SCIM 2.0 Account and entitlement Aggregation Time Out Error

saikumarS · November 12, 2024, 12:49pm

Hi,

We are getting Account and entitlement aggregation error for SCIM 2.0 .

Account:openconnector.ConnectorException: Read timed out

entitlement : Exception during aggregation of Object Type group on Application CyberArk [source]. Reason: java.lang.RuntimeException: An error occurred while aggregating Application CyberArk [source] openconnector.ConnectorException: Read timed out

Thanks for your help

mcheek · November 12, 2024, 2:05pm

I would test the various SCIM API endpoints on your CyberArk tenant through Postman (using the same credentials you’re using from ISC) and ensure you get responses first

GET /scim/v2/users
GET /scim/v2/groups
GET /scim/v2/containers
GET /scim/v2/containerpermissions

What I found is that I could not use these SCIM endpoints without purchasing the Privilege Lifecycle Manager add-on entitlement (PRIV-LCM-ADDON) from CyberArk

mcheek · November 15, 2024, 1:58pm

@saikumarS just following up to see if you were able to try any of these troubleshooting steps

saikumarS · November 15, 2024, 2:04pm

Hy Mark,

Thank you very much for the steps .

We are checking the endpoints , I will let you know the update…

Thanks.

sk8er23 · November 16, 2024, 9:27pm

Have you tried extending the timeout, we had a similar issue reading Delinea via SCIM.

Try via api setting the following /connectorAttributes/aggregateTimeout to a higher value, using 10 second increments and test.

saikumarS · November 17, 2024, 9:31am

Hi @anthany,

How much we can put as higher value ? Currently we have “aggregateTimeout”: 495 Sec

Thanks.

sk8er23 · November 17, 2024, 5:01pm

Hi @saikumarS
We had success with a value of 650 but did take it up to 2000

saikumarS · November 18, 2024, 7:17am

I tried till 2000 and no luck

sk8er23 · November 18, 2024, 4:49pm

I have the following which is working:

ProvisioningTimeout:600
Custom timeout:650
AggregateTimeout:2000

These were all applied via API

It’s worth noting that before these values we were aggregating data but we were only getting the data until the original timeout value.

Are you aggregating any data at all?

saikumarS · November 18, 2024, 5:54pm

No , 0 Accounts scanned.

Custom timeout is nothing but connection timeout ?

mcheek · November 18, 2024, 9:12pm

Was this tried? Seems a good idea to ensure the API calls work outside of ISC before going into further troubleshooting steps with ISC

saikumarS · November 19, 2024, 9:18am

Hy Mark ,

yeah , I really wanted to try this once my CyberArk team is available .

I will let you know, Once i tested.

Thankss.

system · January 18, 2025, 9:18am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SCIM 2.0 entitlement aggregation issue ISC Discussion and Questions identity-security-cloud	6	155	September 7, 2024
SCIM 2.0 - SaaS Conector ISC Discussion and Questions aggregation	1	650	July 19, 2023
SCIM 2.0 Connector Account and Entitlement Aggregation Issue ISC Discussion and Questions aggregation , identity-security-cloud	10	1033	April 1, 2024
IDN/ISC : SAP Direct - Entitlement Aggregation Failing ISC Discussion and Questions aggregation , identity-security-cloud , entitlements	7	120	December 17, 2024
CyberArk Privilege Cloud Source, aggregate Container Permission ISC Discussion and Questions scim-connector , identity-security-cloud , sources	6	587	July 19, 2023

SCIM 2.0 Account and entitlement Aggregation Time Out Error

Related topics