Comments (4)
This issue was addressed in v2.0 of SSOSync.
from ssosync.
Same problem! any update or workaround?
from ssosync.
@hazelguo ended forking and modified the AWS SSO user creation part. I added a check before creating the user on AWS SSO side, if the user already exist, then it will skip the user creation.
This causes a lot more API calls to AWS SCIM API, but solves the 409 conflict problem.
I'm planning to open a PR to address this issue when I got the time, hopefully soon.
from ssosync.
@hadrianbs @hazelguo there is no way to mitigate this using this program (at least without a big refactoring) and this is one of the reasons that motivate me to find a different alternative.
Since some time ago I have been working on a new approach of the sync, today I have been tested my last code in the devel branch
here https://github.com/slashdevops/idp-scim-sync/tree/develop. I will deliver the version v0.0.1 soon, as soon I write some documentation.
for the new approach, I'm using the same method that terraform
use, an state file
to avoid the use of the AWS SSO SCIM API calls after the first sync. What I mean is, once the first sync occurs, the following sync only compare changes with this state file stored in AWS S3
with mean only one AWS S3 API call
to get all the data, and once the comparison exists with the fresh data coming from GWS
the program only perform a specific call to AWS SSO SCIM API
with the differences.
If you want to see what this is about, check the images files here https://github.com/slashdevops/idp-scim-sync/tree/develop/docs/images/demo I created these today.
WARNING: if do you want to test it, just clone the project
and use the develop branch
execute make
command.
then ./build/idpscim --help
./build/idpscim --help
Sync your Google Workspace Groups and Users to AWS Single Sing-On using
AWS SSO SCIM API (https://docs.aws.amazon.com/singlesignon/latest/developerguide/what-is-scim.html).
Usage:
idpscim [flags]
Flags:
-k, --aws-s3-bucket-key string AWS S3 Bucket key to store the state
-b, --aws-s3-bucket-name string AWS S3 Bucket name to store the state
-t, --aws-scim-access-token string AWS SSO SCIM API Access Token
-e, --aws-scim-endpoint string AWS SSO SCIM API Endpoint
-d, --debug fast way to set the log-level to debug
-s, --gws-service-account-file string path to Google Workspace service account file (default "credentials.json")
-u, --gws-user-email string Google Workspace user email with allowed access to the Google Workspace Service Account
-h, --help help for idpscim
-f, --log-format string set the log format (default "text")
-l, --log-level string set the log level [panic|fatal|error|warn|info|debug|trace] (default "info")
-q, --query-groups strings Google Workspace Groups query parameter, example: --query-groups 'name:Admin* email:admin*' --query-groups 'name:Power* email:power*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-groups
-r, --query-users strings Google Workspace Users query parameter, example: --query-users 'name:Admin* email:admin*' --query-users 'name:Power* email:power*', see: https://developers.google.com/admin-sdk/directory/v1/guides/search-users
-n, --state-enabled enable state
-m, --sync-method string Sync method to use [groups] (default "groups")
-v, --version version for idpscim
from ssosync.
Related Issues (20)
- Support for Workload Identity Federation
- Serverless Application Repository not updated to 2.x.x HOT 4
- SSOSYNC_REGION environment variable is not respected when deployed as Lambda function HOT 5
- IgnoreGroups and potentially other regexes have invalid checks
- Allow external members in groups to be users in IAM Identity Center? HOT 1
- Expand user attribute replication
- Configurable handling of 'manually created' Users/Groups in IAM Identity Center HOT 3
- Expand the Options for storing the sensitive parameters to include binaray secrets and SSM Parameter Store HOT 2
- [Not a bug] By mistake I've destroyed our SSO Sync and lost all of the secrets HOT 3
- DeletePolicy Protection for Secrets and Keys
- Error 404: Domain not found HOT 2
- Update SAR ReadMe
- Nested group flattening not working HOT 3
- The security token included in the request is expired HOT 5
- Group owners should be also a group members HOT 1
- Allow GWS service accounts without impersonation HOT 2
- SAM CLI validation is incorrect HOT 1
- SSO Lambda Deletes then Recreates Users HOT 5
- get google users googleapi: Error 400: Invalid Input, invalid HOT 8
- Please provide one example of a correct use of the tool
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssosync.