i’m developing a SCIM endpoint API to enable automatic provisioning of users between my symfony v5 application and Azure AD.
Actually i did not find enough documentation to help me develop this, also i am not an expert but i followed docs.microsoft for some guidelines.
i start by building a symfony REST API CRUD without using any bundle,all my endpoints start by /Users.
Then i hosted my application on a remote site (PLESK) with this url : https://example.com/
and now i want to Integrate my SCIM endpoint with the Azure AD SCIM client. In the Tenant URL field i put this URL: https://example.com/scim
but i receive this error, can anyone please explain me if i am doing the right thing ? and why i receive this error?
You appear to have entered invalid credentials. Please confirm you are
using the correct information for an administrative account. Error
code:
SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
Details: We received this unexpected response from your application:
An HTTP/404 Not Found response was returned rather than the expected
HTTP/200 OK response. To address this issue, ensure that the tenant
URL is correct. The tenant URL is usually in a format like:
https://<>/scim. If this does not resolve the issue, contact the
application developer to ensure their SCIM endpoint conforms with the
protocol https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2
this is my API Controller Class example create user :
class APIController extends AbstractController
{
//Create User
/**
* @Route("/Users", name="ajout", methods={"POST"})
*/
public function addUser(Request $request){
//On verifie si on a une requette
// On vérifie si la requête est une requête Ajax
//if($request->isXmlHttpRequest()) {
// On instancie un nouvel article
$user = new User();
// On décode les données envoyées
$donnees = json_decode($request->getContent());
// On hydrate l'objet
$user->setEmail($donnees->email);
$user->setRoles($donnees->roles);
// On sauvegarde en base
$entityManager = $this->getDoctrine()->getManager();
$entityManager->persist($user);
$entityManager->flush();
// On retourne la confirmation
return new Response('ok', 201);
}
//return new Response('Failed', 404); }
}
2
Answers
URL
https://example.com/scim
will not work, because you have no prefixscim
defined in @Route annotations, only “Users”. Urlhttps://example.com
also.Probably Azure wants check GET method – because in SCIM docs http://www.simplecloud.info/ only such a method returns 200 response code.
First of all – specify all the needed routes defined in the SCIM.
Secondly – use Postman and test routes manually based on http://www.simplecloud.info/ documentation or even better – write e2e tests for it https://symfony.com/doc/current/testing.html#functional-tests
Next – make sure what is your really working URL
Finally – test the integration within Azure test tool
PS. Why not the ApiPlatform based on Symfony 5? You will make it everything much faster.
PS2. You can watch some ready to go Microsoft Reference Codes for SCIM (for C#, but still worthwhile to read – especially README). https://github.com/AzureAD/SCIMReferenceCode
Also, wiki page about testing is great, you should check it https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint
Azure AD us expecting a response that looks.like this. That would allow you to validate creds.
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#get-user-by-query—zero-results