Open CAVACO-PT opened 12 months ago
welcome[bot]
commented
12 months ago 👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
barkermn01
commented
12 months ago I will confirm this problem is not just IIS, we have it on Ubuntu with Nginx, so it's not Web Server Specific
snipe
commented
11 months ago That URL isn't valid, that's why you're getting a 404 (and the SCIM urls aren't meant to be visited directly in a web browser, so you'll always get weird results).
✨snipe@chodeblossom✨ snipe-it (develop) $ php artisan route:list | grep scim/v2
| | POST | scim/v2/.search | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/Me | scim.me.get | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@getMe | Illuminate\Auth\Middleware\Authenticate:api |
| | PUT | scim/v2/Me | scim.me.put | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@replaceMe | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/ResourceTypes | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@index | |
| | GET|HEAD | scim/v2/ResourceTypes/{id} | scim.resourcetype | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@show | |
| | GET|HEAD | scim/v2/Schemas | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@index | |
| | GET|HEAD | scim/v2/Schemas/{id} | scim.schemas | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@show | |
| | GET|HEAD | scim/v2/ServiceProviderConfig | scim.serviceproviderconfig | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ServiceProviderController@index | |
| | GET|HEAD | scim/v2/{fallbackPlaceholder} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/{resourceType} | scim.resources | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@index | Illuminate\Auth\Middleware\Authenticate:api |
| | POST | scim/v2/{resourceType} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@create | Illuminate\Auth\Middleware\Authenticate:api |
| | GET|HEAD | scim/v2/{resourceType}/{resourceObject} | scim.resource | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@show | Illuminate\Auth\Middleware\Authenticate:api |
| | PUT | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@replace | Illuminate\Auth\Middleware\Authenticate:api |
| | PATCH | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@update | Illuminate\Auth\Middleware\Authenticate:api |
| | DELETE | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@delete | Illuminate\Auth\Middleware\Authenticate:apiERROR CODE : System For Cross Domain Identity Managment Credential Validation Unavailable
The above error message is generally noticed when all the required Azure AD IP addresses are not whitelisted(allowed) in the SCIM network policy.
uberbrady
commented
11 months ago The /scim/v2 URL is actually correct - the SCIM client (Microsoft) will append /Groups (which we don't support) /Users (which we do) or to it to access Snipe-IT's SCIM integration.
Are you sure that's a super-user's API key? I also don't remember if you have to prepend "Bearer " in front of the API key, but that might be necessary too.
CAVACO-PT
commented
11 months ago The
/scim/v2URL is actually correct - the SCIM client (Microsoft) will append/Groups(which we don't support)/Users(which we do) or to it to access Snipe-IT's SCIM integration.Are you sure that's a super-user's API key? I also don't remember if you have to prepend "Bearer " in front of the API key, but that might be necessary too.
i hav made the api key with my user that is super user , im the only super user , so im certain
we have tested scim with the test endpoints that we found on the documentation and azure ad can connect to those test enviroment , just mine it gives that error !!!!
That URL isn't valid, that's why you're getting a 404 (and the SCIM urls aren't meant to be visited directly in a web browser, so you'll always get weird results).
✨snipe@chodeblossom✨ snipe-it (develop) $ php artisan route:list | grep scim/v2 | | POST | scim/v2/.search | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/Me | scim.me.get | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@getMe | Illuminate\Auth\Middleware\Authenticate:api | | | PUT | scim/v2/Me | scim.me.put | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\MeController@replaceMe | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/ResourceTypes | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@index | | | | GET|HEAD | scim/v2/ResourceTypes/{id} | scim.resourcetype | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceTypesController@show | | | | GET|HEAD | scim/v2/Schemas | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@index | | | | GET|HEAD | scim/v2/Schemas/{id} | scim.schemas | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\SchemaController@show | | | | GET|HEAD | scim/v2/ServiceProviderConfig | scim.serviceproviderconfig | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ServiceProviderController@index | | | | GET|HEAD | scim/v2/{fallbackPlaceholder} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@notImplemented | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/{resourceType} | scim.resources | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@index | Illuminate\Auth\Middleware\Authenticate:api | | | POST | scim/v2/{resourceType} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@create | Illuminate\Auth\Middleware\Authenticate:api | | | GET|HEAD | scim/v2/{resourceType}/{resourceObject} | scim.resource | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@show | Illuminate\Auth\Middleware\Authenticate:api | | | PUT | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@replace | Illuminate\Auth\Middleware\Authenticate:api | | | PATCH | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@update | Illuminate\Auth\Middleware\Authenticate:api | | | DELETE | scim/v2/{resourceType}/{resourceObject} | | ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController@delete | Illuminate\Auth\Middleware\Authenticate:apiERROR CODE : System For Cross Domain Identity Managment Credential Validation Unavailable
The above error message is generally noticed when all the required Azure AD IP addresses are not whitelisted(allowed) in the SCIM network policy.
we have scim configured to other apps ,an they work fine , so the azure ad ip should be there , is there another whitelist for snipe it side ??
CAVACO-PT
commented
11 months ago i have not added the bearer word , i will try with that , thank you for making me noticed that !!!
CAVACO-PT
commented
11 months ago this was the test enviroment , that worked , and i dont see the word bearer there - https://documentation.codefortynine.com/snipe-it-for-jira/generate-a-snipe-it-api-key
To set up the connection between your “Snipe-IT” and “Snipe-IT for Jira” you need an API key. Log in to your Snipe-IT Asset Management account: htt...
Maybe Bearer is just for SCIM on azure , as soon as i can i will test with that word
CAVACO-PT
commented
11 months ago Ok i have tried with
and still nothing , can you see if could be anything else ??
snipe
commented
11 months ago is there another whitelist for snipe it side ??
Nope - we don't have any allow-listing - we expect you to handle that stuff on the network level.
CAVACO-PT
commented
11 months ago is there another whitelist for snipe it side ??
Nope - we don't have any allow-listing - we expect you to handle that stuff on the network level.
Everything is good on network allow list , we have scim for other apps
CAVACO-PT
commented
6 months ago can anyone assist with this ?? cannot even test the connection on azure side
it says invalid creadentials , but i created a fresh api token , this time , should we change anything here ??
iv put with and without bearer before token
Scotison
commented
4 months ago it says invalid creadentials , but i created a fresh api token , this time , should we change anything here ??
iv put with and without bearer before token
Same issue for me. Any advise on getting this working?
uberbrady
commented
4 months ago The 'test' button should work - the last time I configured Snipe-IT in Azure the test button did work.
Major things to note - the API key must be for a superuser. You might have to insert the word "Bearer" and then a space in front of the API key. The URL should be your URL then /scim/v2.
Other things might not work until you tweak them a little bit, but the Test button should definitely work.
Scotison
commented
4 months ago The 'test' button should work - the last time I configured Snipe-IT in Azure the test button did work.
Major things to note - the API key must be for a superuser. You might have to insert the word "Bearer" and then a space in front of the API key. The URL should be your URL then /scim/v2.
Other things might not work until you tweak them a little bit, but the Test button should definitely work.
So typically have a good night sleep and fix it in the morning.
Issue was Cloudflares Bot fight mode issuing a challenge to azure but not for the CURL Get request. Disabled botfight mode on my test domain and it worked straight away.
barkermn01
commented
3 months ago Issue was Cloudflares Bot fight mode issuing a challenge to azure but not for the CURL Get request. Disabled botfight mode on my test domain and it worked straight away.
Just a note to anybody Cloudflare DNS should make sure that it's not doing anything before it, you don't want botfight, you defiantly don't want CDN enabled on it
Debug mode
Describe the bug
Hello
I Get 404 when acessing the page https://myurls/scim/v2 , and in azure when trying to connect Azure AD with SCIM i get a ~
ERROR CODE : System For Cross Domain Identity Managment Credential Validation Unavailable
I get this page also when acessing the url above
Screenshots
Snipe-IT Version
6.2.3
Operating System
Windows
Web Server
IIS
PHP Version
7.4.13
Can u assist please ??