I am using WSO2 IDM server and working on using SCIM API's available.
When I invoked the get groups SCIM API https://localhost:9443/wso2/scim/Groups, I am getting error in response
{
"Errors": [
{
"code": "404",
"description": "Groups not found in the user store."
}
]
}
I created few users and roles under 'PRIMARY' user store.
However I am able to successfully invoke the get users API.
WSO2 Version: 5.11
Please let me know if I am missing configuration.
Regards,
You have used scim v1 APIs for user and group retrieval.
Can you please try scim2 APIs (This is recommended).
List groups: https://localhost:9443/scim2/Groups
List users: https://localhost:9443/scim2/Users
refer: https://is.docs.wso2.com/en/latest/develop/scim2-rest-apis/#/scim-20-api-definition
Related
I tried the demo at https://cloud.google.com/video-intelligence/
If I switch to the API tab I can see the request is
https://videointelligence.googleapis.com/v1/operations/projects/4808913407/locations/us-east1/operations/12700896084805575820?key=YOUR_API_KEY_HERE
However, when I try doing the same operation using my API key I get
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Do I need to configure the API key in any specific way to get this working?
Video Intelligence does not support API Keys, you need to authenticate using a service account. Here you can find the list of GCP services that support API Keys.
Here you can find a description step-by-step on how to use video intelligence using the command line.
As you can see you need to generate a print access token after configuring your service account credentials. Then you include it in the API call as "Authorization: Bearer". You cannot use an API key.
We are planning to use WSO2 Identity Server as the identity provider for multiple websites and apps. Whenever a new member will register with our website, we will create a new user in WSO2 Identity Server which will then authenticate the users. I am planning to use SCIM REST APIs to create/update users in WSO2.
I was able to successfully retrieve the list of users from WSO2 by making GET request to this endpoint. So there is no issues with access permission.
https://identityserver:9443/wso2/scim/Users
But when I tried to add a new user (POST) I received the error below:
{
"Errors": [
{
"description": "Error in adding the user: mj100#jackson.com to the user store. Cannot access the directory context or user already exists in the system for user :mj100#jackson.com",
"code": "500"
}
]
}
My request had a payload as below:
{
"schemas":[
],
"name":{
"familyName":"Jackson",
"givenName":"Michael"
},
"userName":"mj100#jackson.com",
"password":"HiMike100",
"emails":[
{
"primary":true,
"value":"mj100#jackson.com",
"type":"home"
}
]
}
I received a similar error when I tried to update an user in WSO2 admin (carbon) portal:
Error while updating profile of abcd#test.com. Error is: One or more attributes you are trying to add/update are not supported by underlying LDAP for user : abcd#test.com
I am clueless on how to resolve this issue and why WSO2 will not allow me to update an user neither via console or via SCIM API.
I am using WSO2 Identity Server 5.1.0
Have you enabled using an email address as a username ?
https://docs.wso2.com/display/IS510/Using+Email+Address+as+the+Username
I am working on scalr and trying to access scalr api using postman client but I have getting error:
{
"meta": {
"requestId": "63b814f1-f885-48cc-85d6-762e524e0bfb"
},
"errors": [
{
"code": "BadAuthentication",
"message": "Unsigned request"
}
]
}
For scalr api they have given Access keyid:xxxxxxx and secret key: xxxxxxxx so I am using basic auth for authentication process and giving:
username:(scale key id)
password:(scalr secret_key)
Scalr apis working fine with scalr api interface but throwing error with postman client.
Please suggest me what is the problem.
If you are using the API v1 (deprecated) that is currently available in Scalr Open Source, you need to get the signature from your user profile as described in the documentation.
If you are using Scalr Enterprise which supports the current API v2, authentication is described in the API Explorer.
Our organization uses SAML for SSO into Google Apps. In order to use SSO we must manage the change password functionality through APIs. Since the Provisioning API has been deprecated in favor of the Admin SDK Directory API, I am developing against this API.
The flow I am developing is that the end user will login using Google OAuth2 into my application. Then, using the users access token I am attempting to call the https://www.googleapis.com/admin/directory/v1/users/ API to put a new password, but I get an error 403 "Not Authorized to access this resource/api".
My question is, what privilege is required for the user to be able to update their own password? When calling this API with GET I am able to retrieve my user information successfully, but trying to put a new password (or any other field for that matter) fails.
Here is an example of my request and response:
Request:
PUT https://www.googleapis.com/admin/directory/v1/users/user%40domain.org?key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer ya29.AHES6ZT_7onp48edpClD72X-*************************
X-JavaScript-User-Agent: Google APIs Explorer
{
"password": "wlKsf.##2af"
}
Response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
Only super admins, delegated admins and resellers can access the Admin SDK Directory API.
I suggest creating a delegated admin that only has access to update users via the API and then having your web application utilize an OAuth token created for this delegated admin.
Following the Ads API docs for reachestimate (http://developers.facebook.com/docs/reference/ads-api/reachestimate/), I received a "false" response when calling
https://graph.facebook.com/act_0000000000000000/reachestimate?currency=EUR&targeting_spec={'countries':['US']}&access_token=___
(Note: act_0000000000000000 is my user Id and _ is my access token - these tokens work correctly for other Ads API calls).
Using the Graph API Explorer tool, I receive the following response on this API call
{
"error": {
"message": "(#10) Application does not have permission for this action",
"type": "OAuthException",
"code": 10
}
}
However, when I call
https://graph.facebook.com/1111111111111111/reachestimate?currency=EUR&targeting_spec={'countries':['US']}&access_token=___
where 1111111111111111 is an adgroup, I get a valid data structure.
Has anyone come across this elsewhere? Is there a "magic" setting somewhere that enables this capability on the user account (enabled for ads_management, offline_access)?
Any thoughts very welcome.
Thank you.
Thanks #Igy - just confirmed that my issue was indeed the misuse of my UserID in account field - have since migrated these queries to use the designated account ID and works as expected.