No Authentication - Send Custom Headers in the Request Body
Set the SCIM 2.0 connector to use no authentication for OAuth 2.0, which configures it to send custom headers in the request body. Configure the headers which the connector includes in the request body as required.
noAuthHeaders
Used to define custom headers and associated values included in the request body
To send custom headers, add the following entry key (this example uses customParamKey and the corresponding customParamValue) in the Application Debug page:
<entry key="noAuthHeaders">
<value>
<Map>
<entry key="customParamKey" value="customParamValue"/>
<entry key="password" value="$application.password_CA$"/>
</Map>
</value>
</entry>Caution
Sensitive attributes in No Authentication headers should be used with placeholders. While adding sensitive attributes, ensure that the attributes are added with the suffix _CA. For example, to use a password in the header value, add password_CA as an attribute and $application.password_CA$ as the header value in the application debug. If the attributes are not suffixed with _CA the SCIM 2.0 application might display unusual behavior.
For example, if the attribute updated is a password, then it must be added as follows:
Before updating the encrypted list:
<entry key="encrypted" value="client_secret,oauthBearerToken,oauthTokenInfo,refresh_token,private_key,private_key_password,additional_payload,oauth2password"/>
After updating the encrypted list:
<entry key="encrypted" value="client_secret,oauthBearerToken,oauthTokenInfo,refresh_token,private_key,private_key_password,additional_payload,oauth2password,password_CA"/>