Skip to main content
November 29, 2021
Question

SCIM bridge issue docker

  • November 29, 2021
  • 10 replies
  • 1197 views

Hello ,
I am currently in the test phase of setting up the SCIM bridge.
I am having a problem that I cannot resolve.
I mounted the bridge on in a docker container (on my windows machine) with the docker compose command

I manage to connect to the bridge interface (localhost: 3002)

When I enter the DNS host that I created I have the following message:
"Couldn't verify domain. Check your configuration and try again. Ensure the DNS record has had time to propagate, and that port 80 and 443 are open on your firewall."

However on my router I have redirected port 80 and 443 to my machine
And on my machine I disabled the firewall

Do you have an idea

thanks in advance


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

10 replies

December 1, 2021

UP

December 6, 2021

No body for help me ?

December 6, 2021

Hello!

I apologize for the slow response time. Port 3002 is for where you are not using LetsEncrypt and have setup your own certificate, whereas port 443 (8443 on the container, usually) is for LetsEncrypt. The screen you are seeing is trying to get a LetsEncrypt certificate - do you have OP_LETSENCRYPT_DOMAIN in scim.env set to your domain? Also, did you fill in the OP_SESSION value in that same file?

Cheers!
Amanda

December 7, 2021

Hello amanda,
No problem for the deadline
Here is my scim.env file
I just removed the "infra" domain name

My file looks good to me

December 8, 2021

Sorry, what do you mean about just removing the infra domain name? That's for the domain name you're assigning to your SCIM bridge, it needs to match your DNS entry pointing to your SCIM bridge. Why did you uncomment OP_PORT?

December 10, 2021

Hello Amanda
I just didn't want to leave my domain name in the screenshot
I uncommented the OP_PORT because I was doing tests.
I just commented it again it still doesn't work.

version: "2.2"
services:
scim:
image: 1password/scim:v2.3.0
ports:
- "3002:3002"
- "80:8080"
- "443:8443"
networks:
- op-scim
env_file: scim.env
restart: always
redis:
image: redis:latest
networks:
- op-scim
restart: always

networks:
op-scim:

Here is the docker compose file that I am using

December 10, 2021

Ah, I understand what you mean now. Can you try base64url encoding the scimsession and using that for the OP_SESSION variable to see if that works? Also, are you still trying to connect over port 3002 or have you switched to using 443?

December 13, 2021

Port 3002 is the only port that gives me access to the interface
If I try with port 443 or 80 I do not have access to the interface

December 17, 2021

Hi @lauwiks ,

Sorry for the delay here. Are you still having issues deploying the SCIM bridge?

It's hard to say where the issue is here, especially since you are trying to setup on your local machine. Are you trying to obtain a LetsEncrypt certificate? You can leave OP_LETSENCRYPT_DOMAIN blank to serve the app on port 3002.

December 20, 2021

Hi @lauwiks. :)

From the replies on this thread so far it seems like you are using Docker Compose to test the SCIM bridge locally.

For this test I would recommend we disable the Let's Encrypt functionality so that you don't need to let the SCIM bridge try and obtain a TLS certificate.

For the purpose of a local test using Docker Compose I'd recommend trying the following configuration options:
1. Ensure OP_LETSENCRYPT_DOMAIN is set to an empty string, i.e. OP_LETSENCRYPT_DOMAIN= or OP_LETSENCRYPT_DOMAIN=""
2. Ensure OP_PORT is set to the port you are exposing via your Docker configuration
3. Ensure OP_SESSION is set to the path where the scimsession value is accessible to Docker. Alternatively you can also set the OP_SESSION variable to the Base64 encoded value of the scimession file contents.

If this configuration is successful you should be able to access the SCIM bridge via the Docker container and the port, i.e. http://container:port. You should be presented with a page that allows you to verify your bearer token. The bearer token is the token that was generated alongside your scimsession file.

If you want to connect an identity provider to the SCIM bridge running on your local machine you will need to provide an HTTPS URL to access your SCIM bridge. You can take a look at tools like https://ngrok.com and https://github.com/localtunnel/localtunnel to forward traffic to the Docker container running on your local machine. This is obviously not the recommended method to run your SCIM bridge in production, but it is an option if you are testing automated provisioning with 1Password.

Let us know if you run into any issues.