IBM Security Verify

 View Only
  • 1.  SCIM Logging

    Posted Wed May 06, 2020 04:34 PM
    Hi all,

    what is the best way to have a log of requests processed by SCIM?

    I turned on the trace " * = ALL" but writes too much and does not however give the information inherent to the operation carried out (creation, deletion, modification of attributes).

    Any suggest?

    Thanks in advance

    Patrizio Spadavecchia

  • 2.  RE: SCIM Logging

    Posted Mon June 07, 2021 05:05 AM
    no answer / suggestion?


    Patrizio Spadavecchia

  • 3.  RE: SCIM Logging

    Posted Mon June 07, 2021 06:04 AM
    Edited by Patrizio Mon June 07, 2021 06:04 AM

  • 4.  RE: SCIM Logging

    Posted Mon June 07, 2021 05:36 PM
    You have more options. Instead of using ALL, you can control the level of logging with other options. For example FINEST, FINE, etc.
    Regarding the operations carried out, I am not sure what you want, but you the scim REST API, are http requests, so if that is what you need, you may find these also in the reverse proxy logs.

    Joao Goncalves
    Pyxis, Lda.
    +351 91 721 4994

  • 5.  RE: SCIM Logging

    Posted Tue June 08, 2021 04:31 AM
    Thanks Joao,

    in reverse proxy logs i can find requests but not the payload, so it's not possible to understand what operation was done on the data.

    I know there are several log verbosity settings for trace logs, but my aim would be to keep track of all the operations performed through this interface.


    Patrizio Spadavecchia

  • 6.  RE: SCIM Logging

    Posted Thu July 22, 2021 06:57 AM

    Unfortunately we don't have audit records written for SCIM operations - that probably would have been the best answer.  If you think this would be the right answer then please create  a "Request for Enhancement" to register this requirement.

    As already discussed, HTTP request log gives some information but not enough to really know what changes were made.

    I can think of two ideas:

    1. Enable auditing in whatever directory server actually stores the users and groups.  If you BIND to this with a specific user when doing SCIM operations then perhaps you could filter based on that to get just the SCIM operations.

    2. Create a "proxy" HTTP service (your own or something in JavaScript using the AAC) which writes audit records before forwarding the requests to the "real" SCIM endpoint.  I'm not sure how easy this would be - just an option.


    Jon Harry
    Consulting IT Security Specialist

  • 7.  RE: SCIM Logging

    This message was posted by a user wishing to remain anonymous
    Posted Tue July 20, 2021 01:02 PM
    This post was removed