Environment: Cloud Foundry Trail
I deployed my business & approuter applications using help
Now my requirement is get below user profile after XSUAA login.
Is there any API to get user profile details?
{
"lastName": "XXXXX",
"passwordStatus": "enabled",
"mail": "XXXXX#gmail.com",
"displayName": "XXXX XXXX XXXXX",
"uid": "XXXXXX",
"photoUrl": "https://www.gravatar.com/avatar/760fcd379cf60090e1e27b052f9e49bd?d=mm",
"firstName": "XXXX",
"contactPreferenceEmail": "unknown",
"status": "active",
"spUsersAttributes": [
{
"ServiceProviderName": "sapcpcf",
"NameID": "XXXXX",
"Status": "ACTIVE",
"ActivationTime": "20181026050006Z"
}
]
}
Updated answer:
The IdP used by default on Cloud Foundry does not use SAML. Thus, mapping of SAML attributes does not work. Use the approach listed below only when using an IdP that supports SAML.
Instead, when using the default IdP, there three fields (given_name, family_name, email), that can be accessed as follows:
AuthTokenAccessor.getCurrentToken().get().getJwt().getClaim("email").asString();
Original answer:
you can do the following:
First, add a role template to your xs-security.json you used to configure your XSUAA instance like this:
{
"name": "Authenticated",
"description": "All authenticated users",
"attribute-references": [
"given_name",
"family_name",
"email"
]
}
Note that you need to recreate the XSUAA instance with the new config in order for this change to work.
Now, in the roles section of your Identity Provider (if you use the default Cloud Foundry IdP you can find that under the "Security" tab on the left of the Cloud Cockpit), you can configure how these fields should be filled. Choose "Identity Provider" there.
Of course make sure that this role is assigned to every user.
Finally, you read the information using the UserAccessor:
final User currentUser = UserAccessor.getCurrentUser();
currentUser.getAttribute("email");
This should help you get the necessary information!
Currently, there is no dedicated API to get all of these user profile details. You can use the AuthTokenAccessor to access the current JWT which should contain this information.
Related
I have a Policy Server where I'm creating resources & roles. The resources are guided by policies which is defined based on the roles. For ex. assume we have the following resources button1, button2, Submit, table2 & Roles like Google:NA:Admin, Yahoo:CHN:Admin, Google:CHN:User, Alphabet:EU:Admin, etc.. The user will be registering for a role by logging into the Policy Server site by providing username and password. I'm getting authorized resource list for each user from a server. The response from the server will be like the following for a username "greenUser" (the only parameter sent as part of the POST request to Policy Server API).
{"permit":[
"button1",
"table2",
"Role:Google:NA:Admin",
"Submit"
]
}
The requirement is to determine the Role of the user, Region, Company & the list of resources he has access.
So, I created a resource on the same name of the "Role" and restricted the access in Policy Server for that particular Role. eg: I created a role "Google:NA:Admin" and created a policy to restrict the access to only role "Role:Google:NA:Admin". The intention is to find this resource as part of the response and to determine the Role the user is having.
There is a possibility that a user can having multiple roles. eg. He can be an admin for Google (NA region) & Alphabet (EU region).
To determine the Region and Company from the roles. I created a JSON like the following:
{
"Roles" : [{
"Google" : [{
"NA" : ["Role:Google:NA:Admin", "Role:Google:NA:User"]},{
"CHN" : ["Role:Google:CHN:Admin", "Role:Google:CHN:User"]}
]
},
{
"Alphabet" : [{
"NA" : ["Role:Alphabet:NA:Admin", "Role:Alphabet:NA:User"]},{
"CHN" : ["Role:Alphabet:CHN:Admin", "Role:Alphabet:CHN:User"]}
]
}
}
I have created a method using Java which parses the entire JSON and if the value matches to the particular "Role" resource returned, then I'm capturing the Key (eg: CHN) as the Region & the key of the outer JSON Element as "Company".
I want to check if there is a better way to determine the Role, Region & Company of the user. The above mentioned JSON is my idea. I would love to hear if there is a better design or approach other than the JSON. Example Code snippets are appreciated.
Sorry for the long post. I tried my best to capture the complete requirement.
Thanks in advance.
If the policyserver has an API to getRoles for a given User I would use that or create one instead (if possible). Adding roles as resource will be my last plan if all doors are closed.
Not clear about which system generates the company-country-roles JSON. Is it policy server or your application ? If it is policy server I would return array of policyNames (getRoles API). If your application is going to return this JSON I would discuss it with the consumer of the application service and decide if it meets their expectations. If there is no consumer I would just return array of Role Names to keep it simple
I have just set up Guacamole 0.9.9 with a MySQL user database and LDAP authentication and it all works flawlessly so far.
However, I want to be able to create new users and connections in the MySQL database from outside of Guacamole. Is there a way to use the API to perform these tasks?
All I'm reading about the API is creating a new web application which embeds remote connections.
You can use the following MySQL commands in your code to create new users.
SET #salt = UNHEX(SHA2(UUID(), 256));
INSERT INTO guacamole_user (username, password_salt, password_hash, password_date) VALUES ('testuser', #salt, UNHEX(SHA2(CONCAT('testpass', HEX(#salt)), 256)), NOW());
You can create users with Guacamole REST API.
Firstly you need create a token:
Endpoint:
POST {{baseURL}}/api/tokens
x-www-form-urlencoded:
username: guacadmin
password: guacadmin
Sample Response:
{
"authToken": "8144B9B1EBAF73E8EDCE08EF5C145F49C1C9F563F13E21BF7A1CEC43E74011A4",
"username": "guacadmin",
"dataSource": "postgresql",
"availableDataSources": [
"postgresql",
"postgresql-shared"
]
}
After then you can create a user with using the token.
Endpoint:
POST {{baseURL}}/api/session/data/{{dataSource}}/users?token={{authToken}}
Sample Request Body:
{
"username": "testuser",
"password": "password",
"attributes":{
"disabled":"",
"expired":"",
"access-window-start":"",
"access-window-end":"",
"valid-from":"",
"valid-until":"",
"timezone": ""
}
}
I have ObjectID of defect.
Defect should be updated using only web services.
Get a security token using this endpoint:
https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize
The result includes the token, "fbaa0c04-2616-....
{"OperationResult": {"_rallyAPIMajor": "2", "_rallyAPIMinor": "0", "Errors": [], "Warnings": [], "SecurityToken": "fbaa0c04-2616-...."}}
Post using 'create' endpoint with the security token appended in the end. In this example 123456789 is the OID of the defect where Description field is being updated
URL:
https://rally1.rallydev.com/slm/webservice/v2.0/defect/123456789?key=fbaa0c04-...
Request Body:
{
"Defect":{
"Description":"some description"
}
}
Here is another example of a Request Body (payload) where two fields are updated, one of which is the Owner, which is a reference to a User object. Reference fields must use ObjectID:
{"Defect":{
"State":"Open",
"Owner":"/user/987654321"
}
}
You'll find the Rally Rest Toolkit for Java helpful.
The following example shows a full CRUD lifecycle:
https://github.com/RallyTools/RallyRestToolkitForJava/blob/master/src/main/resources/examples/com/rallydev/rest/CrudExample.java
For my graduation I have to develop a Java application for opinion mining on Facebook.
The topic is opinion mining on the Facebook pages of political parties to compare the opinion of Facebook users to official polls. So it's only public data on public pages.
I'm using the restfb library to obtain data. I want to obtain posts and comments.
Until now I'm successful in getting the data, but there are some issues which I don't understand:
I'm getting data using graphApi calls with URL parameters. With the limit parameter I get a different amount of posts when using an access token provided by the graph explorer, than I get when using an access token provided by logging in with Facebook App data (appId, appSecret). Why is that?
Compared to the posts listed on the Facebook Feed, some (public) posts aren't returned at all. What's the reason for this? (As i said, I'm using the limit parameter in a graphApi call)
Some of the returned posts seem corrupt. When using the graph explorer the posts look like the following: (I erased to omitted fields)
{
"id": "id omitted",
"from": {
"name": "name omitted",
"category": "Political party",
"id": "id omitted"
},
"story": "\"\" on their own link.",
"type": "status",
"created_time": "2012-10-09T11:13:09+0000",
"updated_time": "2012-10-09T11:13:09+0000",
"comments": {
"count": 0
}
},
Processing these posts always throws an exception because many data are missing such as comments, likes etc...
Are these corrupted entries or maybe deleted posts?
Im writing an app for facebook in java.
i have a class named FacebookClient that i got from facebook.
withe this class i can connect to facebook by using
FacebookClient client = new FacebookClient();
client.login(request, response, "api_key", "sec_key");
and get user info with
client.users_getinfo
(For example: client.users_getinfo(String.class, uidJSON, "first_name , last_name , sex , pic_big , pic_small ", "format=json");
the problem is that i need the user profile url and i can't get it!!
does anyone know how to get it (the function or the Query )
Thanks
Check out the Facebook Graph API here
If you make an API call me it will return a large JSON containing various information about you, (or a specified user), and one of the entries is 'link'
Here is a sample call.
https://graph.facebook.com/me?access_token=<the access token>
and the sample return will look like:
{
"id": "01234567",
"name": "Kenny Cason",
"first_name": "Kenny",
"last_name": "Cason",
"link": "http://www.facebook.com/kenny.cason",
"about": "life only comes once",
"birthday": "00/11/2222",
"location": {
"id": "110184922344060",
"name": "Washington, District of Columbia"
},
...
a bunch more info
...
}
You can see the link entry which is a link to my facebook profile. let me know if you need more information.