SCIM Bridge AWS ECS - AuthWrap failed to validateAuthHeader
Hi all,
We are trying to set up SCIM bridge using ECS Fargate through Terraform using a modified version of https://github.com/1Password/scim-examples/tree/master/aws-ecsfargate-terraform
All configuration seems valid, but whenever a container is launched, it fails after a few minutes with ERR AuthWrap failed to validateAuthHeader error="no auth header; unauthorized" application=op-scim build=201022 component=SCIMServer
While the container is up, the 1Password SCIM Bridge Login Box is shown on the URL, indicating as per the README instructions that there is something wrong with the scimsession file in Secret Manager.
We have tried:
- Base64-encoding the file manually and storing it in Secret Manager
- Base64-encoding it through the provided Terraform-code and storing in Secret Manager
- Recreating the scimsession file
- Running curl -X GET -H "Authorization: bearer $BEARER_TOKEN" $DOMAIN/Users (results in 401 unauthorized)
- Logging in with bearer token (also results in 401)
Worth noting:
- The scimsession is stored in Secret Manager in plaintext
- We are using a custom ALB, certificate and records for TCP, not letsencrypt. The certificate looks fine in the url
This is the logs of a container lifecycle before it fails:
Here is the secret configuration in the container definition:
And here is the secret:
Any clue what might be going wrong here? All help or ideas welcome. Thanks in advance
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
