PAM TargetSource Aggregation Error - Http 401

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.3p3

We have currently migrating our PAM solution from on-prem to PCloud and I have updated the application in IIQ from Basic Credentials to OAuth2.0 and also updated the TargetSource details with the same.

When I am running the TargetSource Aggregation Task I am facing the below error -

Http1.1 401

Error while preparing SchemaPropertyMapping, please check whether response of /ResourceTypes, /Schemas follows SCIM2 specs

Connector Logs after running the task-

2026-03-11T10:31:25,341 ERROR QuartzScheduler_Worker-3 openconnector.connector.scim2.SCIM2Connector:2561 - HTTP/1.1 401 Unauthorized openconnector.ConnectorException: HTTP/1.1 401 Unauthorized at openconnector.connector.scim2.SCIM2Context.getResourceTypes(SCIM2Context.java:217) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Context.initResourceTypeMap(SCIM2Context.java:59) ~[connector-bundle-webservices.jar:8.3p3] at sailpoint.scim.common.AbstractSCIMContext.getResourceTypeMap(AbstractSCIMContext.java:69) ~[scim-common.jar:8.3 Build f4b330b4da3-20220427-175259] at sailpoint.scim.common.AbstractSCIMContext.getResourceType(AbstractSCIMContext.java:44) ~[scim-common.jar:8.3 Build f4b330b4da3-20220427-175259] at openconnector.connector.scim2.SCIM2Context.getResourceType(SCIM2Context.java:331) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Connector.getResourceTypeCoreSchema(SCIM2Connector.java:3363) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Connector.getSchemaPropertyMapping(SCIM2Connector.java:1444) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Connector.generateSchemaPropertyMapping(SCIM2Connector.java:2681) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Connector.iterate(SCIM2Connector.java:2551) [connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Connector.iterate(SCIM2Connector.java:2559) [connector-bundle-webservices.jar:8.3p3] at sailpoint.unstructured.PAMCollector$TargetIterator.(PAMCollector.java:467) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.unstructured.PAMCollector$TargetIterator.(PAMCollector.java:457) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.unstructured.PAMCollector.iterate(PAMCollector.java:408) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.unstructured.TargetCollectorProxy.iterate(TargetCollectorProxy.java:112) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.api.TargetAggregator.execute(TargetAggregator.java:436) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.task.UnstructuredTargetScan.execute(UnstructuredTargetScan.java:170) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.api.TaskManager.runSync(TaskManager.java:981) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.api.TaskManager.runSync(TaskManager.java:764) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) [identityiq.jar:8.3p3 Build d5deab2519b-20230629-092050] at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?] at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?] Caused by: java.io.IOException: HTTP/1.1 401 Unauthorized at openconnector.connector.scim2.SCIM2RestApi.doEntityRequest(SCIM2RestApi.java:110) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.rest.RestApi.doRawGet(RestApi.java:666) ~[connector-bundle-webservices.jar:8.3p3] at openconnector.connector.scim2.SCIM2Context.getResourceTypes(SCIM2Context.java:192) ~[connector-bundle-webservices.jar:8.3p3] … 20 more

Can anyone help me on this error?

2

@srikanth_akella8- as it is giving “HTTP/1.1 401 Unauthorized openconnector.ConnectorException: HTTP/1.1 401 Unauthorized “. check the permissions to the account associated with OAuth. check if it has right permissions to access the data.

1 Like
3

Hi @venkat_chaduvula - I have validated this from Postman and I am able to hit the /ResourceTypes API there without any issue but its failing from this task.

4

@srikanth_akella8 - then it confirms there is no permissions issue.
compare the details given in postman and application. try to run API from test rule for quick check to see it is giving results or not.

5

can you do a curl command from your sserver, and see if it works for you?? also can you open your app in the debug and see all the parameters are ther for the app like tokenUrl=hserverip/oauth/token,clientId,clientSecret, grantType??

6

@srikanth_akella8 Could you please try few things:

  • Enable connector logs and validate the api details like the url is same as you have in postman, necessary scopes are added, authentication type, etc.
  • Have a test rule, and try to execute the APIs.
  • Validate if there is any IP whitelisting required.
  • Also do you know if IIQ to PAM app is a direct integration or you have any proxy application in between?
7

@srikanth_akella8

Please check the user that you are using have proper permission or not?