Encountered an error when testing the SCIM bridge for our Azure Kubernetes

ddivina
ddivina
Community Member

I am setting up the SCIM bridge for our tenant using Azure Kubernetes. I followed the instructions from this guide: https://support.1password.com/scim-deploy-azure/#step-4-test-the-scim-bridge and got stuck in Step 4 (Test the SCIM bridge).

This is the error message that I appeared when doing the test:
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

We've already informed the 1Password support but we haven't yet received an update from him. We will appreciate those who will help us on this.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hi @ddivina. My name is De Ville and I work on the provisioning team.

    I wanted to check if you received a response from our support team, and whether you manage to resolve the reported problem.

    In addition to using curl, you can also check if your SCIM bridge is accessible by using a browser and navigating to the URL where your SCIM bridge is deployed. This will be the domain that you configured in step 3.8 of the guide. For example: https://scim.example.com.

    You should be presented with the 1Password SCIM bridge Login page, that asks you to "enter your OAuth bearer token".

  • ddivina
    ddivina
    Community Member

    HI @DeVille_1P ,

    Thanks for your reply.

    Yes, I received an email today from your support team and shared the SCIM logs. I tried to access our domain via browser but also encountered an error.

    Here's the error message using Chrome browser.

    This site can’t provide a secure connectionscim.reprisk.com sent an invalid response.
    Try running Windows Network Diagnostics.
    ERR_SSL_PROTOCOL_ERROR

  • Hi @ddivina. Thanks for the confirmation.

    I'll check in with our support team and we can continue the conversation there, so that we don't ask you to provide duplicate information.

  • ddivina
    ddivina
    Community Member

    This issue is now resolved after we do the following:

    • clear the redis cache
    • restarted the SCIM bridge

    Thanks to @DeVille_1P for providing support and the detailed instructions below.

    The steps to clear the redis cache and restart the SCIM bridge are as follows:
    1. Open a terminal where you have access to the Kubernetes command line interface (kubectl), and make sure you are connected to the cluster running your SCIM bridge
    2. Scale down the SCIM bridge instance in your cluster: kubectl scale --replicas=0 deployment/
    3. Scale down the redis instance in your cluster: kubectl scale --replicas=0 deployment/
    4. Wait a few seconds for the Kubernetes scheduler to remove the running redis and SCIM bridge instance
    5. Scale up the redis instance in your cluster: kubectl scale --replicas=1 deployment/
    6. Scale up the SCIM bridge instance in your cluster: kubectl scale --replicas=1 deployment/

    You may need to specify the namespace for your SCIM bridge and redis deployment. You can get the namespace for these by issuing the kubectl get deployment --all-namespaces command. You can then include the namespace in the above commands by adding the --namespace= flag.

  • Hi @ddivina.

    Thank you for letting us know! Please reach out if you need any help. =)

This discussion has been closed.