Help with SCIM bridge setup error: token is missing: LocalAuth is invalid

pawans
pawans
Community Member

hi all,
I am following the SCIM bridge setup through GCP marketplace mentioned at this link --> https://support.1password.com/cs/scim-deploy-gcp/
I have reached the step 2.3 Set up the SCIM bridge.
Under the 1password SXCIM bridge setup screen, the deployment and configure domain steps passed.
But the last step where I need to upload scimsession is failing with error "Setup failed: token is missing: LocalAuth is invalid".
Am I missing something?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @pawans thanks for bringing this to our attention.

    It turns out we pre-emptively deployed a new version of the GCP deployment article - I'm sorry for the confusion here! We're working on restoring the correct version, but in the meantime here's how you can get a compatible scimsession file.

    1. If you don't have it already, install Docker on your local machine.
    2. Clone our scim-examples repository from GitHub:

    git clone https://github.com/1Password/scim-examples.git

    1. Run the setup script that is included in the scim-examples repository you cloned:

    ./scim-setup.sh

    You'll be asked to log in to the administrator account of your 1Password Business account. If you've already created a Provision Manager user in your 1Password Business account, you can enter the same email address during the setup process and will be prompted for the credentials for that user. These credentials will have been saved in your private vault when you created this user previously.

    You'll now have a new, compatible scimsession file and bearer token. Let me know how it goes!

  • pawans
    pawans
    Community Member

    Thanks @duncan_1P , I will try this today and let you know how it goes on.

  • pawans
    pawans
    Community Member

    Hey @duncan_1P ,
    This worked.
    Thanks a lot.

  • Hey @pawans, I’m glad to hear it! :)

    Have a great end to your week.

  • pawans
    pawans
    Community Member

    You too @duncan_1P .
    Definitely a happy end of week as our setup is working now.
    thanks again.

  • ag_ana
    ag_ana
    1Password Alumni

    :+1: :)

  • pawans
    pawans
    Community Member

    Hi @duncan_1P ,
    Need some help again.

    I was trying to update the DNS record on our setup.
    We couldn't find a way to update it.
    So we tried to recreate the cluster.

    But this time I saw a new option setup option when I use the GCP auto setup.
    It no more has option to upload session file.
    Instead it has option to login to 1password, which does not do anything on 1password after login.
    And now we are not even able to verify DNS entry.
    So I tried the manual kubernetes setup.
    But kubectl cannot detect the redis file in that cloned repo.

    I am a but confused whats happening.
    Looks like something changed in the GCP based setup since the last time I tried it and it no more seems to be working.

    Can you please point me to the right setup to use?

  • pawans
    pawans
    Community Member

    Hey @duncan_1P ,
    I am surprised that just updating the DNS has led to so much pain to setup this again.
    The documentation for the auto setup as well as manual one is really sparse and does not explain things quite well.
    Most of the flows which i experienced the last time I created this thread as well as what I am seeing today is quite unexpected as not at all as per what the documentation says.

    I found one interesting issue with the DNS validation.
    Lets say if my DNS has not propagated yet and I still try to verify, it obviously fails.
    But then when i try to reverify after its propagated, the setup page continues to give the error and hence we had to recreate app again just to a clean verification.

  • pawans
    pawans
    Community Member

    Adding some info to this.
    The setup is not able to verify any DNS, though I can see it has propagated.

  • Hi @pawans, sorry to hear you've run into some more trouble here.

    I think it would be a good idea to move over to email so we can dive a little deeper. In the meantime I'm going to ping our development team for their input. Could you email support@1password.com with "SCIM" in the subject line, and I'll look out for your message. Thanks! :)

  • pawans
    pawans
    Community Member

    Hi @duncan_1P ,
    Connor from 1password setup helped me.
    Looks like I coincidentally tried new scim bridge app on GCP which was released this week, with an old setup which on 1password.
    The new setup assumed that users have nothing setup on 1password, while I had provisioning manager created and also DNS verified once.

    We did a clean start and the new app worked now.
    I have sent feedback for the new bridge app as well as documentation to support folks.

  • Hey @pawans thanks for letting me know! I was hoping to make that call, but our timezones are sadly pretty misaligned.

    I'm glad everything is working well for you now. You're always welcome to reach out here again, or via email, if you need help with anything else. :)

This discussion has been closed.