I've two WSO2 IS 5.7.0 environments. The id tokens returned by https://localhost:9443/oauth2/token have slight difference. the first environment: the 'groups' attribute has values like the following:
"groups": [
"FOTA_WEB_View_User",
"FOTA_Engineer",
"FOTA_Manager",
"FOTA_WEB_Admin",
"Internal/everyone",
"_login",
"FOTA_APP"
]
but in the second environment, the 'groups' attribute has values like the following:
"groups": "BDA-AA-Flameout-Download,BDA-Diag-TempSensor-Download,BDA_Admin,BDA-AA-Superknock-Download,Internal/everyone,_login,BDA-AA-Flameout-View,BDA-AA-Superknock-View"
Actually, the first is expected.
The configration seems the same, i.e. add a new service provider, and then add
Requested Claims. see below pictures.
A possible way to happen this is not configuring the MultiAttributeSeparator property in user-mgt.xml (/repository/conf/user-mgt.xml) file. This property is available in all UserStoreManager classes. In this case we need to set the value for the MultiAttributeSeparator property to comma (,) in the JDBCUserStoreManager properties since the user store is a JDBC database (MYSQL).
Related
I've finally gotten Azure Single Sign-On (SSO) connected to Apache Superset running via docker-compose, following the Flask docs. Users in my company's Azure group can create and access Superset accounts by logging in with Azure and they are assigned roles based on their identity. This is good.
The usernames they get assigned, however, are long Azure ID strings. These are undesirable in displays. Here's what my account looks like on the List Users screen and on my profile:
How can I modify either my Azure application SSO setup or my Superset config to have Superset populate usernames like SFirke for the account usernames, instead of values like 3ee660ff-a274 ... ?
The security part of my config.py looks like this, almost identical to the Flask template:
OAUTH_PROVIDERS = [
{
"name": "azure",
"icon": "fa-windows",
"token_key": "access_token",
"remote_app": {
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
"api_base_url": "https://login.microsoftonline.com/TENANT_ID/oauth2",
"client_kwargs": {
"scope": "User.read name preferred_username email profile upn groups",
"resource": "RESOURCE_ID",
},
"request_token_url": None,
"access_token_url": "https://login.microsoftonline.com/TENANT_ID/oauth2/token",
"authorize_url": "https://login.microsoftonline.com/TENANT_ID/oauth2/authorize",
},
},
]
EDIT: Looks like the way to go is writing a custom userinfo retrieval method, there's a template on the Flask page linked above and an example used for Superset in this Github comment. I think I would use a line like "id": me["preferred_username"] or "id": me["upn"], based on the field names in the Microsoft docs.
But Microsoft notes that this value can change over time and should not be used for authorization changes. Since the oid value is immutable, and it is hardly visible to the typical user, I plan to just stick to it.
I have started trying out google cloud data fusion as a prospect ETL tool that I can finally decide to use.When building a data pipeline to fetch data from a REST API source and load it to a MySQL database am facing this error Expected a string but was NULL at line 1 column 221'. Please check the system logs for more details. and yes it's true I have a field that is null from the JSON response am seeing
"systemanswertime": null
How do I deal with null values since the available dropdown in the cloud data fusion studio string is not working are they other optional data types that I can use?
Below are two screenshots showing my current data pipeline structure
geneneral view
view showing mapping and the output schema
Thank You!!
What you need to do is to tell HTTP plugin that you are expecting a null by checking the null checkbox in front of output on the right side. See below example
You might be getting this error because in the JSON schema you are defining the value properties. You should allow systemanswertime parameter to be NULL.
You could try to parse the JSON value as follow:
"systemanswertime": {
"type": [
"string",
"null"
]
}
In the case you don't have access to the JSON file, you could try to use this plug in in order to enable the HTTP to manage nulleable values by dynamically substituting the configurations that can be served by the HTTP Server. You will need access to the HTTP endpoint in order construct an accessible HTTP endpoint that can serve content similar to:
{
"name" : "output.schema", "type" : "schema", "value" :
[
{ "name" : "id", "type" : "int", "nullable" : true},
{ "name" : "first_name", "type" : "string", "nullable" : true},
{ "name" : "last_name", "type" : "string", "nullable" : true},
{ "name" : "email", "type" : "string", "nullable" : true},
]
},
In case you are facing an error such as: No matching schema found for union type: ["string","null"], you could try the following workaround. The root cause of this errors are when the entries in the response from the API doesn't have all the fields it needs to have. For example, some entries may have callerId, channel, last_channel, last data, etc... but others entries may have not have last_channel or whatever other field from the JSON. This leads to a mismatch in the schema provided in the HTTP source and the pipeline fails right away.
As pear this when nodes encounter null values, logical errors, or other sources of errors, you may use an error handler plugin to catch errors. The way is as following:
In the HTTP source plug-in, change the following:
Output schema to account for custom field.
JSON/XML field mapping to account into custom field.
Changed Non-HTTP Error Handling field to Send to Error. This way it pushes the records through error collector and the pipeline proceeds with subsequent records.
Added Error Collector and a sink to capture the error records.
With this method you will be able to run the pipeline and had the problematic fields detected.
Kind regards,
Manuel
I would like to set or to modify display names of members subscribed to groups I'm managing (see attached picture).
I need to do that by Groups Migration API or GAM. But members object don't include that information!
I try to execute following command:
gam update group test-group add member user "Pippo Paperino" pippo.paperino#email.-it
this don't work. :-(
Does anybody knows how to do that?
{
"kind": "admin#directory#member",
"etag": "\"enlFCt4L0xxxzRNl5h_fsrc/PLoDCCsd1WkZFMzGD8Xvw7uzSCQ\"",
"id": "109503944206647999229",
"email": "pippo.paperino#email.it",
"role": "MEMBER",
"type": "USER",
"status": "ACTIVE",
"delivery_settings": "ALL_MAIL"
}
enter image description here
A member of a Group can be a user or another group.
If the member of the group is a user, the display name corresponds to the name the user has in the Google Account (the fullName, which is formed by concatenating the givenName and the familyName): check User resource . You cannot update the display name in Groups directly. If you want that display name to change, you would have to call Users.update in Admin SDK > Directory API, and provide a new user's familyName and givenName. But bear in mind that this will change the user's name everywhere, not just the display name in that group.
If the member of the group is another group, the display name corresponds to the name property in the Group resource. If you want to update that display name, you would have to call Groups.update and provide your desired display name. Of course, this will change the display name not just in that group, but everywhere.
Reference:
Members
Groups
Users
I hope this is of any help.
I have a requirement in which I need to access the creative format type for each adCreative.
I explored the API and figured that this information is stored in Ad Creative Object Story Spec, however, I am not able to query this object.
This is the request I am making
https://graph.facebook.com/v2.11/<account_id>/adcreatives?fields=id,adset_id,name,creative,image_crops,object_story_id,image_url,image_hash,object_type,object_id,object__story_id,object_url&limit=500&access_token=<access_token>
This is not returning object_story_id and object_story_spec field only.
What am I missing here?
Thanks in advance.
Request those fields on the adcreative edge itself. ie your first call will return a list of adcreative ids.
{
"data": [
{
"id": "23842732907210427"
},
{
"id": "23842732907020427"
}]}
So you would call graph.facebook.com/23842732907210427?fields=object_story_id&access_token=USERACCESSTOKEN to retrieve the spec for that ad creative.
You can also nest queries so you may be able to retrieve the spec in a single call but I have been unsuccessful attempting this. https://developers.facebook.com/docs/graph-api/using-graph-api
I can read users feeds or posts
https://developers.facebook.com/tools/explorer?method=GET&path=me%2Fposts
but when I try to reach a groups feed or posts, I can't. I added auth part but it returns empty JSON. From the groups I tried, one was closed and 2 other are open groups.
https://graph.facebook.com/228955270470492
The above returns this:
{
"id": "228955270470492",
...
"name": "ADI BİLİM",
"privacy": "OPEN",
...
}
Requesting this feed
https://graph.facebook.com/228955270470492/feed?access_token=AAACEdEose0cBAACgceqTZCBg0YA7MifDP02MKVXpZCipHJNHmHqK5OTzDvJaNke2JDxhOxKOTFl6bPOoZCZAdUZAQFFV6lD8GCMTxQHigUQZDZD
results in empty:
{
"data": [
]
}
What I am doing wrong?
This is working fine for me, is your access token for a user who's a member of the group?
If not, the group needs to have visiblity OPEN. You may also need user_groups permission for the user, but I'm guessing you already have that if you're accessing the user's list of groups
Even this group is public I need to auth app "read_stream" from extended permissions. Now I can see feeds :)