SCIM Curl request against Symantec Directory 14.x is failing

book

Article ID: 209996

calendar_today

Updated On:

Products

DIRECTORY

Issue/Introduction

You have setup the SCIM demo successfully and it works fine from the SWAGGER UI. However, from curl command you may get "HTTP/1.1 400 Bad Request".

e.g.

C:\Users\myname\Desktop\curl-7.75.0-win64-mingw\bin>curl -v -k "https://localhost:3100/ca/api/dxmanagement/v0.1/environments/ENV-2/scim-instances/scim instance2/v2/users" -H "authorization: Basic Q3JhaWcgTElOSzpDcmFpZy5MSU5LQHNjaW1kZW1vLmNvbQ=="

*   Trying ::1:3100...
* Connected to localhost (::1) port 3100 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1

* Server certificate:
*  subject: CN=ui-directory.us-central1-a.c.aerobic-copilot-256414.internal; ST=Victoria; C=AU; O=CA Technologies; OU=Directory Management UI node.js
*  start date: Dec 20 20:18:54 2020 GMT
*  expire date: Dec 18 20:18:54 2030 GMT
*  issuer: C=AU; ST=Victoria; O=CA Technologies; OU=Directory; OU=Root CA for management UI node.js; CN=ui-directory.us-central1-a.c.aerobic-copilot-256414.internal
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /ca/api/dxmanagement/v0.1/environments/ENV-2/scim-instances/scim instance2/v2/users HTTP/1.1
> Host: localhost:3100
> User-Agent: curl/7.75.0
> Accept: */*
> authorization: Basic Q3JhaWcgTElOSzpDcmFpZy5MSU5LQHNjaW1kZW1vLmNvbQ==
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Connection: close
<
* Closing connection 0

Environment

Release : 14.x

Component : CA Directory

Resolution

Most probably the problem is due to a space character in the URL (in above example, within 'scim instance2' close to end of the URL) which needs to be escaped with %20. Try replacing 'scim instance2' with 'scim%20instance2' and it should work.

e.g.

curl -v -k "https://localhost:3100/ca/api/dxmanagement/v0.1/environments/ENV-2/scim-instances/scim%20instance2/v2/users" -H "authorization: Basic Q3JhaWcgTElOSzpDcmFpZy5MSU5LQHNjaW1kZW1vLmNvbQ=="

Reference:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/using/scim-services/additional-scim-functions/data-format-and-http-codes.html

https://tools.ietf.org/html/rfc7644

https://datatracker.ietf.org/doc/rfc7644/?include_text=1