SCIM bridge issue docker

edited November 2021 in SCIM Bridge

Hello ,
I am currently in the test phase of setting up the SCIM bridge.
I am having a problem that I cannot resolve.
I mounted the bridge on in a docker container (on my windows machine) with the docker compose command

I manage to connect to the bridge interface (localhost: 3002)

When I enter the DNS host that I created I have the following message:
"Couldn't verify domain. Check your configuration and try again. Ensure the DNS record has had time to propagate, and that port 80 and 443 are open on your firewall."

However on my router I have redirected port 80 and 443 to my machine
And on my machine I disabled the firewall

Do you have an idea

thanks in advance

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided


  • No body for help me ?

  • 1P_Amanda1P_Amanda

    Team Member


    I apologize for the slow response time. Port 3002 is for where you are not using LetsEncrypt and have setup your own certificate, whereas port 443 (8443 on the container, usually) is for LetsEncrypt. The screen you are seeing is trying to get a LetsEncrypt certificate - do you have OP_LETSENCRYPT_DOMAIN in scim.env set to your domain? Also, did you fill in the OP_SESSION value in that same file?


  • Hello amanda,
    No problem for the deadline
    Here is my scim.env file
    I just removed the "infra" domain name

    My file looks good to me

  • 1P_Amanda1P_Amanda

    Team Member

    Sorry, what do you mean about just removing the infra domain name? That's for the domain name you're assigning to your SCIM bridge, it needs to match your DNS entry pointing to your SCIM bridge. Why did you uncomment OP_PORT?

  • Hello Amanda
    I just didn't want to leave my domain name in the screenshot
    I uncommented the OP_PORT because I was doing tests.
    I just commented it again it still doesn't work.

    version: "2.2"
    image: 1password/scim:v2.3.0
    - "3002:3002"
    - "80:8080"
    - "443:8443"
    - op-scim
    env_file: scim.env
    restart: always
    image: redis:latest
    - op-scim
    restart: always


    Here is the docker compose file that I am using

  • 1P_Amanda1P_Amanda

    Team Member

    Ah, I understand what you mean now. Can you try base64url encoding the scimsession and using that for the OP_SESSION variable to see if that works? Also, are you still trying to connect over port 3002 or have you switched to using 443?

  • Port 3002 is the only port that gives me access to the interface
    If I try with port 443 or 80 I do not have access to the interface

  • Chas_1PChas_1P

    Team Member

    Hi @lauwiks ,

    Sorry for the delay here. Are you still having issues deploying the SCIM bridge?

    It's hard to say where the issue is here, especially since you are trying to setup on your local machine. Are you trying to obtain a LetsEncrypt certificate? You can leave OP_LETSENCRYPT_DOMAIN blank to serve the app on port 3002.

  • Hi @lauwiks. :)

    From the replies on this thread so far it seems like you are using Docker Compose to test the SCIM bridge locally.

    For this test I would recommend we disable the Let's Encrypt functionality so that you don't need to let the SCIM bridge try and obtain a TLS certificate.

    For the purpose of a local test using Docker Compose I'd recommend trying the following configuration options:
    1. Ensure OP_LETSENCRYPT_DOMAIN is set to an empty string, i.e. OP_LETSENCRYPT_DOMAIN= or OP_LETSENCRYPT_DOMAIN=""
    2. Ensure OP_PORT is set to the port you are exposing via your Docker configuration
    3. Ensure OP_SESSION is set to the path where the scimsession value is accessible to Docker. Alternatively you can also set the OP_SESSION variable to the Base64 encoded value of the scimession file contents.

    If this configuration is successful you should be able to access the SCIM bridge via the Docker container and the port, i.e. http://container:port. You should be presented with a page that allows you to verify your bearer token. The bearer token is the token that was generated alongside your scimsession file.

    If you want to connect an identity provider to the SCIM bridge running on your local machine you will need to provide an HTTPS URL to access your SCIM bridge. You can take a look at tools like ngrok and localtunnel to forward traffic to the Docker container running on your local machine. This is obviously not the recommended method to run your SCIM bridge in production, but it is an option if you are testing automated provisioning with 1Password.

    Let us know if you run into any issues.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file