SCIM searches.