Hi everyone,
I’m currently trying to debug an issue that occurs for one of our customers who’s using our SCIM Integration with Okta.
Basically, they created a custom SCIM Integration via the AIW, and they set the right settings so that it correctly points to our SCIM endpoints running in our cloud. This part works fine.
However, under obscure circumstances, Okta sends this sequence of requests to our SCIM endpoints:
(the following requests occur approximately within the same 3 seconds…)
-
GET /scim/Users?filter=userName eq “john.f.smith@acme.com”&startIndex=1&count=100 <<< returns 1 result
-
GET /scim/Users/{id}
-
PUT /scim/Users/{id} with payload {‘active’: True, …}
-
GET /scim/Users/{id}
-
PUT /scim/Users/{id} with payload {‘active’: True, …}.
(and 2 minutes later, the following requests are sent within the same second…)
-
GET /scim/Users/{id}
-
PUT /scim/Users/{id} with payload {‘active’: False, …}.
-
GET /scim/Users?filter=userName eq “john.smith@acme.com”&startIndex=1&count=100 <<< returns 0 result
-
POST /scim/Users <<< returns an HTTP 409 Conflict because the user already exists
My understanding is that:
- For requests *1-5, the user was assigned (or re-assigned) to the app.
- In requests *6-7, the user was probably unassigned from the app (because of {‘active’: False, …}).
- But for some reason, in requests *8-9, the user appears to be immediately re-assigned to the app, but the wrong search filter is used in request *8 (it should be using “john.f.smith@acme.com”, and not “john.smith@acme.com”).
Do you know what may be the cause of this last sequence of requests? And why would an incorrect search filter be used?
Thanks!