Steps To Reproduce
- Launch deployed Bitwarden Lite web app (https://your-bitwarden-domain/#/login).
- Go to the Admin Console settings. (https://your-bitwarden-domain/#/organizations/*********/settings).
- Enable SCIM provisioning from submenu. (https://your-bitwarden-domain/#/organizations/**********/settings/scim).
- Save SCIM URL and SCIM API key credentials for Entra ID SCIM application.
- Create an Enterprise application from the Microsoft Entra admin center with given URL and API key credentials.
- Test connection.
Expected Result
Entra ID allows saving the provisioning configuration if and only if test connection is successful, therefore test connection should be successful.
Actual Result
Entra ID throws an Error code CredentialValidationUnavailable with error Message: An error occured while sending the request. When browser's developer console is checked for additional context, network response doesn't tell more detail than Entra ID web page and throws an HTTP 400 error:
"body": {
"error": {
"code": "CredentialValidationUnavailable",
"message": "Your application is not reachable. Check the address or tenant identiifer provided. If the problem persists, contact the party who maintains the application.",
"details": [],
"innerError": {
"code": "SystemForCrossDomainIdentityManagementCredentialValidationUnavailable",
"details": [],
"message": "We received this unexpected response from your application:\r\n\r\nMessage: An error occurred while sending the request.\r\n\r\nPlease check the service and try again. ",
"target": null,
"innerError": {
"code": "SystemForCrossDomainIdentityManagementCredentialValidationUnavailable",
"details": [],
"message": "Message:We received this unexpected response from your application:\r\n\r\nMessage: An error occurred while sending the request.\r\n\r\nPlease check the service and try again. ",
"target": null
},
Screenshots or Videos
No response
Additional Context
Rotating the SCIM API key doesn't change actual result, Entra ID fails with saving SCIM credentials because test connection fails. Bitwarden cloud server credentials, on the other hand, have no issues. Test connection with Bitwarden cloud server's credentials (https://scim.bitwarden.com/v2/***** or https://scim.bitwarden.eu/v2/****) with appropriate API keys doesn't throw any error. Internal SSL and certificate generation is disabled via environment variable BW_ENABLE_SSL=false since both of these are handled by desired reverse proxy. Lite deployment is run by Docker Compose and all services are in the same Docker network.
Githash Version
f588e30
Environment Details
Database Image
MSSQL Docker Image
mcr.microsoft.com/mssql/server:2022-latest
Issue Tracking Info
Steps To Reproduce
Expected Result
Entra ID allows saving the provisioning configuration if and only if test connection is successful, therefore test connection should be successful.
Actual Result
Entra ID throws an Error code CredentialValidationUnavailable with error Message: An error occured while sending the request. When browser's developer console is checked for additional context, network response doesn't tell more detail than Entra ID web page and throws an HTTP 400 error:
Screenshots or Videos
No response
Additional Context
Rotating the SCIM API key doesn't change actual result, Entra ID fails with saving SCIM credentials because test connection fails. Bitwarden cloud server credentials, on the other hand, have no issues. Test connection with Bitwarden cloud server's credentials (https://scim.bitwarden.com/v2/***** or https://scim.bitwarden.eu/v2/****) with appropriate API keys doesn't throw any error. Internal SSL and certificate generation is disabled via environment variable BW_ENABLE_SSL=false since both of these are handled by desired reverse proxy. Lite deployment is run by Docker Compose and all services are in the same Docker network.
Githash Version
f588e30
Environment Details
Database Image
MSSQL Docker Image
mcr.microsoft.com/mssql/server:2022-latest
Issue Tracking Info