Provisioning through Entra using Docker Swarm

ysantos
ysantos
Community Member
edited June 25 in SCIM Bridge

Hi there,

I am trying to deploy a scim bridge for provisioning using Entra ID. I already have dns setup and working fine and I have a linux vm running docker. When I run the deploy.sh file I get the following message;

Deploying using Docker Swarm...
(Ctrl+C to cancel)
Error response from daemon: rpc error: code = AlreadyExists desc = secret scimsession already exists

Failed to create Docker Swarm secret; investigate the error before proceeding

The scimsession exist because I've run the deploy.sh a few times already, but for some reason I am unable to complete the deployment.

Many thanks,

Yeury

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • ysantos
    ysantos
    Community Member

    docker services are running redis and scim, but my scim logs show the following errors;

    ERR certificate manager error error="HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for op-scim-bridge.enet.i e - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for op-scim-bridge.enet.ie - check that a DNS record exists for this domain" application=op-scim att empt=0 build=209051 component=CertificateManager elapsed=0 hostname=1dbe1b6086c0 instance_id=k57prm2i retry_time=0 subcomponent=certmagic version=2.9.5

    I did check my dns and they are correct and can be resolved from my vm both ipv4 and ipv6 records. they are pointing to my vm ip address however I noticed my services are running in another network I guess this is how docker networks work but I can't seem to make the scim bridge work.

  • hemal.g_1p
    hemal.g_1p

    Hi @ysantos

    Sorry to hear about the problem you're facing.

    Not so certain for whats going wrong here. Have you tried restarting the Scim bridge? Confirm the external IP you have configured against changes. If it changes you'll need to change your DNS record to point to the new IP. Could be possible for DNS record created before your SCIM bridge was created/online - which didn't allow the DNS change enough time to propagate.

    If everything is fine, then indication of the problem is that the AAA record for Let's Encrypt might be missing so that it can assign a TLS certificate. Can you confirm if a CAA record exists with your domain's DNS records that would allow Let’s Encrypt to issue certificates for your dns sub-domain?
    The Let's Encrypt documentation on Certificate Authority Authorization (CAA) provides instructions and examples on how to create this record if it doesn't already exist.