self-hosted
self-hosted copied to clipboard
getsentry
Azure SCIM user sync/delete error
Environment
self-hosted (https://develop.sentry.dev/self-hosted/)
Steps to Reproduce
- Configure Azure SSO and SCIM based on https://docs.sentry.io/organization/authentication/sso/azure-sso/#scim-integration
- Add or remove a user in Azure to Enterprise Application > Users and Groups
- SCIM runs automatically every 40 minutes
Expected Result
- User is added/updated or removed based on if he is present in Enterprise Application > Users and Groups
Actual Result
When adding user to Users and Groups in Enterprise application, SCIM successfully creates user on initial run.
Each subsequent SCIM runs produce error for every user: Failure Action: Update UPN : xxxxxx Type: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Details Error code: SystemForCrossDomainIdentityManagementServiceIncompatible
StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response:
{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"], "detail": { "Operations": { "op": [""add" is not a valid choice"], "value": ["value must be a boolean or object"] } } }
I came across similar issue in a different thread: https://github.com/getsentry/sentry/issues/79354, where OP suggested: "Update: the original reported solved the issue by removing the "update" option from "Target Object Actions" in Azure."
It does resolve the issue with subsequent SCIM runs and the user creation works, however, user removal does not work.
Product Area
Settings - Auth
Link
No response
DSN
No response
Version
25.1.0
![getsantry[bot] avatar](https://avatars.githubusercontent.com/in/66573?v=4 "Published by a pub.dev verified publisher"){kind=small}