snipe-it icon indicating copy to clipboard operation
snipe-it copied to clipboard

Published 20 hours ago verified publisher icon snipe

Azure users fail to provision via SCIM

Open kclifford20 opened this issue 2 years ago • 29 comments

Debug mode

Describe the bug

Azure users fail to provision via SCIM using default configuration when setup in Azure AD.

Originally there was a mismatch in username, so I've matched that up properly, however it also looks like Azure AD fails to identify that the user already exists in Snipe after matching the username to the Azure AD UserPrincipalName.

Reproduction steps

  1. Login to Azure AD
  2. Find the Enterprise Application for Snipe IT
  3. Select Provisioning
  4. Provision on Demand
  5. Select a random user
  6. Select provision

Expected behavior

The user should match the existing Snipe IT user and update any missing information

Screenshots

No response

Snipe-IT Version

v6.0.0 build 6860 (g722e88a47)

Operating System

Alpine Linux

Web Server

Apache

PHP Version

7.4.29

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

Azure AD error:
Error code

SystemForCrossDomainIdentityManagementServiceIncompatible
Error message

We are not able to deserialize the resource received from your SCIM endpoint because your SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client. Here is the resource we received from your SCIM endpoint:

(end of error)
---
Laravel.log shows the below:
[2022-05-16 02:16:50] production.ERROR: Weird department reader firing...
[2022-05-16 02:16:50] production.ERROR: Weird manager reader firing...
[2022-05-16 02:17:11] production.ERROR: ArieTimmerman\Laravel\SCIMServer\Exceptions\SCIMException: Missing a valid schemas-attribute. in /var/www/html/vendor/arietimmerman/laravel-scim-server/src/Http/Controllers/ResourceController.php:101
Stack trace:
#0 /var/www/html/vendor/arietimmerman/laravel-scim-server/src/Http/Controllers/ResourceController.php(147): ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController::createFromSCIM()
#1 /var/www/html/vendor/arietimmerman/laravel-scim-server/src/Http/Controllers/ResourceController.php(164): ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController->createObject()
#2 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): ArieTimmerman\Laravel\SCIMServer\Http\Controllers\ResourceController->create()
#3 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction()
#4 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch()
#5 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController()
#6 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run()
#7 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing\{closure}()
#8 /var/www/html/vendor/arietimmerman/laravel-scim-server/src/Middleware/SCIMHeaders.php(17): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#9 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): ArieTimmerman\Laravel\SCIMServer\Middleware\SCIMHeaders->handle()
#10 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(50): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#11 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Routing\Middleware\SubstituteBindings->handle()
#12 /var/www/html/app/Http/Middleware/CheckPermissions.php(24): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#13 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\Http\Middleware\CheckPermissions->handle()
#14 /var/www/html/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(44): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#15 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Auth\Middleware\Authenticate->handle()
#16 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#17 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then()
#18 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack()
#19 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute()
#20 /var/www/html/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute()
#21 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch()
#22 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#23 /var/www/html/vendor/livewire/livewire/src/DisableBrowserCache.php(19): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#24 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Livewire\DisableBrowserCache->handle()
#25 /var/www/html/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#26 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\Debugbar\Middleware\InjectDebugbar->handle()
#27 /var/www/html/vendor/fruitcake/laravel-cors/src/HandleCors.php(38): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#28 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fruitcake\Cors\HandleCors->handle()
#29 /var/www/html/app/Http/Middleware/PreventBackHistory.php(23): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#30 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\Http\Middleware\PreventBackHistory->handle()
#31 /var/www/html/app/Http/Middleware/SecurityHeaders.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#32 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\Http\Middleware\SecurityHeaders->handle()
#33 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#34 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#35 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull->handle()
#36 /var/www/html/app/Http/Middleware/CheckForDebug.php(25): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#37 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\Http\Middleware\CheckForDebug->handle()
#38 /var/www/html/app/Http/Middleware/CheckForSetup.php(25): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#39 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\Http\Middleware\CheckForSetup->handle()
#40 /var/www/html/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#41 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\Proxy\TrustProxies->handle()
#42 /var/www/html/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#43 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#44 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#45 /var/www/html/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#46 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle()
#47 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#48 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
#49 /var/www/html/app/Http/Middleware/NoSessionStore.php(28): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#50 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): App\Http\Middleware\NoSessionStore->handle()
#51 /var/www/html/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#52 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then()
#53 /var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#54 /var/www/html/public/index.php(52): Illuminate\Foundation\Http\Kernel->handle()
#55 {main}
[2022-05-16 02:17:11] production.DEBUG: Validation failed. Errors: []

Message: Missing a valid schemas-attribute.

Body:

(end of log)
---

Additional context

Existing installation New setup of SCIM given SCIM provisioning is a brand new feature

kclifford20 avatar May 16 '22 03:05 kclifford20

Can Confirm I am seeing the same issue. Brand New install of Snipe It Attempting to Provision from Azure SCIM results in the Same Message Error code SystemForCrossDomainIdentityManagementServiceIncompatible

Error message We are not able to deserialize the resource received from your SCIM endpoint because your SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client. Here is the resource we received from your SCIM endpoint:

I removed all Mappings in Azure Except just to make sure it wasn't a mapping attribute issue: Display name Maps to displayName Username maps to userName Given Name Maps to name.givenName Family Name Maps to name.familyName

zm1868179 avatar May 18 '22 23:05 zm1868179

@uberbrady I think you had some insight on this? (And we should add some info to the docs here as well.)

snipe avatar May 18 '22 23:05 snipe

We can't handle the displayName attribute very well yet, because it's a synthetic value - the user's first name, a space, and their last name. Snipe-IT only stores the first and last name. Since SCIM also allows you to send a first and last name, that's what we try to respect.

I've updated the docs here: https://dash.readme.com/project/snipe-it/v6.0.0/docs/scim to reflect those (and other) limitations.

uberbrady avatar May 18 '22 23:05 uberbrady

I've reduced our attributes down to the below and still getting the same error, however not seeing any stack trace in laravel.log this time. userPrincipalName -> userName jobTitle -> title givenName -> name.givenName surname -> name.familyName employeeId -> urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber

Laravel.log: [2022-05-18 23:43:12] production.ERROR: Weird department reader firing...
[2022-05-18 23:43:12] production.ERROR: Weird manager reader firing... [2022-05-18 23:43:13] production.DEBUG: SAML is enabled according to loadSettings() [2022-05-18 23:43:13] production.DEBUG: Trying to create a new OneLogin_Saml2_Auth object [2022-05-18 23:43:14] production.DEBUG: Attempting to login via SAML [2022-05-18 23:43:14] production.WARNING: SAML page requested, but samlData seems empty. [2022-05-18 23:43:14] production.WARNING: Something else went wrong while trying to login as SAML user [2022-05-18 23:43:14] production.DEBUG: SAML is enabled according to loadSettings() [2022-05-18 23:43:14] production.DEBUG: Trying to create a new OneLogin_Saml2_Auth object

kclifford20 avatar May 18 '22 23:05 kclifford20

We've cut down that noisy SAML debug logs on the latest. If you try and initiate a 're-sync' using the control panel, does it still end up dropping into 'quarantine'?

uberbrady avatar May 18 '22 23:05 uberbrady

I've just updated to 6.0.1, each time I attempt a provisional sync, it rejects the attempt with the same error.

We are not able to deserialize the resource received from your SCIM endpoint because your SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client. Here is the resource we received from your SCIM endpoint:

kclifford20 avatar May 19 '22 00:05 kclifford20

Same as Above my instance was 6.0.1 I removed the display name mapping and tested with the same results using only: Username Given Name Family Name

zm1868179 avatar May 19 '22 01:05 zm1868179

@kclifford20 - the error message was not present in your reply.

We are not able to deserialize the resource received from your SCIM endpoint because your SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client

We have tested this with Azure AD SCIM. There are some fields we had to pull because Azure is not adhering to the SCIM protocol standards, but we have been testing almost exclusively with Azure.

snipe avatar May 19 '22 01:05 snipe

We have tested this with Azure AD SCIM. There are some fields we had to pull because Azure is not adhering to the SCIM protocol standards, but we have been testing almost exclusively with Azure.

Haha, typical Microsoft

Can you please add a copy of your setup of SCIM with Azure so I can replicate and test?

kclifford20 avatar May 19 '22 01:05 kclifford20

@kclifford20 I'm sure we can do that - give us a few tho, we're grabbing dinner real quick :)

snipe avatar May 19 '22 01:05 snipe

Haha, typical Microsoft

Heh, from your words to Gates' ears 😂 😩 🤬

snipe avatar May 19 '22 01:05 snipe

Ah, looks like @uberbrady updated the docs just an hour or so ago - https://snipe-it.readme.io/docs/scim

Not sure if you've checked since then?

Screen Shot 2022-05-18 at 6 30 21 PM
Snipe-IT Documentation
To enable SCIM support, you first need to generate an API key for a Superuser. As a superuser, go to the user menu near the upper-right, and choose "Manage API keys." Click "Create New Token." Copy the token and paste that in as a "Bearer Token" on your SCIM client's configuration pages. The SCIM cl...

snipe avatar May 19 '22 01:05 snipe

@snipe Just got home but while you wait on @kclifford20 who possible has a similar setup here is my SCIM setup in Azure if it helps.

image image image

zm1868179 avatar May 19 '22 01:05 zm1868179

@zm1868179 ALL of this helps, for sure. We tested this a lot (and @adagioajanes has been amazing helping us get this off the ground) but there is still a lot of configuration fiddliness, so the more info we can get, the better. Thanks so much.

snipe avatar May 19 '22 01:05 snipe

Wait this is odd So I just tried it again with a User that did not exist in Snipe IT (I was trying with my Azure Admin user that I Manually created in Snipe IT for SAML and it worked.

image

Just tried to provision again with the account it created successfully and now I get a different error.

So it looks like it can create an Account (that doesn't already exist in SnipeIT but not delete or update them currently) image

zm1868179 avatar May 19 '22 01:05 zm1868179

OK I worked with Microsoft Engineering My Instance is hosted in an Azure Web app Instance. We had to add some things to the Web.config

We added the following: image

The full line for the PHP Handle is below as its cut off in the image

    <modules runAllManagedModulesForAllRequests="true">
          <remove name="WebDAVModule"/> <!-- add this -->
      </modules>
<handlers>        
  <remove name="WebDAV" />    
	    <remove name="OPTIONSVerbHandler" />
		<remove name="PHP74x86_via_FastCGI" />
		<add name="PHP74x86_via_FastCGI" path="*.php" verb="GET,PUT,POST,DELETE,HEAD" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v7.4\php-cgi.exe" resourceType="Either" requireAccess="Script" />
    </handlers>
<httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*"/>
      <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept,Authorization"/>
      <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
    </customHeaders>

This allowed the php PUT and DELETE requests to work in the web app web server itself (Tested outside of snipe it with a custom test.php file) as by default put and Delete are not allowed but it seems the issue is how snipeit routes the request for an PUT Request or Delete Request

The error returned by Azure SCIM when doing an provision of an existing account so an update request is this:

Error message StatusCode: MethodNotAllowed Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.

zm1868179 avatar May 19 '22 05:05 zm1868179

Disregard what I said We were able to get the Patch Request to work however we now get a mapping error for things that I am not mapping

This is the correct web.config to allow HTTP Verbs on Azure Web Apps:

        <modules runAllManagedModulesForAllRequests="true">
            <remove name="WebDAVModule"/> <!-- add this -->
        </modules>
  <handlers>        
    <remove name="WebDAV" />    
	    <remove name="OPTIONSVerbHandler" />
  		<remove name="PHP74x86_via_FastCGI" />
		<add name="PHP74x86_via_FastCGI" path="*.php" verb="GET,PUT,POST,DELETE,HEAD,OPTIONS,PATCH" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v7.4\php-cgi.exe" resourceType="Either" requireAccess="Script" />
      </handlers>
  <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*"/>
        <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept,Authorization"/>
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS, PATCH"/>
      </customHeaders>

It will now Pass syncing and Creating with no errors however If I change info on an existing user it doesnt update the info as Azure says no data has changed

zm1868179 avatar May 19 '22 05:05 zm1868179

Any change to get the provisioning working for already-existing users ?

cambierr avatar May 25 '22 09:05 cambierr

I'm working on SCIM stuff right now, against Azure AD. I already have a few changes I'd like to put up, but there's definitely still more work to be done.

uberbrady avatar May 25 '22 17:05 uberbrady

I'm also very interested in this as we dropped our legacy ldap server and now we need to provision users manually. We are also using Azure and we experience the same problems.

mattytr2 avatar Jun 30 '22 07:06 mattytr2

@uberbrady would the change we just pushed yesterday address this issue?

snipe avatar Jun 30 '22 16:06 snipe

Yeah, possibly. I'm cautiously optimistic about it.

uberbrady avatar Jun 30 '22 21:06 uberbrady

Unsure if doing the below will bring your changes over to my staging instance, but I'm still getting errors updating existing people in Snipe via SCIM.

git checkout develop git pull php upgrade.php

Error Failed to create User '(redacted)' in customappsso

Error code

SystemForCrossDomainIdentityManagementServiceIncompatible Error message

We are not able to deserialize the resource received from your SCIM endpoint because your SCIM endpoint is not fully compatible with the Azure Active Directory SCIM client. Here is the resource we received from your SCIM endpoint: (end of error)

One thing that I've found is that the SCIM API works absolutely fine to update objects it's created - It's just objects that weren't created by SCIM that fails to update.

kclifford20 avatar Jul 01 '22 00:07 kclifford20

Slightly different behaviour here using default configuration when setup in Azure AD and Snipe-IT 6.0.6, I get an error about streetAddress and country missing:

Error code SystemForCrossDomainidentityManagementServicelncompatible

Error message StatusCode: BadRequest Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details Web Response ("schemas". l"urn:ietf.params:scim:api:messages:2.0:Error"),"detail:."Invaliddata!","status*:400,"scimType"."invalidSyntax","errors". f'urn:ietf.params:scim:schemas:.core:2.0:User.addresses.O.streetAddress"["Theurn:ietf.params:scim:schemas:core:2__0:User:addresses.O.streetAddressmustbea string." , urn:ietf:params:scim:schemas:core:2.0:User:addresses.0.country":|"The urn:ietf.params:scim:schemas:core:2 O:User:addresses.0.country must be a string.")

From Azure if I fill something in "Default value if null (optional)" for the mapping of streetAddress and country then the provisioning works.

Not sure if I should open a new issue or if it fits here.

musyne avatar Jul 06 '22 14:07 musyne

Thought I would give an update on 6.0.7

It seems with Snipeit Hosted in an Azure App Service Container

Azure SCIM provisioning does work it will create users if they do not exist however it will not update them

When it runs again for an update pass I will get the following error:

Error code SystemForCrossDomainIdentityManagementClientNonServiceFailure

Error message StatusCode: MethodNotAllowed Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.

All Http Verb Methods are allowed per the web.config

 <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
            <remove name="WebDAVModule"/> <!-- add this -->
        </modules>
  <handlers>        
    <remove name="WebDAV" />    
	    <!--<remove name="OPTIONSVerbHandler" />-->
  		<remove name="PHP74x86_via_FastCGI" />
		<add name="PHP74x86_via_FastCGI" path="*.php" verb="GET,PUT,POST,DELETE,HEAD,UPDATE,OPTIONS,TRACE" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v7.4\php-cgi.exe" resourceType="Either" requireAccess="Script" />
      </handlers>
  <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*"/>
        <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept,Authorization"/>
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS, UPDATE, HEAD, TRACE"/>
      </customHeaders>
    </httpProtocol>
   </system.webServer>

zm1868179 avatar Jul 07 '22 14:07 zm1868179

The latest master version does have a fix for this, I'm curious to hear if that solves people's problems.

uberbrady avatar Jul 25 '22 20:07 uberbrady

Just updated to the latest version User Creation is still fine however User Updating is still broken

Error code SystemForCrossDomainIdentityManagementClientNonServiceFailure

Error message StatusCode: MethodNotAllowed Message: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details. Web Response: The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used. This operation was retried 2 times. It will be retried again after this date: 2022-07-26T09:43:06.6750192Z UTC

zm1868179 avatar Jul 25 '22 22:07 zm1868179

I was able to get updating working now turns out it was another Azure Web App Services issue.

Just in case if anyone else hosts Snipeit on Azure Web Apps you must edit the web.config in the public folder and add the following info the <system.webserver> tag:

<handlers>        
	<remove name="PHP74x86_via_FastCGI" />
	<add name="PHP74x86_via_FastCGI" path="*.php" verb="GET,PUT,POST,DELETE,HEAD,UPDATE,OPTIONS,TRACE,PATCH" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v7.4\php-cgi.exe" resourceType="Either" requireAccess="Script" />
  </handlers>

Azure Web Apps by default only lets you do get and post by PHP so you have to add this in the web.config to override and add the other http verbs

zm1868179 avatar Jul 25 '22 23:07 zm1868179

Hmm... thanks for the extra info! The web.config is checked into the repo though, so changes to that will get overwritten in future upgrades. I think it might be better to handle that at the IIS level, just to avoid any conflicts. (Our customers are hosted on Linux, so they wouldn't have had to touch that file.)

snipe avatar Jul 25 '22 23:07 snipe

Hi there - We haven't heard back in a bit, so I'm going to close this ticket for now, but will re-open it if you're still having issues.

hackerman-hacking

snipe avatar Aug 23 '22 01:08 snipe

Hi,

we are using an hosted snipe-it version. And we are facing the same error. Creating the users is possible but updating not.

How and where can we change the things zm1868179 is talking about? if possible could you write a step by step guide?

Thank you and best regards

mthriemer avatar Sep 05 '22 10:09 mthriemer