Which IIQ version are you inquiring about?
8.4p3
Share all details about your problem, including any error messages you may have received.
Hello,
I have an integration with CyberArk using the SailPoint PAM Module, and until recently the Target Aggregation task had been running successfully. Over the last few days, it has started failing with the following error:
Target Source Scan failed. Reason: java.lang.RuntimeException: openconnector.ConnectorException: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":400,"scimType":"invalidValue","detail":"Filter should contain only a single container filter. "}
The task is configured to use the PAM Module’s PAMTargetSource.
After enabling some logs, I can see that the failure occurs immediately after this SCIM request is generated:
logger=openconnector.connector.scim2.SCIM2Connector method=iterateResources line=3026 msg="Aggregation URL: https://host/scim/v2/ContainerPermissions?startIndex=1&count=100&filter=container.value+eq+%22TMP%22"
And right after that:
logger=openconnector.connector.scim2.SCIM2Connector method=traceMethodEntry line=97 msg="Entering shouldRetryCPError: Arguments => java.io.IOException: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":400,"scimType":"invalidValue","detail":"Filter should contain only a single container filter. "}
This aggregation had been working previously and only started failing recently, without any configuration changes on the IdentityIQ side.
Questions:
- Is this error likely caused by a change on the CyberArk SCIM server side, given that the PAMTargetSource logic hasn’t changed?
- Are there recommended steps to further debug or validate whether the SCIM server is rejecting the filter, or whether IIQ is generating something unexpected behind the scenes?