edipal · edipal · Apr 11, 2026 · Apr 11, 2026
@@ -30,14 +30,14 @@ Compatibility mode is route-based and extensible:
 	- converts selected `primary` booleans to string values
 	- adds flattened enterprise manager alias key
 
-Management security is profile-based:
+Management security uses Auth0 OIDC:
 
-- Default profile is `azure`, using interactive Azure OIDC login.
-- `cloudflare` profile switches the management apps to JWT resource-server mode.
-- Cloudflare mode reads the token from `Cf-Access-Jwt-Assertion` by default and maps roles from a configurable claim.
+- Both management modules use standard Spring Security OAuth2 Client with Auth0 as the OIDC provider.
+- Each module has its own `AUTH0_CLIENT_ID`, `AUTH0_CLIENT_SECRET`, and `AUTH0_ISSUER_URI`.
+- Role claims are read from a configurable OIDC claim (`APP_SECURITY_OIDC_ROLE_CLAIM`, default `https://scimplayground.dev/roles`).
 - Management user persistence is email-based in both management modules; resolved emails are normalized and stored as the primary key.
-- Management access now expects a usable email claim from OIDC/JWT principals.
-- Shared helpers live in `scim-server-common` (`AzureOidcSecuritySupport`, `CloudflareJwtSecuritySupport`, `MgmtSecuritySupport`).
+- Management access expects a usable email claim from OIDC principals.
+- Shared helpers live in `scim-server-common` (`Auth0OidcSecuritySupport`, `MgmtSecuritySupport`).
 
 Kubernetes support is split into two trees:
 
@@ -64,12 +64,14 @@ mvn clean install -Dskip.validator.tests=true
 # API local mode (requires datasource env vars and ACTUATOR_API_KEY)
 cd scim-server-api && mvn spring-boot:run
 
-# Mgmt UI/API local mode (defaults to Azure profile; requires datasource env vars,
-# ACTUATOR_API_KEY, and Azure OIDC env vars unless you explicitly set SPRING_PROFILES_ACTIVE=cloudflare)
+# Mgmt UI/API local mode (requires datasource env vars, ACTUATOR_API_KEY, and
+# Auth0 OIDC env vars: AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, AUTH0_ISSUER_URI,
+# AUTH0_REDIRECT_URI — or set SPRING_PROFILES_ACTIVE=cloudflare for Cloudflare JWT mode)
 cd scim-server-mgmt && mvn spring-boot:run
 
-# Validator management local mode (defaults to Azure profile; requires datasource env vars,
-# ACTUATOR_API_KEY, and Azure OIDC env vars unless you explicitly set SPRING_PROFILES_ACTIVE=cloudflare)
+# Validator management local mode (requires datasource env vars, ACTUATOR_API_KEY, and
+# Auth0 OIDC env vars: AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET, AUTH0_ISSUER_URI,
+# AUTH0_REDIRECT_URI — or set SPRING_PROFILES_ACTIVE=cloudflare for Cloudflare JWT mode)
 cd scim-validator-mgmt && mvn spring-boot:run
 
 # Docker stack
@@ -186,7 +188,7 @@ If you modify SCIM behavior, review impact across these areas:
 
 If you modify management authentication or deployment behavior, also review:
 
-1. Both management modules' `AzureSecurityConfig` and `CloudflareSecurityConfig`
+1. Both management modules' `SecurityConfig`
 2. Shared helpers in `scim-server-common/src/main/java/.../security`
 3. `docker-compose.yml` and `docker/env/*.env`
 4. `k8s/app/**` and `k8s/cluster/**`

@@ -63,9 +63,9 @@ playground service provider:
 | --- | --- | --- | --- |
 | `scim-server-common` | Shared JPA entities, repositories, and common security support | n/a | Imported by API and management modules |
 | `scim-server-api` | SCIM 2.0 provider API | `8080` | Stateless bearer-token auth per workspace |
-| `scim-server-mgmt` | Thymeleaf management UI + management REST API | `8081` | Azure OIDC locally, Cloudflare Access JWT supported through the `cloudflare` profile |
+| `scim-server-mgmt` | Thymeleaf management UI + management REST API | `8081` | Auth0 OIDC (interactive login); Cloudflare Access JWT in the `cloudflare` profile |
 | `scim-validator` | Groovy/Spock compliance suite | n/a | Builds a reusable test JAR consumed by validator-mgmt |
-| `scim-validator-mgmt` | Validator execution UI + persistence | `8082` | Azure OIDC locally, Cloudflare Access JWT supported through the `cloudflare` profile |
+| `scim-validator-mgmt` | Validator execution UI + persistence | `8082` | Auth0 OIDC (interactive login); Cloudflare Access JWT in the `cloudflare` profile |
 
 ### Request model
 
@@ -182,15 +182,16 @@ The run currently executes these spec groups:
 
 The management applications support two deployment-facing authentication modes:
 
-- `azure` profile, which is the default for manual local runs and uses
-  interactive Azure OIDC login
+- Default mode uses Auth0 OIDC (Spring Security OAuth2 Client) for interactive
+  login. Required env vars: `AUTH0_CLIENT_ID`, `AUTH0_CLIENT_SECRET`,
+  `AUTH0_ISSUER_URI`, and `AUTH0_REDIRECT_URI`.
 - `cloudflare` profile, which switches the management apps to JWT resource
   server mode and validates the Cloudflare Access token from the configured
   request header, `Cf-Access-Jwt-Assertion` by default
 
 The Docker Compose env files and the Kubernetes manifests use the `cloudflare`
-profile for the management applications. Manual local runs default to `azure`
-unless you explicitly set `SPRING_PROFILES_ACTIVE=cloudflare`.
+profile for the management applications. Manual local runs use the default
+(Auth0 OIDC) mode unless you explicitly set `SPRING_PROFILES_ACTIVE=cloudflare`.
 
 ## Data Model Notes
 
@@ -250,8 +251,7 @@ Some repository-specific implementation details matter if you extend the code:
 - Maven 3.9+
 - Docker Desktop or compatible Docker Engine for the composed stack
 - PostgreSQL only if you want to run modules manually without Docker
-- Microsoft Entra ID application registration if you want to use the management
-  UIs with Azure OIDC
+- Auth0 application registration if you want to use the management UIs
 - `kubectl`, `kustomize`, `ksops`, `sops`, and an age private key if you want
   to apply the Kubernetes manifests directly from this repository
 - CloudNativePG installed in the target cluster if you want to use the provided
@@ -402,14 +402,14 @@ export SPRING_DATASOURCE_PASSWORD=postgres
 export ACTUATOR_API_KEY=dev-actuator-key
 ```
 
-Azure OIDC profile for management apps (default):
+Auth0 OIDC for management apps (default):
 
 ```bash
-export AZURE_CLIENT_ID=<your-client-id>
-export AZURE_CLIENT_SECRET=<your-client-secret>
-export AZURE_TENANT_ID=<your-tenant-id>
-export AZURE_SCOPES="openid,email,api://<app-id>/usage"
-export APP_SECURITY_AZURE_ROLE_CLAIM=roles
+export AUTH0_CLIENT_ID=<your-auth0-app-client-id>
+export AUTH0_CLIENT_SECRET=<your-auth0-app-client-secret>
+export AUTH0_ISSUER_URI=https://<your-auth0-domain>/
+export AUTH0_REDIRECT_URI=http://localhost:<port>/login/oauth2/code/auth0
+export APP_SECURITY_OIDC_ROLE_CLAIM=<your-namespace>/roles
 export APP_SECURITY_OIDC_ADMIN_ROLE=admin
 export APP_SECURITY_OIDC_USER_ROLE=user
 
@@ -450,8 +450,7 @@ Use Docker Compose, Kubernetes, or run the modules manually.
 
 ### 2. Access the management UI
 
-For the `azure` profile, open `http://localhost:8081` and sign in through the
-configured Azure OIDC provider.
+Open `http://localhost:8081` and sign in through Auth0 (default mode).
 
 For the `cloudflare` profile, place the application behind Cloudflare Access and
 let the proxy provide the access JWT header expected by the application.
@@ -618,8 +617,8 @@ Project-specific conventions that matter when contributing:
 - static mapper utilities are heavily used for SCIM transformations
 - DTO layers in management applications make use of Java records
 - transactional boundaries in services and selected controllers are deliberate
-- management security is profile-driven: Azure OIDC by default, Cloudflare JWT
-  resource-server mode when the `cloudflare` profile is active
+- management security uses Auth0 OIDC by default; the `cloudflare` profile
+  switches to Cloudflare JWT resource-server mode
 - shared security helpers for the management apps live in `scim-server-common`
 
 If you add or change a SCIM attribute, align all of the following:

@@ -22,7 +22,6 @@ services:
       - "8081:8081"
     env_file:
       - ./docker/env/scim-server-mgmt.env
-      - ./docker/env/cloudflare.env
     environment:
       - SERVER_PORT=8081
     depends_on:
@@ -38,7 +37,6 @@ services:
       - "8082:8082"
     env_file:
       - ./docker/env/scim-validator-mgmt.env
-      - ./docker/env/cloudflare.env
     environment:
       - SERVER_PORT=8082
     depends_on:

@@ -4,14 +4,9 @@ metadata:
   name: scim-server-mgmt-k3s-config
 data:
   SERVER_PORT: "8081"
-  SPRING_PROFILES_ACTIVE: cloudflare
   SPRING_DATASOURCE_URL: jdbc:postgresql://scim-postgres-rw:5432/scimplayground
+  AUTH0_REDIRECT_URI: https://ui.scimsandbox.net/login/oauth2/code/auth0
   APP_SCIM_API_BASE_URL: https://api.scimsandbox.net
-  APP_SECURITY_CLOUDFLARE_ROLE_CLAIM: https://scimsandbox.net/roles
+  APP_SECURITY_OIDC_ROLE_CLAIM: https://scimplayground.dev/roles
   APP_SECURITY_OIDC_ADMIN_ROLE: admin
-  APP_SECURITY_OIDC_USER_ROLE: user
-  CLOUDFLARE_ACCESS_ISSUER_URI: https://scimsandbox.cloudflareaccess.com
-  CLOUDFLARE_ACCESS_AUDIENCE: 5a682d5f1eb4ec59c07c916f28fe4420660b186656c5f1ae16fb231d012ec914
-  CLOUDFLARE_ACCESS_JWK_SET_URI: https://scimsandbox.cloudflareaccess.com/cdn-cgi/access/certs
-  CLOUDFLARE_ACCESS_LOGOUT_URL: https://scimsandbox.cloudflareaccess.com/cdn-cgi/access/logout
-  CLOUDFLARE_ACCESS_TOKEN_HEADER: Cf-Access-Jwt-Assertion
+  APP_SECURITY_OIDC_USER_ROLE: user
@@ -5,10 +5,9 @@ metadata:
 type: Opaque
 stringData:
     ACTUATOR_API_KEY: ENC[AES256_GCM,data:NBNrxcKvNgBZ6HIwWt3yWNJ55VY3qu+DecOOs7cLevU=,iv:tIzmjAtqaFjCWg9VPgWk1eunJgLKfPG1TVTaySl5ax4=,tag:0t9JfRBln8T4q+dUapNXWQ==,type:str]
-    AZURE_CLIENT_ID: ENC[AES256_GCM,data:ddp6MlmrTWj1ChCrefdL3rMoIuOr75wFZ6JuqG1itxHIRICH,iv:JiGxcfHGMFvqThIpczYvDVkwC1IJ4I4hRZO7UXAOUxQ=,tag:kvjNZtW2L/MuaGKoZ3MxCw==,type:str]
-    AZURE_CLIENT_SECRET: ENC[AES256_GCM,data:k9LuKBzBxGE8/fJzeU/KFZaxKr8owo2P690aE8Cr2+C6FSyOOTlGFg==,iv:7o8l7wLA4AhYVsc3w48dsRxNyDnyyWudNlDpzsCCLO4=,tag:edJGt0hWOLnaFQ7N0FLdQw==,type:str]
-    AZURE_TENANT_ID: ENC[AES256_GCM,data:pYk1sI18AT9qviXfSKqL8O3KbqXTM+EcMUEI/BjbkDW7Boof,iv:ni82wW7uMNCxOmkMPl7yy04DgKDv7mjGie/UGEaBrXw=,tag:YUdlWZ2bFS+mMRSJsXgqHg==,type:str]
-    AZURE_SCOPES: ENC[AES256_GCM,data:Nrx4BUz9K3D+gEzmFMyR8V9pKHQ4mTtP9TTLlrHTBrIskH9D/N7OWnUwMuUlpyb7SD57/h53pG3pY2zifg==,iv:jpo777CTVGbS9qTROD+XR0NSenMKpsh0Eokkn/z9iVA=,tag:BtzF+T9SPf5y6MhPC9089w==,type:str]
+    AUTH0_CLIENT_ID: ENC[AES256_GCM,data:5V8zE+VVVCAd79vTloTNdBaNCTUNkx2/vmbThMMtDzk=,iv:i1dL4uaV5cBL5PTf2ZZk+ElkuFMjjJ1r/qFArbby6Tk=,tag:+swsxiuEESokN2Gq1GrgtQ==,type:str]
+    AUTH0_CLIENT_SECRET: ENC[AES256_GCM,data:FM0Kz+a/9m0O1dEUBZk6jAMmoNaLfT3trFhpPPkYdxE2N93nIUfmPB2NPZoWBCD6rfG49o/m3ayEK/Xvl5FHEQ==,iv:E8KBDydU7JE0557otwODSdbuYGMTzvwLnejF47cUjqw=,tag:yEyGZl5rP9x3U6K1PtYm9A==,type:str]
+    AUTH0_ISSUER_URI: ENC[AES256_GCM,data:g6dX7zTbpNKJhOzBMXEGGuiagqTdZYOKouuOKwU=,iv:XIV5LDlrVOnEf1ylpMSzfc6Cmt7LYI6UM73zrRAHXbM=,tag:0U+SQgcK+l9oDDcbF+Kqxg==,type:str]
 sops:
     age:
         - recipient: age1j0ka5qnc6cpldfavwstqg2u6k536ymxcjeatlceraa09dgvetq9s07jkkh
@@ -20,7 +19,7 @@ sops:
             T2JreVVlVEt1S3J5LzZRekVSVFY4c0kKyOV5MRLGnYyWLyzcHa9UmfItp2d/hKsX
             b2duPUECnG01v19Hxkwo/UdJD/yIYgTvHpCl2oih/plqCO3baEmIqQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-10T14:44:04Z"
-    mac: ENC[AES256_GCM,data:KoHHmv3vdFUHBv/Jm7MHrIuevcmOI93q9LbLshn0PXRf2FiJLxuib2DVbwEkDux1e3j9m5yKC5XGGBExcW4WBHe75midHPR3/MrY3pmn3sFYi82Mjz0vrYc73ogPCRkIAwoCEhat0XTv7SAvInbZsicIu84TB/iVinTg/ruVCqQ=,iv:xRhcmX5ZlmJuvBYxCszfBLbAxFOgofOrb3d59+WVWv0=,tag:fFjxDw+sAjqbdD5nvbQVCw==,type:str]
+    lastmodified: "2026-04-11T09:07:15Z"
+    mac: ENC[AES256_GCM,data:ZlRh43Q039OBDIKAo79IvCdWFlxY98eGQK8FSiokC1k0/g58Fqu0BF3yQnJCcN245qmQeDkxq2K7JBqn+T6ptY5PNxXV/bSQmVGAK/KLJ8fABKFfi+xstMFUuuyiEItrzGUuwt/80Rm+WaWqHMZKL6HiTQ5mXMbO2vS9/4TCyKQ=,iv:bAGhHR3NCRzbPdXV43+w7W3cP0RFtmhCC+9sM+WF33o=,tag:/PvCGNUrGmF36tjBPNGwRA==,type:str]
     encrypted_regex: ^(data|stringData)$
     version: 3.12.2
@@ -4,14 +4,9 @@ metadata:
   name: scim-validator-mgmt-k3s-config
 data:
   SERVER_PORT: "8082"
-  SPRING_PROFILES_ACTIVE: cloudflare
   SPRING_DATASOURCE_URL: jdbc:postgresql://scim-postgres-rw:5432/scimvalidation
   SPRING_DATASOURCE_DRIVER_CLASS_NAME: org.postgresql.Driver
-  APP_SECURITY_CLOUDFLARE_ROLE_CLAIM: https://scimsandbox.net/roles
+  AUTH0_REDIRECT_URI: https://val.scimsandbox.net/login/oauth2/code/auth0
+  APP_SECURITY_OIDC_ROLE_CLAIM: https://scimplayground.dev/roles
   APP_SECURITY_OIDC_ADMIN_ROLE: admin
-  APP_SECURITY_OIDC_USER_ROLE: user
-  CLOUDFLARE_ACCESS_ISSUER_URI: https://scimsandbox.cloudflareaccess.com
-  CLOUDFLARE_ACCESS_AUDIENCE: 9b1ea9fac999e94d6d2522a61d4323ac8ca4f5759c2fbc73fe489a034fc51627
-  CLOUDFLARE_ACCESS_JWK_SET_URI: https://scimsandbox.cloudflareaccess.com/cdn-cgi/access/certs
-  CLOUDFLARE_ACCESS_LOGOUT_URL: https://scimsandbox.cloudflareaccess.com/cdn-cgi/access/logout
-  CLOUDFLARE_ACCESS_TOKEN_HEADER: Cf-Access-Jwt-Assertion
+  APP_SECURITY_OIDC_USER_ROLE: user
@@ -5,10 +5,9 @@ metadata:
 type: Opaque
 stringData:
     ACTUATOR_API_KEY: ENC[AES256_GCM,data:Ov1SSGKeXg6oEEL9OnROAD0hAvyOBxxrS/hen3cm4xM=,iv:HOswAW1cweaOgdA7uHFK+HbkFf4kPS4FfzbyCZqCkYg=,tag:92voVF9lnyOeT/hJWcojAQ==,type:str]
-    AZURE_CLIENT_ID: ENC[AES256_GCM,data:D8BUR3o0edi2BI+o+w0VQaPodn9dqOY5XeiUYJoVgrdmo7nI,iv:TgoW2GoAodCeDE+QzADtcN3QBHb/GhgSDp90RUvGjdY=,tag:7jmgtEmvWiwA0Kd2d3osag==,type:str]
-    AZURE_CLIENT_SECRET: ENC[AES256_GCM,data:gC7N54Ej81AbJMGoZ4LlOlY4HTAGspP5dH5bjxm4twUzRyCwF/ujIw==,iv:h5ID0cwjmHJYNUqHkybZgZHQ/VCva2bkqYcYJETSiV8=,tag:VU/mTCSyuWjukbi9es0j0Q==,type:str]
-    AZURE_TENANT_ID: ENC[AES256_GCM,data:XrqQK31TIyi42Ximvw3EBSjQU4bLK75ps8a4jqHb5SfjoaOn,iv:xC6xPTm6YtZQaHAruQlVEHCajgkVJ7Bysnw6cWOcpUU=,tag:QP0MmktwCIGaIRpQRZb16Q==,type:str]
-    AZURE_SCOPES: ENC[AES256_GCM,data:cd9cIP5bIANFMiHUb5CHKaRHwzey0RIe6dTQd0HzJ8g4y7d+tGJyQ7ANHh3pw+vA7V0ov0349FkQk0obAQ==,iv:1YjY3PJsJe+jm34IEWjQqmZjld4C5+8KNbDkvvY34gc=,tag:A4uXVB+X80crNqtHdLpuWw==,type:str]
+    AUTH0_CLIENT_ID: ENC[AES256_GCM,data:Rm9Wk2YhPlIuPqmwgo1for8T6bFm72vDFVU9b9/xPog=,iv:/6F4KMS+wqBPnz4+uXMKAV4uxYqMTMXU71C1EGEjhb4=,tag:UX70hLsCqNQoB8nnngW/WQ==,type:str]
+    AUTH0_CLIENT_SECRET: ENC[AES256_GCM,data:bkdQmX921hQV6wmNXwbG+TD2zwlvK1k+z8Cuzs9EXR58UMxzd8x7zoLM9NjbZ98/1+RElBjofwpIo/ZVzTWHmw==,iv:KNV6o2EjenKZW5DyvfHrnge2xkmxENvJVo7GG6aYL34=,tag:jo7i1lHYI8A2EO7ardY1EQ==,type:str]
+    AUTH0_ISSUER_URI: ENC[AES256_GCM,data:vkxGnH6Bsp9Xpz8oBaZDJpZJIdbsE8M/ZtnDSGk=,iv:NrZdlKqPcRyA+1USzn8hWlULsO+/kxzeNdo2wohNHhg=,tag:Y7hLZnj5CxptCaziJ8ZIaQ==,type:str]
 sops:
     age:
         - recipient: age1j0ka5qnc6cpldfavwstqg2u6k536ymxcjeatlceraa09dgvetq9s07jkkh
@@ -20,7 +19,7 @@ sops:
             VExGZGtXWWJXOHJkb1paZHhTRHViNXMKoJYy5PatO+SFoJy93IUkqYAt1JZlexnM
             yVmxa66O6j9J5KGmgWuCcGF4AVLGql58QZqXElX2voPY4Hg2C/LDHA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-04-10T14:14:44Z"
-    mac: ENC[AES256_GCM,data:hhX6DnEKPJgYz4i6POjszrFYmjIbTUdUe88ybf/9wcMWaXO5Yj6gpaId+GKt1nh++udVgxXUdIDdUuft9nQ7r+2qag7OICDSCaMi0uf39j6vNuezeCkkxuSGo/N0I2F3hIxTaPrE53fbszA57PVl8cRFImI9i8CRSEkbHOZvG6w=,iv:xFuczRFOpheXS5N5Xydnmx7nRQlTAbrMyZ001shmm6Q=,tag:n3RicYLM3y7AUCETZRkISg==,type:str]
+    lastmodified: "2026-04-11T09:08:54Z"
+    mac: ENC[AES256_GCM,data:oHVWVZ7YULV2FTU/0WtbZvNpDcYyiW2FgtpFZ1bnHo+JrZoaaGrYxwU9VTS1g+IfM8tkfGnwNgXAiW0UdhyjndE4OROEzIXQzZY/IZ4eTRtlZNriXomVO6E7qy2rI2e3m7JXiPaMN13ByOc+nJs9FNLQzCgkd9moSoAD622YD70=,iv:LnQsjeH6zuEY5ZsxqvM9NMaNyIJ1C0ADew/rmqrn1BE=,tag:6a5diLqJ+NaAm7sewE6jSg==,type:str]
     encrypted_regex: ^(data|stringData)$
     version: 3.12.2
@@ -38,7 +38,7 @@ public SecurityConfig(WorkspaceTokenRepository tokenRepository,
     private RequestMatcher scimPaths() {
         return request -> {
             String uri = request.getRequestURI();
-            return uri != null && uri.contains("/scim/v2");
+            return uri != null && uri.startsWith("/ws/") && uri.contains("/scim/v2");
         };
     }
 

@@ -117,7 +117,14 @@ private static int parseFailOnErrors(Object failOnErrorsObj) {
 
     private static boolean isErrorResult(Map<String, Object> result) {
         String status = (String) result.get(KEY_STATUS);
-        return status != null && Integer.parseInt(status) >= 400;
+        if (status == null) {
+            return false;
+        }
+        try {
+            return Integer.parseInt(status) >= 400;
+        } catch (NumberFormatException e) {
+            return false;
+        }
     }
 
     private static boolean shouldStopProcessing(int failOnErrors, int errorCount) {

@@ -69,7 +69,11 @@ public static void applyPatchOperations(ScimUser user, List<Map<String, Object>>
         }
 
         for (Map<String, Object> op : operations) {
-            String opType = ((String) op.get("op")).toLowerCase();
+            Object rawOp = op.get("op");
+            if (!(rawOp instanceof String)) {
+                throw new ScimException(400, "invalidValue", "PATCH operation must include a string 'op' field");
+            }
+            String opType = ((String) rawOp).toLowerCase();
             String path = (String) op.get("path");
             Object value = op.get(KEY_VALUE);
 

@@ -85,7 +85,7 @@ public static Map<String, Object> serviceProviderConfig() {
                                 PAGINATION_INDEX, true,
                                 "defaultPaginationMode", PAGINATION_INDEX,
                                 "defaultPageSize", 10,
-                                "maxPageSize", 100,
+                                "maxPageSize", 200,
                                 "cursorTimeout", 3600));
                 config.put("changePassword", Map.of(ATTR_SUPPORTED, false));
                 config.put("sort", Map.of(ATTR_SUPPORTED, true));

@@ -53,7 +53,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         try {
             workspaceId = UUID.fromString(workspaceIdStr);
         } catch (IllegalArgumentException e) {
-            sendScimError(response, 404, null, "Invalid workspace ID: " + workspaceIdStr);
+            sendScimError(response, 404, null, "Invalid workspace ID");
             return;
         }
 

@@ -21,7 +21,7 @@ spring:
 
 logging:
   level:
-    "[com.scimplayground]": DEBUG
+    "[de.palsoftware.scim]": DEBUG
     "[org.springframework.security]": WARN
 
 management: