PurpleComputing/scim-examples
2
0
Fork 0
mirror of https://github.com/PurpleComputing/scim-examples.git synced 2026-02-10 01:02:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
7e2ee928b2c8e92ea7710896b928fd16a1364a13
scim-examples/docker
History

README.md

Deploying the 1Password SCIM Bridge using Docker

This example describes the methods of deploying the 1Password SCIM bridge using Docker. The Docker Compose and Docker Swarm managers are available and deployment using each manager is described below.

Preparing

Please ensure you've read through the Preparing document before beginning deployment.

Install Docker locally

Install Docker for Desktop on your local machine and start Docker before continuing, as it will be needed to continue with the deployment process.

For macOS users who use Homebrew, ensure you're using the cask app-based version of Docker, not the default CLI version.

Docker Compose vs Docker Swarm

Using Docker, you have two different deployment options: docker-compose and Docker Swarm.

Docker Swarm is the recommended option. Please refer to your cloud provider on how to setup a remote Docker Swarm Cluster if you do not have one set up already or are experiencing difficulties doing so.

docker-compose is very useful for testing, but it is not recommended for use in a production environment. The scimsession file is passed into the docker container via an environment variable, which is less secure than Docker Swarm secrets or Kubernetes secrets, both of which are supported, and recommended.

Deploy SCIM bridge

Connect to your remote Docker host from your local machine using the following:

eval %{docker-machine env dev}

It's recommended to use the provided the bash script ./docker/deploy.sh to deploy your SCIM bridge.

If you cloned this repo on your remote machine using SSH, you should copy the scimsession file to the scim-examples folder on your server.

The script will do the following:

  1. Ask if you want to deploy with Docker Swarm or Compose
  2. Add your scimsession to the SCIM bridge container, using a .env file for Docker Compose or a swarm secret for Docker Swarm.
  3. Prompt you for your SCIM bridge domain name which will configure LetsEncrypt to automatically issue a certificate for your bridge. This is the domain you selected in Preparing.
  4. Deploy a container using 1password/scim, and a redis container. The redis container is necessary to store LetsEncrypt certificates.

The logs from the SCIM bridge and redis containers will be streamed to your machine. If everything seems to have deployed successfully, press Ctrl+C to exit, and the containers will remain running on the remote machine.

At this point you should set the DNS record for the domain name you selected to the IP address of the op-scim container. You can continue setting up your Identity Provider with the SCIM Bridge Administration Guide.

Additional Docker Compose instructions

This only applies when using and testing the SCIM bridge through docker-compose.

In order to automatically launch the 1Password SCIM bridge upon startup when using docker-compose, you will need to configure systemd to automatically start the Docker daemon and launch op-scim.

  1. Install the service file for op-scim. A sample is provided and you'll need to modify it to your needs.
  2. Once installed, reload systemd so that it recognizes the service: systemctl daemon-reload
  3. Enable the op-scim service: systemctl enable op-scim
  4. Start the op-scim service: systemctl start op-scim
Reference in New Issue View Git Blame Copy Permalink