Internal Provisioning error during existing user provisioning

Question

We're developing a SCIM API and during the integration testing between OneLogin and our application we always run into an error which can be reproduced with the following steps:

1. Create a user in your application with xy@email.com (SCIM username)
2. Create a user in OneLogin with the same email address
3. Add this user to your application
4. OneLogin should recognize that this user is already using that SCIM application so further provisioning action is not required. However, we got an "Internal Provisioning Error"

I can verify that our API has been called and here are the 2 SCIM webrequests related to this flow:

GET https://appurl/svc/scim/v1/Users?filter=userName+eq+"xy%40email.com"

{
  "schemas": [
    "urn:scim:schemas:core:1.0"
  ],
  "totalResults": 1,
  "itemsPerPage": 1,
  "startIndex": 1,
  "Resources": [
    {
      "userName": "xy@email.com",
      "emails": [
        {
          "primary": true,
          "value": "xy@email.com"
        }
      ],
      "id": "94724df5-2338-45a3-8b96-0f68afd273d4",
      "schemas": [
        "urn:scim:schemas:core:1.0"
      ]
    }
  ]
}

GET https://appurl/svc/scim/v1/Users/94724df5-2338-45a3-8b96-0f68afd273d4

{
  "userName": "xy@email.com",
  "emails": [
    {
      "primary": true,
      "value": "xy@email.com"
    }
  ],
  "id": "94724df5-2338-45a3-8b96-0f68afd273d4",
  "schemas": [
    "urn:scim:schemas:core:1.0"
  ]
}

After the 2nd GET request OneLogin returns with "Internal Provisioning Error"

Is there something wrong with the response?

Thank you, Peter

Answer 1

I've found the error. In OneLogin firstName and lastName are required however in our application they are not. When OneLogin gets our user it fails to parse the result since we do not return firstname and lastname.