SCIM Integration - Okta callback gets 503 error (Part 2)

I previously created a post with the same problem: SCIM Integration - Okta callback gets 503 error. At that time the problem was with my local application so that it is difficult for Okta team to investigate it. Now I have configured Okta SCIM with an application that is accessible by public. I’d like to continue my question. I’m formatting my question below.

I’m trying to provison SCIM integration with a SAP Commerce (Hybris) application which has an OAuth2 server too.

• I created a OAuth2 client in the SAP Commerce.
• Then in Okta SCIM integration, I filled out all the required information.Clicked on the button “Authenticate with {APPNAME}”.
• A new browser window directed me to the OAuth2 server. After login successfully, the browser window redirects to GET https://system-admin.okta.com/admin/app/cpc/dev-17947277_dcbackofficed2_1/oauth/callback?code=XXXXXX&state=YYYYYY. The response is 302.
• Then then the browser window redirects to https://dev-17947277-admin.okta.com/admin/app/cpc/dev-17947277_dcbackofficed2_1/ZZZZZZ/oauth/callback?code=XXXXXX&state=YYYYYY, here I got the 503 error.

I have read all other posts that described the similar or same problem. It looks like I need someone to read the server log on Okta side? Can someone help me ?

Thank you!

Do you know if the Authorization Server you are using for the OAuth auth was able to return tokens back to Okta? I’m seeing what looks like a 401 error being returned when we attempted to get tokens.

Andrea,
Thank you for your reply. I’m not sure how to find the information you need. I attached a screenshot of the configuration of the OAuth client. Maybe you’re talking about “grant types”.

Is Okta trying to connect directly to the authorizationserver of SAP? I thought it is the browser that is doing all redirects. If you can share the request/response of the 401 error. I can take a look too.

Screenshot 2025-07-29 at 9.07.59 AM4398×1144 216 KB

Okta will still make a server-side call to complete Authorization Code flow and get tokens back from the OAuth server.

Unfortunately, I don’t have more details than that our logs show a 401 error was returned, thats why I was hoping you’d be able to check the OAuth logs to see if there were more details about the cause of that 401 logged.

I can try to search SAP server log. But I’m not an expert in OAuth. If you can give me any clue on what the keywords I can use, it will be great.

The 401 would imply there is some sort of authentication error, so I would look for words like client, credentials, secret, invalid, etc.

Andrea,

Thank you for your answers. I just want to give you an update before close the discussion. The 503 problem has been magically resolved. I don’t know why. Maybe it is a combination of SAML SSO and SCIM. But anyway we have passed the obstacle. Now I have another problem with SCIM webservices implementation of SAP. It is another story now.

Again, thank you!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.