戻る
-
タイトル
Inserting objects in target systems via SCIM Connector or Starling Connect Connector ending in failures or performance issues -
説明
Having Identity Manager connected to an external HR system via SCIM Connector or Starling Connect Connector you may sometimes see the following SCIM provider replies when inserting new objects (new user accounts, employees, groups, etc.) into the connected system:- ‘"status": 400’ with ‘Unsupported attribute’
- ‘"status": 400’ with ‘invalidFilter’ or ‘invalid Filter’
- ‘"status": 422’ with ‘invalid Filter’ or ‘Invalid filter value.’
- ‘"status": 500’ with a return message indicating that searching for an object with an obviously valid SCIM formatted filter clause cannot be parsed or understood by the connected systems SCIM provider
- Object insert operation takes too long (several minutes)
- ‘“status”: 429’ Too Many Requests - in the scope of inserting objects via AdHoc provisioning
-
原因
When Identity Manager is requested to insert new objects in a connected system it needs to verify whether the object is already present and just require an update, otherwise an insert operation should be performed. Identity Manager is searching the object based on all key attributes and their values (lookup). Because id property is not yet populated the search is performed for other attributes which might either cause the SCIM provider to fail with error 400, 422 or 500 (SCIM filter support partially implemented by connected systems SCIM provider) or taking too long (SCIM provider performs an internal full catalogue scan).
-
対策
With Identity Manager 9.1 SP1 or newer using SynchronizationEditor to set the option “General concurrence strategy” to “Optimistic” for “Provisioning” workflow(s).
With Identity Manager 9.2 using SynchronizationEditor to set the option “General conflict detection strategy” to “Optimistic” for “Provisioning” workflow(s).
With that option Identity Manager skips the object lookup and performs the Insert operation directly.
Refer to the documentation for details for “Collision detection strategy”:
https://support.oneidentity.com/technical-documents/identity-manager/9.2/target-system-synchronization-reference-guide/21#TOPIC-2079401
-
変更要求
36472