Failed SCIM Bridge Upgrade DigitalOcean

kurtd
kurtd
Community Member

I tried to update the scim bridge to 2.3.1 several times but it always fails with the following message.

Installation of 1Password SCIM bridge on 1pw-scim-bg-cluster failed.

Any idea why?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @kurtd. My name is De Ville and I am part of the provisioning team.

    I apologize that you ran into this issue upgrading your SCIM bridge deployed with Digital Ocean (DO). Unfortunately we discovered an issue with our deployment configuration that could not be fixed in a backward compatible way. This fix is to redeploy the SCIM bridge. This should be a one-time process which will enable future updates to happen without error.

    The good news is that the SCIM bridge is stateless and the only impact is that automated provisioning will be disabled while the SCIM bridge is redeployed. Users will continue to have access to their 1Password accounts.

    We are in the process of updating our DO-specific instructions, but I will the share the instructions with you here.

    You can use the following (soon to be published) steps to redeploy your SCIM bridge on your Digital Ocean cluster.

    1. Disable provisioning on the identity provider. This is an optional but recommended step to avoid the identity provider reporting errors when trying to access a SCIM bridge that is not accessible.
    2. Delete the namespace using the DigitalOcean console:
      1. Navigate to the Kubernetes Clusters page and select the cluster that you previously deployed the SCIM bridge to.
      2. Click the button to open the "Kubernetes Dashboard"
      3. Select "Namespaces" under the "Cluster" menu on the left hand side of the screen
      4. Find the "op-scim-bridge" namespace and select Delete from the menu. Select Delete on the confirmation window.
    • Alternatively, delete the namespace using kubectl:
      1. Ensure you are connected to the DigitalOcean Kubernetes cluster where the SCIM bridge is deployed.
      2. Delete the "op-scim-bridge" namespace with the following command: kubectl delete namespace op-scim-bridge
    1. Visit 1Password SCIM bridge on DigitalOcean Marketplace and click Install App.
    2. Choose the cluster where the SCIM bridge was previously deployed, then click Install. The installation can take up to 10 minutes to complete.
    3. Update the DNS record:
      1. Navigate to the Kubernetes Dashboard for your cluster.
      2. Select "Services" under the Service section.
      3. Find "op-scim-bridge-svc" in the list and take note of the IP address listed under the "External Endpoints".
      4. Update the DNS record to match the publicly accessible (external endpoint) address of the SCIM bridge.
      5. Wait for the DNS change to propagate.
    4. Navigate to the IP address where the SCIM bridge is deployed.
    5. Enter the domain and click Verify.
    6. Click Sign in with 1Password. You should be redirected to the Provisioning Details Page once logged in.
    7. Click Regenerate Credentials and be sure to store the new credentials.
    8. Click Install credentials. You should be redirected to the SCIM bridge address and the new credentials will be installed.
    9. Re-enable provisioning in your 1Password account on the Provisioning Details page.
    10. Visit the SCIM bridge domain in your browser and enter your OAuth bearer token to confirm that the redeployment was successful.
    11. Update the OAuth bearer token used by the identity provider.
    12. Resume provisioning on the identity provider.

    Please let me know if you get stuck at any of the steps.

  • kurtd
    kurtd
    Community Member

    I finally got around to updating the bridge and your instructions worked great. They posted some instructions here https://support.1password.com/scim-update/ but the ones you posted were more detailed. Thanks

  • Hi @kurtd. Thanks for letting us know. Happy to help! =)

This discussion has been closed.