SCIM bridge issue docker
Hello ,
I am currently in the test phase of setting up the SCIM bridge.
I am having a problem that I cannot resolve.
I mounted the bridge on in a docker container (on my windows machine) with the docker compose command
I manage to connect to the bridge interface (localhost: 3002)
When I enter the DNS host that I created I have the following message:
"Couldn't verify domain. Check your configuration and try again. Ensure the DNS record has had time to propagate, and that port 80 and 443 are open on your firewall."
However on my router I have redirected port 80 and 443 to my machine
And on my machine I disabled the firewall
Do you have an idea
thanks in advance
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Comments
-
UP
0 -
No body for help me ?
0 -
Hello!
I apologize for the slow response time. Port 3002 is for where you are not using LetsEncrypt and have setup your own certificate, whereas port 443 (8443 on the container, usually) is for LetsEncrypt. The screen you are seeing is trying to get a LetsEncrypt certificate - do you have OP_LETSENCRYPT_DOMAIN in scim.env set to your domain? Also, did you fill in the OP_SESSION value in that same file?
Cheers!
Amanda0 -
Hello amanda,
No problem for the deadline
Here is my scim.env file
I just removed the "infra" domain nameMy file looks good to me
0 -
Sorry, what do you mean about just removing the infra domain name? That's for the domain name you're assigning to your SCIM bridge, it needs to match your DNS entry pointing to your SCIM bridge. Why did you uncomment OP_PORT?
0 -
Hello Amanda
I just didn't want to leave my domain name in the screenshot
I uncommented the OP_PORT because I was doing tests.
I just commented it again it still doesn't work.version: "2.2"
services:
scim:
image: 1password/scim:v2.3.0
ports:
- "3002:3002"
- "80:8080"
- "443:8443"
networks:
- op-scim
env_file: scim.env
restart: always
redis:
image: redis:latest
networks:
- op-scim
restart: alwaysnetworks:
op-scim:Here is the docker compose file that I am using
0 -
Ah, I understand what you mean now. Can you try base64url encoding the scimsession and using that for the OP_SESSION variable to see if that works? Also, are you still trying to connect over port 3002 or have you switched to using 443?
0 -
Port 3002 is the only port that gives me access to the interface
If I try with port 443 or 80 I do not have access to the interface0 -
Hi @lauwiks ,
Sorry for the delay here. Are you still having issues deploying the SCIM bridge?
It's hard to say where the issue is here, especially since you are trying to setup on your local machine. Are you trying to obtain a LetsEncrypt certificate? You can leave OP_LETSENCRYPT_DOMAIN blank to serve the app on port 3002.
0 -
Hi @lauwiks. :)
From the replies on this thread so far it seems like you are using Docker Compose to test the SCIM bridge locally.
For this test I would recommend we disable the Let's Encrypt functionality so that you don't need to let the SCIM bridge try and obtain a TLS certificate.
For the purpose of a local test using Docker Compose I'd recommend trying the following configuration options:
1. EnsureOP_LETSENCRYPT_DOMAIN
is set to an empty string, i.e.OP_LETSENCRYPT_DOMAIN=
orOP_LETSENCRYPT_DOMAIN=""
2. EnsureOP_PORT
is set to the port you are exposing via your Docker configuration
3. EnsureOP_SESSION
is set to the path where thescimsession
value is accessible to Docker. Alternatively you can also set theOP_SESSION
variable to the Base64 encoded value of thescimession
file contents.If this configuration is successful you should be able to access the SCIM bridge via the Docker container and the port, i.e.
http://container:port
. You should be presented with a page that allows you to verify your bearer token. The bearer token is the token that was generated alongside yourscimsession
file.If you want to connect an identity provider to the SCIM bridge running on your local machine you will need to provide an HTTPS URL to access your SCIM bridge. You can take a look at tools like ngrok and localtunnel to forward traffic to the Docker container running on your local machine. This is obviously not the recommended method to run your SCIM bridge in production, but it is an option if you are testing automated provisioning with 1Password.
Let us know if you run into any issues.
0