• State Suggested Answer
  • Replies 17 replies
  • Answers 1 answer
  • Subscribers 95 subscribers
  • Views 919 views
  • Users 0 members are here
Options
Related

SCIM: The request contains invalid parameters or values

Chrysoula Koutkou
3 months ago

Hello,

I am trying to connect to a Target System using oAuth authentication method via SCIM. We are using the version 9.0 LTS.

We populate all the correct values and when we try to test the connection we get the below error message:

Error returned: {"error": invalid_request", "error_description": The request contains invalid parameters or values."}

Error returned: The remote server returned an error: (400) Bad Request.

I tried to do a Postman request using the correct access token, client ID and client secret and we manage to return the users and groups. In Postman it seems to be working, while Sync Editor doesn't recognise the connection info.

I tried to reach the server without the authorization token and then I am getting a different type of error message with HML headers: Unauthorized. Proper authorization is required for this area. Either your browser does not perform authorization, or your authorization has failed.

In the meantime, out of curiosity, I tried to mimic the behavior of Sync Editor to Postman by doing the request in a different order and I got the same error messages. 

My question to you is, have you seen something similar before? Is there any specific order the sync editor follows to achieve an oAuth request? 

Thank you in advance!

Parents Reply Children
  • 0 3 months ago in reply to Chrysoula Koutkou
    Hi Chrysoula,

    the command Get-TlsCipherSuite lists the TLS cipher suites available for use (provided by windows) on the machine. When the filter -Name "TLS_AES_256_GCM_SHA38" returns an empty list, either the suite is disabled or not supported by the OS. (Postman probably has it's own cipher/SSL/TLS implementation.)
    According to Microsoft Learn the TLS cipher suite TLS_AES_256_GCM_SHA38 is supported starting with Windows Server 2022. See  learn.microsoft.com/.../cipher-suites-in-schannel  and  learn.microsoft.com/.../tls-cipher-suites-in-windows-server-2022
    We are talking about an communication level well below the SCIM connector. This is all within the .net framework/os. I expect, that you will see the same behavior when querying the Auth endpoint with an Invoke-WebRequest in powershell. Get the Invoke-WebRequest to fly by changing the machines configuration and the SCIM connector should start working also.