Open CAVACO-PT opened 7 months ago
welcome[bot]
commented
7 months ago 👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
barkermn01
commented
7 months ago I will confirm this problem is not just IIS, we have it on Ubuntu with Nginx, so it's not Web Server Specific
snipe
commented
7 months ago That URL isn't valid, that's why you're getting a 404 (and the SCIM urls aren't meant to be visited directly in a web browser, so you'll always get weird results).
✨snipe@chodeblossom✨ snipe-it (develop) $ php artisan route:list | grep scim/v2
| | POST | scim/v2/.search | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/Me | scim.me.get | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@getMe | Illuminate\Auth\Middleware\Authenticate:api |
| | PUT | scim/v2/Me | scim.me.put | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@replaceMe | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/ResourceTypes | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@index | |
| | GET|HEAD | scim/v2/ResourceTypes/{id} | scim.resourcetype | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@show | |
| | GET|HEAD | scim/v2/Schemas | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@index | |
| | GET|HEAD | scim/v2/Schemas/{id} | scim.schemas | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@show | |
| | GET|HEAD | scim/v2/ServiceProviderConfig | scim.serviceproviderconfig | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ServiceProviderController@index | |
| | GET|HEAD | scim/v2/{fallbackPlaceholder} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/{resourceType} | scim.resources | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@index | Illuminate\Auth\Middleware\Authenticate:api |
| | POST | scim/v2/{resourceType} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@create | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/{resourceType}/{resourceObject} | scim.resource | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@show | Illuminate\Auth\Middleware\Authenticate:api |
| | PUT | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@replace | Illuminate\Auth\Middleware\Authenticate:api |
| | PATCH | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@update | Illuminate\Auth\Middleware\Authenticate:api |
| | DELETE | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@delete | Illuminate\Auth\Middleware\Authenticate:apiERROR CODE : System For Cross Domain Identity Managment Credential Validation Unavailable
The above error message is generally noticed when all the required Azure AD IP addresses are not whitelisted(allowed) in the SCIM network policy.
uberbrady
commented
7 months ago The /scim/v2 URL is actually correct - the SCIM client (Microsoft) will append /Groups (which we don't support) /Users (which we do) or to it to access Snipe-IT's SCIM integration.
Are you sure that's a super-user's API key? I also don't remember if you have to prepend "Bearer " in front of the API key, but that might be necessary too.
CAVACO-PT
commented
7 months ago The
/scim/v2URL is actually correct - the SCIM client (Microsoft) will append/Groups(which we don't support)/Users(which we do) or to it to access Snipe-IT's SCIM integration.Are you sure that's a super-user's API key? I also don't remember if you have to prepend "Bearer " in front of the API key, but that might be necessary too.
i hav made the api key with my user that is super user , im the only super user , so im certain
we have tested scim with the test endpoints that we found on the documentation and azure ad can connect to those test enviroment , just mine it gives that error !!!!
That URL isn't valid, that's why you're getting a 404 (and the SCIM urls aren't meant to be visited directly in a web browser, so you'll always get weird results).
✨snipe@chodeblossom✨ snipe-it (develop) $ php artisan route:list | grep scim/v2 | | POST | scim/v2/.search | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/Me | scim.me.get | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@getMe | Illuminate\Auth\Middleware\Authenticate:api | | | PUT | scim/v2/Me | scim.me.put | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@replaceMe | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/ResourceTypes | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@index | | | | GET|HEAD | scim/v2/ResourceTypes/{id} | scim.resourcetype | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@show | | | | GET|HEAD | scim/v2/Schemas | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@index | | | | GET|HEAD | scim/v2/Schemas/{id} | scim.schemas | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@show | | | | GET|HEAD | scim/v2/ServiceProviderConfig | scim.serviceproviderconfig | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ServiceProviderController@index | | | | GET|HEAD | scim/v2/{fallbackPlaceholder} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/{resourceType} | scim.resources | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@index | Illuminate\Auth\Middleware\Authenticate:api | | | POST | scim/v2/{resourceType} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@create | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/{resourceType}/{resourceObject} | scim.resource | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@show | Illuminate\Auth\Middleware\Authenticate:api | | | PUT | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@replace | Illuminate\Auth\Middleware\Authenticate:api | | | PATCH | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@update | Illuminate\Auth\Middleware\Authenticate:api | | | DELETE | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@delete | Illuminate\Auth\Middleware\Authenticate:apiERROR CODE : System For Cross Domain Identity Managment Credential Validation Unavailable
The above error message is generally noticed when all the required Azure AD IP addresses are not whitelisted(allowed) in the SCIM network policy.
we have scim configured to other apps ,an they work fine , so the azure ad ip should be there , is there another whitelist for snipe it side ??
CAVACO-PT
commented
7 months ago i have not added the bearer word , i will try with that , thank you for making me noticed that !!!
CAVACO-PT
commented
7 months ago this was the test enviroment , that worked , and i dont see the word bearer there - https://documentation.codefortynine.com/snipe-it-for-jira/generate-a-snipe-it-api-key
To set up the connection between your “Snipe-IT” and “Snipe-IT for Jira” you need an API key. Log in to your Snipe-IT Asset Management account: htt...
Maybe Bearer is just for SCIM on azure , as soon as i can i will test with that word
CAVACO-PT
commented
7 months ago Ok i have tried with
and still nothing , can you see if could be anything else ??
snipe
commented
7 months ago is there another whitelist for snipe it side ??
Nope - we don't have any allow-listing - we expect you to handle that stuff on the network level.
CAVACO-PT
commented
7 months ago is there another whitelist for snipe it side ??
Nope - we don't have any allow-listing - we expect you to handle that stuff on the network level.
Everything is good on network allow list , we have scim for other apps
CAVACO-PT
commented
1 month ago can anyone assist with this ?? cannot even test the connection on azure side
it says invalid creadentials , but i created a fresh api token , this time , should we change anything here ??
iv put with and without bearer before token
Debug mode
Describe the bug
Hello
I Get 404 when acessing the page https://myurls/scim/v2 , and in azure when trying to connect Azure AD with SCIM i get a ~
ERROR CODE : System For Cross Domain Identity Managment Credential Validation Unavailable
I get this page also when acessing the url above
Screenshots
Snipe-IT Version
6.2.3
Operating System
Windows
Web Server
IIS
PHP Version
7.4.13
Can u assist please ??