Is there any redmine REST API available for company admin to get the details of user by giving users email id.
details like redmine KEY etc
Yes there is, you can do what you want in 2 API requests:
1) http://your-redmine-url/users.json?name=user#email.com
Using this request you will get basic details for user with email user#email.com
2) http://your-redmine-url/users/193.json?include=memberships,groups
Using this request you will get additional details for user with ID 193 (which we got from previous request) like user's API key, status etc.
Also note the following:
you need to use account with admin privileges to get these additional details
user's API key is only available through API starting from Redmine 2.3.0
user's status is only available through API starting from Redmine 2.4.0
All this info is from Redmine docs, which you can find here.
You can install this Redmine Shared API
This is a plugin share some endpoints of API.
New endpoints for NON-admin users
[GET] /shared/custom_fields.xml | .json
[GET] /shared/users.xml | .json
[GET] /shared/settings.xml | .json
New endpoints for NON authorized (public) users:
[GET] /public/settings.xml | .json
Related
I have some applications served to my company users on EKS (i.e., Jenkins). In company we use Google Workspaces (GSuite) for email and stuff. So I want to allow users to login with Google creds to those applications I serve. I figured out I could use Cognito to achieve it but I cannot connect those and flow end with Google showing 403. Error: app_not_configured_for_user. In their documentation I can find:
Verify that the value in the saml:Issuer tag in the SAMLRequest matches the Entity ID value configured in the SAML Service Provider Details section in the Admin console. This value is case-sensitive.
but how do I debug it? I do not see a logs from neither AWS and Google sides :/
I think I followed all possible guides and I cannot find what I'm doing wrong. I found that Google has this page but they do not provide exact scenario for AWS Cognito. Anyways all of those are very similar so I guess I shouldn't have problems, but I do have.
What I did:
In Google Admin (one for workspaces) I created "Web and mobile app" of SAML type
I downloaded metadata file
In AWS Cognito console I created User Pool
I created IdP provider and uploaded metadata file there
I created application client
Using those values I filled fields ACS URL and Entity ID in Google Admin using values:
ACS URL: https://my-domain-i-just-created.auth.us-east-1.amazoncognito.com/saml2/idpresponse
Entity ID: urn:amazon:cognito:sp:us-east-1_myPoolId
I also selected Name ID format to be Persisted
In attribute mapping I mapped email value to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
In AWS Cognito I enabled HostedUI and also created mapping of http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress to email field.
And now when I click View Hosted UI in AWS console it will redirect me to Google authentication and after it directly to before mentioned 403 app_not_configured_for_user page.
I tied it 3 times with slightly different configurations of mapping, signed responses, etc. but nothing gets me past that error.
Anyone tried to integrate it?
How to troubleshoot the 403 app_not_configured_for_user error related to SAML apps from the Google Workspace Admin console
The first thing you need to do is to grab a HAR file recording the whole login process and find the SAML request. Steps can be found here.
Once you get the file you can open it using that tool and search for SAMLreq at the top right (see image).
After that you will get a list of values containing information. You will have to check one by one until you find the one that has the SAML request in the request tab (see example below).
Once you get the value from the SAML request, copy it and you can use this tool to do a SAML decode and find the entity ID. You can use Ctrl + F and search for saml:Issuer to find the value faster. If the value does not match, then you know you have an error and you will need to contact the support team from the app to see which value is the correct one.
In case the value matches I would recommend opening a ticket to check with Google.
The WSO2 APIM version is 3.2.0.
Created a JBDC secondary userstore opera in WSO2 APIM and added some users say user1.
There was an application created in devportal - GUI_APP
When I try to access the token API with the user in opera, I'm getting the below error.
"Users in the tenant domain : opera do not have access to application admin_GUI_APP_PRODUCTION"
API details below:
Request URL:
https://{APIM_IP}:8243/token
Request Method:
POST
Request Headers:
Content-Type:application/x-www-form-urlencoded
Authorization:Basic (base64 encoded key:secret of GUI_APP)
Request Body:
grant_type:password
username:user1#opera
password:{pwd}
Kindly let me know what change needs to be done, to get the token for users in secondary user store .
The user store domain should be prepended to the username in the following format. The # symbol is used to append the tenant domain to the username.
UserStoreDomain/Username
Also, it is not mandatory to prepend the user store domain. When the user store domain is not prepended, it will first search the username in the PRIMARY and then search for all the secondary user stores.
I am creating an Android and iOS app and a lot of network features that I'm implementing utilize AWS Amplify. I have an authentication system that sets up and verifies user info through AWS Cognito and AWS User Pools. However, I'm also trying to store more attributes for each user beyond just usernames, emails, phone numbers and passwords. I also want to store things such as scores, number of days logged in, etc. Some AWS services such as S3 appear to allow me to create a database with these attributes, but it appears that everyone can access them, and I need an extremely secure system where the only people who can access these user attributes are the user themselves and me as the admin.
What is the best way to implement this feature within AWS while integrating it with an Android/iOS app? Thank you
I would recommend adding either a Rest API or GraphQL API to your Amplify backend. This will create a secure API that will use a JWT token generated by Cognito for authentication. Your data will be stored in DynamoDB tables that will be generated via the #model directive in your GraphQL schema.
Create a GraphQL API
Navigate into the root of a JavaScript, iOS, or Android project and run:
amplify add api
Select the following options:
Select GraphQL
When asked if you have a schema, say No
Select one of the default samples; you can change this later
Choose to edit the schema and it will open the new schema.graphql in your editor
A simple model for tracking user scores and days since last log in might look like:
type UserData #model {
id: ID!
cognitoUserId: String!
score: Float!
lastLoggedInAt: AWSDate!
}
More details on building an Amplify GraphQL API here https://docs.amplify.aws/cli/graphql-transformer/overview/
Create a REST API
Follow the wizard to create a new app. After finishing the wizard run:
amplify add api
Select the following options:
Please select from one of the below-mentioned services: REST
Provide a friendly name for your resource to be used as a label for this - category in the project: itemsApi
Provide a path (e.g., /book/{isbn}): /items
This will be the configuration for /items path in API Gateway:
/
|_ /items Main resource. Eg: /items
ANY Includes methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
OPTIONS Allow pre-flight requests in CORS by browser
|_ /{proxy+} Proxy resource. Eg: /items/, /items/id, items/object/{id}
ANY Includes methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
OPTIONS Allow pre-flight requests in CORS by browser
More on creating an Amplify REST API here
I am new to Django and working as an intern for a company. I have been tasked with creating an internal software for them to use. The software needs to have a log in system for the employees. However, the company already has an auth api they use for other products. How can I make use of that api to log the users on? I have searched for an answer for a while and I couldn't find one.
The auth api has an endpoint called '/token' which is used to validate the email and password.
I'm guessing I need to remove the 'django.auth' stuff from settings, but I have no more insight into this than that. Any help would greatly be appreciate.
Below is the swaggerhub documentation for an endpoint of the api:
/token:
post:
summary: Generate a new token (aka login)
operationId: createToken
tags:
- authentication
description:
Login using email and password, and retrieve a newly created bearer token to access our APIs.
Alternatively, use a token to create another one.
You need to create an Authentication backend which will check the given to tokens in your existing token database.
See Customizing authentication in Django
I recently updated my environment from WSO2 IS 5.0.0 to WSO2 IS 5.2.0. My environment consists of 2 machines that are creating a cluster (using the WKA membership scheme and Load Balancer(AWS ELB) with sticky session enabled). I am using MySQL(not the default H2 database). The machines on which the IS is deployed are Windows Server 2012 R2 (EC2 AWS machines). I am also using the so called WSO2 IS Admin services.
As mentioned in the heading I am consuming the UserProfileMgtService
(https://url:port/services/UserProfileMgtService?wsdl).
In combination with it I am using OAuth2TokenValidationService
(https://url:port/services/OAuth2TokenValidationService?wsdl).
If I pass valid access token to the OAuth2TokenValidationService I am able to fill in with data OAuth2TokenValidationResponseDTO object by using the Validate method of the OAuth2TokenValidationService. As result I am able to extract the authorizedUser and pass it to the getUserProfile method of the UserProfileMgtService. I am using the standard carbon.super domain and I am using the email as username. For example I am passing the following two parameters to the getUserProfile:
"admin#admin.com#carbon.super" as username
"default" as profileName
And as result I receive the following message:
UserNotFound: User admin#admin.com#carbon.superdoes not exist in: PRIMARY
If I remove the "#carbon.super" from the authorizedUser, everything is fine and I am able to get the user profile information. This is quite important for me since I am using multitenancy of the IS and there is a case that I might have the following users:
admin#admin.com#test.net
admin#admin.com#test2.net
I noticed that this service was not working this way in WSO2 IS 5.0.0. I started experiencing this issue after the upgrade.
Is this a desired behavior and is introduced because of the change in the API in IS 5.2.0? If so is there another way to be able to get the user profile using the "username"+"tenant-domain"(that is retrieved by the OAuth2TokenValidationService as authorized user when passing valid access token).
Is it possible that this is caused because of misconfiguration? If so which is the file that needs to updated and what exactly should be modified in it?
Is there a place where more information could be retrieved for the WSO2 IS 5.2.0 Admin Services?
Thanks in advance.
UserProfileMgtService in Identity Server is an Admin Service. In WSO2 Admin Services, the tenant domain is identified by authenticated user and it should not pass with username.
username should be tenant free username.
So, you can remove carbon.super portion from the username and then it will work.
In tenant setup, you need to authenticate with a tenant user (Ex admin#admin.com#test.net) in order to access these API. So, like in the super tenant, you can use tenant free username and then it will work.
For example, if you want to get user profile of user : testuser#admin.com in tenant domain test.net, your request should be like bellow image.
Thanks
Isura.