SCIM Client troubleshooting

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of SCIM Client troubleshooting

    This guide helps ServiceNow customers resolve common issues encountered when setting up or running the SCIM Client integration. It outlines typical error messages, their causes, and recommended corrective actions to ensure smooth operation of the SCIM Client, which synchronizes identity data using SCIM protocols.

    Show full answer Show less

    Troubleshooting Common Issues

    • Access Control Errors: When receiving errors about inaccessible tables, ensure that the SCIM API calls are made in the system context rather than a user context to avoid access control restrictions.
    • Authentication Failures: If the response indicates "User Not Authenticated," verify that the token used is properly generated via the corresponding REST message and remains valid. Also, confirm API calls execute in system context.
    • Data Type Mismatch: For errors like "Cannot cast java.lang.Integer to java.lang.String," check SCIM attribute mappings to ensure scripts return string values consistently.
    • Invalid ID Errors: If the provider reports invalid IDs (e.g., for manager attributes), confirm the IDs sent in the payload match valid IDs in the external provider system, as these must align exactly.

    Areas to Check for Troubleshooting

    To effectively diagnose issues, review the SCIM Client logs, which capture detailed information about each API call:

    • Request ID: Unique identifier for each API request.
    • SCIM Provider and Resource: Identify which provider and resource the API call targets.
    • Resource ID and Action: Specific resource involved and the API action executed.
    • Status and Message: Indicates success or failure along with detailed messages from the provider or configuration errors.

    Additionally, monitor and analyze outbound web service logs to inspect request payloads and troubleshoot communication issues. Adjust log levels via REST message configurations for more detailed HTTP method tracking. If request bodies are truncated in logs, increase the content limit using the system property glide.outboundhttp.content.maxlimit.

    Troubleshooting actions can help resolve common issues when setting up or running the SCIM Client.

    Table 1. Troubleshooting
    Issue Action

    Response contains the following message:

    “message":"Unable to access the
table core_company with id: 0c441abbc6112275000025157c651c89,
Please cross check the Access control rules"

    The message is displayed if the API is called in a user context and the user does not have access to the table.

    You must make sure that the scriptable API is called in the system context.

    Response contains the following message:

    {"message":"User Not Authenticated","detail":"
Required to provide Auth information”}
    • Make sure that the token is generated through the corresponding REST message and it is valid.
    • Make sure that the scriptable API is called in the system context.

    Response contains the following message:

    Script execution failed, the reason is:
Cannot cast java.lang.Integer to java.lang.String
    		In the SCIM attribute mapping, if the field is defined to fetch from a script with this issue, then make sure that the return type should always be a string.

    Response contains the following message:

    "status": "400", 
"scimType": "invalidValue", 
"detail": "Manager id : 02826bf03710200044e0bfc8bcbe5ds8 
doesn't exist"
    		For any SCIM attribute that expects the ID, then that ID is always of the provider system. Make sure the ID that is passed in the payload is valid in the provider system.

    Areas to check for troubleshooting

    The following are some of the areas that can be checked for troubleshooting errors when using the SCIM Client:

    • If any issue is found while running any of the scriptable APIs, see the SCIM Client logs section.
      Table 2. Logs Fields
      Field Description
      Request ID Unique ID that represents a scriptable API called.
      SCIM Provider Provider name for which the API is called.
      Resource Name of the resource for which the API is called.
      Resource ID The ID for which the API is called. For deletion, the ID represents the resource ID in the provider system and the ID is in the client system.
      Action API that is called
      Status Status of the log as a success or failure
      Message Success or error message. The error message can be from the SCIM provider or because of configuration issues in the SCIM Client.
    • Check the request body by configuring and viewing outbound calls. To learn more, see Outbound web services logging.
    • Update log levels by adding the content-type, testing the sample, and navigating to corresponding the HTTP Method form in the REST message of the corresponding provider.
    • If the request body is truncated, then increase the limit by using system property glide.outbound_http.content.max_limit.