Protect what matters – even after you're gone. Make a plan for your digital legacy today.
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error When testing SCIM
I'm in the last stage of testing my SCMI bridge but I keep getting the error: curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error After checking the op-scim-config file I had noticed that there was a typo in the FQDN address I was using. I've corrected the typo and re-deployed the bridge but I can't seem to be able to get a successful connection test. I'm totally clueless as to what the issue could be here and any help would be extremely appreciated. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not ProvidedCannot get https to work
I installed scim Bridge in Azure using the instructions provided. My AKS was set up to use my own configured v-net. Everything appears to be working fine via http but I can't get it to load via https. I am wondering if there is some additional instructions surrounding exposing the app for TLS while using your own vnet. How do I configure my load balancer to forward https traffic to the scim bridge?error: failed to create secret secrets "scimsession" already exists
Brand new deployment as of 4/10/23 Deployment instructions do not include what I assume is a method to update the scimsession after regenerating credentials. After regenerating the credentials it says to go here: https://support.1password.com/scim-deploy-azure/ I assumed I would upload the new scimsession file and follow the same commands, but get this error: ``` ~$kubectl create secret generic scimsession --from-file=scimsession=/home/$USER/scimsession ~$error: failed to create secret secrets "scimsession" already exists ``` Are there instructions to do this procedure? Thanks! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not ProvidedSCIM Bridge Setup
Hello, I am trying to set up the scim bridge through docker-compose and the server is in a private subnet and it's not publicly exposable. When I configure it to the DNS, I get the below error. solving challenge: scim-bridge.integrate-events.com: [scim-bridge.integrate-events.com] authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - no valid A records found for scim-bridge.integrate-events.com; no valid AAAA records found for scim-bridge.integrate-events.com Please do let me know Whether we can setup scim bridge between 1password to okta in the private subnet or if it needs to be set up only in a public subnet. If we are going with a load balancer setup what is the path which we need to set in the health check? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedUnable to login to SCIM Bridge [GCP]
Hello! We recently set up a 1Password SCIM Bridge on Google Cloud Platform (GCP) through marketplace. It had been working fine up until today, when the bearer token no longer worked. The error we're getting is: Error occured when logging in. failed to create session We have health monitoring turned on, and the status is good and actively checking. However, new users being added to a managed group aren't being added to 1Password and, as mentioned, we also can't login to the SCIM bridge to look at logs/syncs. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not ProvidedSCIM bridge provisioning gives 500 Internal Server Error
Hi, I have recently upgraded from 1Password Teams to 1Password Business and today I started setting up the automated provisioning. I would like to have connected to EntraID, and, as we are primarily on the Microsoft 365 platform, I was happy to see that the Azure Kubernetes SCIM bridge option was offered. I followed the instructions and successfully set up the Kubernetes instance. I updated the DNS records, and now I can see the status page at https://scim.%7Bourdomainname%7D.com/app/status. (I masked it for privacy, but I don't use the curly brackets, of course - same goes for the rest of the explanation) The manual described creating an Azure Enterprise application, and this is where I get stuck. Filling out the tenant URL https://scim.%7Bourdomainname%7D.com and the bearer token - exactly the same one as I successfully use to access the status page above - gives me an error message: ``` You appear to have entered invalid credentials. Please confirm you are using the correct information for an administrative account. Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable Details: We received this unexpected response from your application: Received response from Web resource. Resource: https://scim.%7Bourdomainname%7D.com/Users?filter=userName+eq+%22651022bd-56a1-4345-%7Bsome other numerics}" Operation: GET Response Status Code: InternalServerError Response Headers: Content-Security-Policy: default-src 'none'; connect-src 'self' https:; script-src 'self'; img-src 'self' data: https://w3.org; style-src 'self'; frame-ancestors 'none'; form-action 'none'; manifest-src 'self' Referrer-Policy: no-referrer Request-Id: cl2d9d9pvf4s73d90gbg X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Robots-Tag: none X-Xss-Protection: 1; mode=block Date: Fri, 03 Nov 2023 11:08:38 GMT Response Content: {"detail":"500 (Internal Server Error)","schemas":["urn:ietf:params:scim:api:messages:2.0:Error"]} Please check the service and try again. ``` I am not sure how to proceed, as I would deduct this as something that has to do with the image I deployed to Kubernetes. Could it be that there's something wrong with that, or am I missing something? Thanks in advance. -- Mark 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not ProvidedAzure SCIM Tenant URL
I am trying to setup Azure user provisioning. However, I am unable to find the Tenant URL needed with Azure enterprise application for Automatic provisioning configuration. I am following this guide - https://support.1password.com/scim/ I choose Azure Active directory from the list of identity providers and that configures the SCIM on 1password. I can get my token bearer but cant seem to find the Tenant URL. I also went through this guide: https://support.1password.com/scim-azure-ad/ but cant seem to locate the Tenant URL. Thanks. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Providedre-send invite to users
We're using the SCIM bridge and a provisioning manager account to automate the user additions and access to shared vaults. I know that if I invite someone as my personal account I can see the - resend invite link in my account, but this isn't the case with the provision manager account that we're using with the SCIM bridge. Is there a way to resend the invites sent from it? 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not Provided Referrer: forum-search:https://1password.community/search?Search=ressend%20invitationAWS ECS provisioned with terraform fails with access to SecretsManager
I've run the https://github.com/1Password/scim-examples for deployment to AWS ECS Fargate and the provisioning went fine. When the ECS service/task runs, it continually fails with: [redactions as appropriate] ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 5 time(s): failed to fetch secret arn:aws:secretsmanager:us-east-1:00000000000:secret:op-scim-bridge000000000000000000-xxxxxx from secrets manager: RequestCanceled: request context canceled caused by: context deadline exceeded. Please check your task network configuration. The IAM role is present and applied to the ECS deploy Tried with both default secretsmanager endpoint and a VPC Endpoint attachment Subnet is public with gateway, routing to internet or internal VPC Endpoint. a linux host on same subnet can curl the sm endpoint just fine. Secret is present in SM. SCIM Bridge version is 2.8.1 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser:_ Not Provided
