To troubleshoot the SCIM 2.0 servlet extension, you must enable the Debug Trace Logger.
For security reasons, error messages specifically regarding LDAP systems are suppressed and do not appear in the HTTP responses from the server. Instead, you will see something like the following.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "400",
"detail": "Request failed: correlationID='073eb1a8-8c51-48b3-83a0-380e1d4b4ab9'"
}
To view these messages, enable the Debug Trace Logger through the
administrative console or with the following dsconfig
command.
dsconfig set-log-publisher-prop --publisher-name "Debug Trace Logger" \
--set enabled:true --add scim-message-type:errorAfter you enable the Debug Trace Logger, the server begins logging information related to SCIM operations to the /logs/debug-trace file, as in the following example.
[09/Jun/2020:05:23:10.992 -0500] HTTP REQUEST requestID=3
correlationID="073eb1a8-8c51-48b3-83a0-380e1d4b4ab9" product="Ping Identity
Directory Server" instanceName="example" startupID="Xt9fJg==" threadID=173
from=[0:0:0:0:0:0:0:1]:53978 method=POST
url="https://0:0:0:0:0:0:0:1:9443/scim/v2/Users"Note:
The presence of correlationID in these messages allows
for matching the ID in the HTTP responses to the messages in the
debug-trace log so that the appropriate LDAP error
message can be determined.