• State Verified Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 93 subscribers
  • Views 941 views
  • Users 0 members are here
Options
Related

Connecting SAP BTP to OneIdentity using SCIM Connector

OneIdentity_Dev
over 1 year ago

Hi group!!

We would like to connect SAP BTP to OneIdentity using the SCIM Connector.

Currently the SAP BTP is using  - "urn:scim:schemas:core:1.0"  , which they cannot upgrade to 2.0

and One Identity is using  by default - "urn:ietf:params:scim:schemas:core:2.0:User"

So their is a version mismatch 2.0 vs 1.0

Error message, while running the provisioning to BTP

   {"error_description":"Only schema 'urn:scim:schemas:core:1.0' is currently supported","error":"scim","message":"Only schema 'urn:scim:schemas:core:1.0' is currently supported"}
   The remote server returned an error: (400) Bad Request.

So, we thought to override the default schema (only shows up in Expert mode).

We got stack filling the following fields in the wizard:

- Schema: json file

- Resources (users, group, etc.): json file

We are not sure how to develop the json files with lesser version "urn:scim:schemas:core:1.0

Any idea?

  • 0 over 1 year ago

    Since One IM version 9.1 you may use the download button in SCIM connection wizard to download the exported schema and resource definition. These files you can edit and use as hard coded schema and resource type definition. Eligible examples you can find in RFC 7643 (https://www.rfc-editor.org/rfc/rfc7643).

  • +1 10 months ago in reply to tlindner

    Thank you for the info.

    We thought of creating a new PowerShell connector and connect to BTP. Which most of the people does.

    But we took the below steps.

    Steps taken :

    Instead of manually downgrading our SCIM version, we asked the BTP team to use SAP IPS which comes free if already using BTP.

    BTP team agreed and integrated with IPS. 

    The flow looks like : One Identity > (SAP IPS) > SAP BTP

    From One Identity, we are now connecting to SAP IPS via SCIM 2.0 and its working fine.

    Note: BTP team needs to understand how the IPS works before configuring it and to maintain the flow from SAP IPS -> BTP or vice versa