无法启用从Azure Active Directory到Oracle Identity Cloud Service(Oracle IDCS)的用户配置 [英] Unable to enable user provisioning from Azure Active Directory to Oracle Identity Cloud Service (Oracle IDCS)
问题描述
我正在尝试启用用户从Azure Active Directory到Oracle身份云服务(Oracle IDCS)的资源调配,但无法成功. 不过,Azure AD单一登录到Oracle IDCS的效果很好.
我找不到太多的文档Oracle IDCS,但引用了为Google G Suite提供的IDCS-https://docs.microsoft.com/zh-cn/azure/active-directory/saas-apps/google-apps-tutorial 设置用户配置集成.
在我已注册的Oracle IDCS上可以创建/管理用户并已验证是否已启用所有用户管理API的客户端应用程序. 本质上,我能够使用Postman在Oracle IDCS中添加用户帐户(使用相同的 Bearer access_token)
用于预配的初始管理凭据配置成功在测试连接"上它说:
测试与Oracle_IDCS_Prov的连接
已授权提供的凭据以启用预配置
但是当我更改预配状态时开"并保存配置,我看到以下错误:
测试与Oracle_IDCS_Prov的连接
我们在更新Oracle_IDCS_Prov的配置时遇到错误
我读了SaurabhSharma-MSFT的帖子- 和 创建了2个应用程序–一个用于Oracle IDCS SSO,另一个用于Oracle IDCS Provisioning,如所建议的那样,它仍然无法正常工作.
对此的任何帮助将不胜感激!
在审核日志中,显示以下错误:
活动 日期:12/27/2018,1:43:27 PM 名称:更新外部机密 相关ID:c0e5209f-6d80-4112-94f2-6009901decc2 类别:核心目录 活动状态 状态:失败 原因:System.ArgumentException 发起人(演员) 类型:其他 名称:Microsoft Azure AD内部 ObjectId: 目标 目标 类型:ServicePrincipal 名称:Oracle_IDCS_Prov 对象ID:2b675d42-4853-425e-a747-4d443e2b0c59 Spn:e4ba10e3-8b21-44f2-b495-8e53a20e4167; http://customappsso09181CD2B68F4FDAA6FA3CB9317502B6; http://instanceid_8adf8e6e-67b2-4cf2-a259-e3dc5476c621_955D9301364C4A1-8c4a1c4a4-414a4c1a4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca4ca33b3b3bnb4b3bfbffbfbfbfbfbfbfbfbfbfbfbfbffbfbfbfbfbfbfbfbfbfbfbfbfbfbfbf人脸的人 修改后的属性 名称:动作客户端名称 新值:"DirectoryProvisioning" 名称:MethodExecutionResult. 新值:"System.ArgumentException"; 名称:TargetId.ServicePrincipalNames 新值:"e4ba10e3-8b21-44f2-b495-8e53a20e4167; http://customappsso09181CD2B68F4FDAA6FA3CB9317502B6; http://instanceid_8adf8e6e-67b2-4cf2-a259-e3dc5476c621_955D93013644-4a4a4-4a4a4c4a4a4c4a4a4e4e4a4e4e4e4e4e4e4e4e4e4e4e4e4e4e4e4e4e4e1e1e1e1e1e4e4e4e4e4e4e4e4e4 &&&&&&&&&&&&&&&&&&&# ; 其他详细信息
-拉哈(Laha)
你好,阿林达姆( )
理想情况下,对于Google Apps,我们已经看到该解决方案可以按照Saurabh的描述工作.但是,对于您的情况,我不确定错误中提到的Argument Exception是什么意思.这将需要进行大量的故障排除以了解 原因 .如果您有Azure支持计划,我们建议您打开一个支持案例.通过Azure支持门户.如果您没有支持计划,可以通过azcommunity@microsoft.com与我们联系,提及此MSDN线程. URL和您的Azure订阅ID以及相关的Azure AD租户名称,我们将为您提供其他选项.
谢谢.
Hi,
I am trying to enable user provisioning from Azure Active Directory to Oracle Identity Cloud Service (Oracle IDCS) but can't succeed. Azure AD Single sign-on to Oracle IDCS works fine though.
I did not find much documentation reg Oracle IDCS but referred the one provided for Google G Suite - in https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/google-apps-tutorial to set up the user provisioning integration.
On the Oracle IDCS I have registered a client application that can create/manage users and have verified that all user management APIs are enabled. Essentially, I am able to add a user account in Oracle IDCS using Postman (using the same Bearer access_token)
Initial Admin Credentials configuration for Provisioning succeeded and on "Test Connection" it says:
Testing connection to Oracle_IDCS_Prov
The supplied credentials are authorized to enable provisioning
but when I change the provisioning status "On" and save the configuration I see the following error:
Testing connection to Oracle_IDCS_Prov
We encountered an error while updating provisioning configuration for Oracle_IDCS_Prov
I read a post from SaurabhSharma-MSFT - https://social.msdn.microsoft.com/Forums/en-US/30daaa73-3d93-466d-8b4d-4afa18277fb8/unable-to-enable-user-provisioning-from-azure-active-directory-to-google-cloud-identity-g-suite?forum=WindowsAzureAD and created 2 applications – one for Oracle IDCS SSO and another for Oracle IDCS Provisioning, as suggested, still, it is not working.
Any help on this will be greatly appreciated !
In the Audit logs the following error is shown:
Activity Date : 12/27/2018, 1:43:27 PM Name : Update external secrets CorrelationId : c0e5209f-6d80-4112-94f2-6009901decc2 Category : Core Directory Activity Status Status : Failure Reason : System.ArgumentException Initiated By (Actor) Type : Other Name : Microsoft Azure AD Internal ObjectId : Target(s) Target Type : ServicePrincipal Name : Oracle_IDCS_Prov ObjectId : 2b675d42-4853-425e-a747-4d443e2b0c59 Spn : e4ba10e3-8b21-44f2-b495-8e53a20e4167;http://customappsso09181CD2B68F4FDAA6FA3CB9317502B6;http://instanceid_8adf8e6e-67b2-4cf2-a259-e3dc5476c621_955D9301364C4ABC87D199CCDE5A4AC1;http://customappsso/c984c1ac-4a7e-4cad-b3c8-ecc318aa68ec Modified Properties Name : Action Client Name New Value : "DirectoryProvisioning" Name : MethodExecutionResult. New Value : "System.ArgumentException" Name : TargetId.ServicePrincipalNames New Value : "e4ba10e3-8b21-44f2-b495-8e53a20e4167;http://customappsso09181CD2B68F4FDAA6FA3CB9317502B6;http://instanceid_8adf8e6e-67b2-4cf2-a259-e3dc5476c621_955D9301364C4ABC87D199CCDE5A4AC1;http://customappsso/c984c1ac-4a7e-4cad-b3c8-ecc318aa68ec" Additional Details
- Laha
Hello Arindam,
Ideally in case of Google Apps we have seen that solution to work as described by Saurabh. However , in your case I am not sure what is meant by Argument Exception as mentioned in the error . This would require extensive troubleshooting to understand the cause . We would like to suggest you to open a support case in case you have a Azure support plan through Azure support portal. In case you do not have a support plan , you can reach out to us on azcommunity@microsoft.com mentioning this MSDN thread URL and your Azure Subscription ID along with related Azure AD tenant name and we will provide you with alternative options.
Thank you .
这篇关于无法启用从Azure Active Directory到Oracle Identity Cloud Service(Oracle IDCS)的用户配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
