cancel
Showing results for 
Search instead for 
Did you mean: 

SAP IPS: Wrong value of schemas attribute

tskwin
Participant
0 Kudos
228

Helo Experts,

When I create the source system as IAS and the target system as SAC, provisioning to SAC works fine initially. However, when I make some changes or copy the code from the SAP documentation for SCIM API 2 and  a few errors appear - "Duplicated target paths warning and I try to resolve the errors, but I am unable to fix them.

Then, when I revert to the original transformation code (the one that worked at the beginning), I reinsert it, and provisioning stops working.

I get this error:

Caused by: Could not process successfully all entities from system with name: Source IAS

error=HTTP operation failed invoking https://tenant.cloud.sap/api/v1/scim2/Users with statusCode: 400, Response: {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":"400","scimType":"invalidValue","detail":"Request is unparsable, syntactically incorrect, or violates schema. Wrong value of schemas attribute"},

content=<hidden content> - Set property ips.trace.failed.entity.content=true to display the content of failed entities

Then nothing works anymore, and I have to delete the systems and create new ones.

Please help me understand how to avoid or fix such errors."

What am I doing wrong?

Many Thanks

View Entire Topic
Amin_Omidy
Active Participant

Hi  tskwin,

You can try steps below :

  1. This error suggests a mismatch or incorrect value in the “schemas” attribute. Double-check that the SCIM schema version aligns with SAC’s requirements and ensure you’re using the correct endpoint format.
    Enable detailed error tracing by setting the "ips.trace.failed.entity.content=true" property. This will give you visibility into the specific content or entities causing the failure, helping to identify schema violations or data inconsistencies more precisely.
  2. Start to test provisioning with a single user entity to minimize potential issues. Once it succeeds, you can incrementally test with more complex transformations.
    Revalidate and confirm each configuration step to ensure changes do not conflict with SAC’s SCIM API specifications.
  3. When reverting, ensure there is no residual transformation mappings or invalid configurations are left from the previous changes. Sometimes, lingering mappings may cause inconsistencies, even if the initial code worked fine.
    Make sure clear the cache or reset mappings in SAP Identity Provisioning Service (IPS) if possible before reinserting the original code.
  4. This warning typically occurs when there are conflicting mappings or duplicate transformation paths in the SCIM configuration. Check your transformation rules and remove or correct any redundant mappings for target paths.
    Also, make sure your transformation logic aligns exactly with the SAC schema requirements to avoid conflicts.

Hope this helps ,thanks,

@Amin_Omidy 

tskwin
Participant
0 Kudos

Hello @Amin_Omidy 

Thank you very much for your feedback.

Unfortunately, I am not very familiar with this topic.

I have used the Default Transformation for Source System Identity Authentification here , and for the Target System - Analytics Cloud here . However, with this default transformation, I am encountering these errors.

The user was provisioned from Azure to IAS. Could the issue be related to the attributes provisioned from Azure?

I just can’t find a solution to my problem.

Thank you very much.

Best regards,

Amin_Omidy
Active Participant
0 Kudos

Is hard to troubleshot if we don't have error log and detail of that. You can check the blog:
16. What are the best steps to troubleshoot and resolve SSO issues with SAP Identity Authentication Service (IAS)?
Answer: When it comes to tracing errors and finding resolutions for SSO issues, I recommend the following approach:

  1. Use Browser Developer Tools: Open your browser's Developer Tools (e.g., Chrome) and install a SAML tracing extension, such as “SAML WS-Federation.” This will help you gain detailed insights into your SSO issue and identify the root cause.
  2. Check IAS Logs: Access the logs in the Identity Authentication Service by navigating to Monitoring & Reporting > Troubleshooting Logs. This can help identify errors specific to the IAS.
  3. Guided Answers: Utilize the IAS Guided Answers Decision Tree available in SAP support to help identify common issues and potential solutions.
  4. Certificate Validity: Confirm that the correct certificates are being used. Sometimes, the IAS may reference an inactive certificate in the metadata, which can lead to SSO failures.
  5. Examine Target Application Logs: For applications like S/4HANA, enable the SAML2 log by following SAP Note 2960670. This will allow you to view logs related to SAML assertions and possible failures.
  6. Use SAP Support Log Assistant: Import your logs into the SAP Support Log Assistant. This tool analyses your logs and provides insights along with relevant SAP Notes for further troubleshooting. For more detailed information, please refer to my previous blog on this topic: How You Can Troubleshoot Errors in IAS Related to SSO and S/4 HANA.
  7. Contact Support: If issues persist, consider reaching out to your SAP IAS Admin or opening an SAP support case for more tailored assistance.
    Thanks,