Ad Widget

Collapse

SCIM API error

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • MrStaubsauger
    Junior Member
    • Oct 2023
    • 3
    #1

    SCIM API error

    Hello,
    i am trying to provision identities through azure ad.
    I generated an API Token and tried to connect to zabbix, but it cant process the request (i guess):


    Error code: SystemForCrossDomainIdentityManagementCredentialVa lidationUnavailable

    Details: We received this unexpected response from your application: Received response from Web resource. Resource: https://zabbix.123.de/api_scim.php/Users?filter=userName+eq+1234-c85d-4ec9-818b-247e619a4323" Operation: GET Response Status Code: BadRequest Response Headers: Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 Strict-Transport-Security: max-age=63072000 Date: Sun, 29 Oct 2023 15:21:46 GMT Server: nginx X-Powered-By: PHP/8.0.27 Response Content: {"schemas":["urn:ietfarams:scim:api:messages:2.0:Error"],"detail":"This filter is not supported","status":400}

    I cant find any solution, pls help
    Tags: None
    • Jason
      Senior Member
      • Nov 2007
      • 430
      #2
      Are you trying to use an Application proxy as part of the Azure AD Enterprise app? If so then it seems as though the SCIM provisioning doesn't work as you end up with the Azure AD login page and the server never sees the call. I've spent a while trying to work around this too.

        Comment

        • MrStaubsauger
          Junior Member
          • Oct 2023
          • 3
          #3
          No, i havent configured any Application for the Enterprise App Zabbix.
          If i interpret the error correctly, it is getting an answer: This filter is not supported","status":400
          (?)
          I tried a little bit with the connection to zabbix, and everytime i change the tenant url, it responds with http error 404, unless i specify the url to api_scim.php.
          So i would guess it reaches zabbix, but zabbix responds with the error.
          Another approach was to change the token. It doesn't matter what token string i use, everytime i get the 400 error. If i cut some parts away, same error.
          So my best guess at this point is, it reaches zabbix but some config / validation or similar doesn't work.

            Comment

            • Jason
              Senior Member
              • Nov 2007
              • 430
              #4
              Have you got the claims set up right in Azure AD? In particular have you got the groups bit set right (group claim added and the name matching what is expected in zabbix) and the mapping between AD groups and zabbix roles added in the interface?

                Comment

                • MrStaubsauger
                  Junior Member
                  • Oct 2023
                  • 3
                  #5
                  Yes, the mapping is correct, as for example JIT is working and users can log in with SSO and accounts are created and given permission according to the mapping. For example i have a zabbix (a)ad group which is mapped to the zabbix administrator group, whoch works just fine.
                  Only when i try to connect via the token and the api_scim it doesn't work.

                    Comment

                    • owanvik
                      Junior Member
                      • Oct 2018
                      • 2
                      #6
                      Experiencing the same issue as well with a fresh Zabbix Appliance in Azure

                        Comment

                        • llevi
                          Junior Member
                          • May 2024
                          • 1
                          #7
                          I have the same issue with scim.
                          If I call the https://<instance>/monitor/api_scim.php/Users

                          I got this response:
                          Code:
                          {
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "detail": "The requested endpoint is not supported.",
    "status": 500
}
                          And if I use the Azure AD with the filters, the result is the same: 400 / This filter is not supported

                            Comment

                            Previous template Next
                            Working...