Env : Private Subnet - EC2 Docker Compose, scim bridge does not start.

Options
taehun
taehun
Community Member
in SCIM Bridge

Hello.
I am using 1 Password in a company called Delicious in Korea, and I am working as DevOps.

We recently introduced Okta as an in-house SSO solution, and we are installing SCIM Bridge as a Docker environment in our AWS EC2 for SCIM linkage between Okta and 1Password.

Let me briefly explain our environment.

  • It's a private network, and you need to access it from the outside through the Load Balancer.
  • It will be released as Docker Composite.

However, as you can see in the picture below, there is an error.

I set it up as the engineer told me to.
However, the following error occurs.

scim_1 | 2:12AM FTL failed to validate provided domain error="domain invalid" application=op-scim build=204011 function=ValidateDomain version=2.4.1

Reference Site:
https://1password.community/discussion/125895/use-aws-load-balancers-instead-of-letsencrypt-for-scim-bridge

Can you help me? I'll be waiting for the reply. Thank you.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • DeVille_1P
    DeVille_1P
    Options

    Hi @taehun. Thank you for posting this thread. I'm sorry to hear that you are having some issues with your SCIM bridge deployment.

    Thank you for providing the additional details. It's strange that the bridge is still validating the domain. I'm wondering if you may have a domain specified elsewhere. There's a few places where the domain can be set. The OP_LETSENCRYPT_DOMAIN is one, but you can also have it specified in the scimsession file downloaded from the 1Password web client.

    Please don't share the contents of your scimsession file here, but can you confirm if the JSON contents of the scimsession file has a value set for the "domain" key? If so, I would recommend trying to update the value of the "domain" key in the file to "" (blank).

    This value is sometimes set depending on how you set up automated provisioning for your account.

    I look forward to your reply.

  • taehun
    taehun
    Community Member
    Options

    Hi.

    @DeVille_1P

    It's an honor for you to answer !

    I've checked. However, it seems to be set to domain="".

    First, we modified the ECS Fargate source code a little bit and Deployed the Container on the Public Network.

    But it's not good for security, so I'd like to deploy it to a private network as much as possible.

    Thanks.

  • DeVille_1P
    DeVille_1P
    Options

    Thanks for the reply @taehun and for confirming that your domain field is not set in your scimsession file.

    Upon reviewing the contents of your scim.env I noticed you have the OP_LETSENCRYPT_DOMAIN set to "" (empty string), i.e. OP_LETSENCRYPT_DOMAIN="". Did you also try to not have it set to anything by removing the double quotes, i.e. OP_LETSENCRYPT_DOMAIN=?

    When configured correctly we should not be seeing any "domain invalid" errors since the bridge should not be checking for or validating the domain.

  • taehun
    taehun
    Community Member
    Options

    Hi!

    Thank you very much for your help. I am very honored to receive your advice!

    I checked that it is working normally 1Password SCIM Bridge Behind AWS Application Load Balancer.

    Have a good day

This discussion has been closed.