Is there any SCIM endpoints to add users with the groups? I already gone through the article, But i couldn't able to add user with group. Also i need to edit that user and update the group, Is there any SCIM endpoints for these two tasks ?
I tried with the following cURL command
curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"gunasinghe","givenName":"hasinitg"},"userName":"hasinitg","password":"hasinitg","groups":[{"value":"a0612e1e-d8c7-47dd-b9ee-4218291945c8","display":"groupname"}]}" --header "Content-Type:application/json" https://example.com:9443/wso2/scim/Users
At the current implementation it is not supported to add an user to an existing group, and this requirement is captured for the Identity Server road map.
Currently you can update the group with the newly added user, but the operation is PUT operation. Therefore it will replace the existing group with new data. Therefore you need to provide all the users at each PUT request with the new user.
Patch operation is suitable for your requirement there you don't need to send entire user list in order to assign single user to a group. Patch operation will be supported with upcoming WSO2 IS releases very soon so keep in touch.
Related
Im trying to get the active users who were logged in past one week. but there only one API which gives currently active sessions(users). is there any way to get all the active user Id or user count who were logged-in in one week ?
I tried API /sessions api which gave me only currently active users
If you are using IS-6.0.0, this option can be used.
Enable the following event handler in deployment.toml file to update the last logon time of the users when they log into applications.
[identity_mgt.events.schemes.identityUserMetadataMgtHandler.properties]
enable=true
It will update the login timestamp in http://wso2.org/claims/identity/lastLogonTime claim.
Use SCIM API to filter out users who has last logon time between given two time stamps.
Sample CURL:
curl --location --request GET 'https://localhost:9443/scim2/Users?filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+ge+1674065031350+and+urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+le+1674065770177&count=10&startIndex=1' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='
NOTE: This filtering will work only when pagination parameters are given.
filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+ge+1674065031350+and+urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.lastLogonTime+le+1674065770177 -> means that filter the users who has last logon time greater than 1674065031350 and less than 1674065770177
I've created two roles in WSO2 IS v5.7.0. The 1st one '_login' is in 'Primary' domain. The 2nd one 'Manager' is in 'Application' domain. I try to search the group by display name like this. The first query is OK, but the 2nd query returns empty response. Could you help?
1st query: curl -v -k --user admin:xxx 'https://localhost:9444/scim2/Groups?filter=displayName+eq+_login'
2nd query:curl -v -k --user admin:xxx 'https://localhost:9444/scim2/Groups?filter=displayName+eq+Application/Manager'
Roles starting from Application/ are special kind of Internal role dedicated to represent service providers.
EX: Suppose you create a service provider with name xxx. There will be a automatically created role Application/xxx. Service provider xxx will be visible to only users belong to Application/xxx role.
It's a good practice to keep roles starting Application/ away from general user management stuff.
how could I retrieve all user roles for specific user?
I thought one way could be using this:
curl -v -k --user admin:admin https://x:9443/wso2/scim/Users/x9-4fb9-be82-b1c97c073f02
from https://docs.wso2.com/display/IS530/SCIM+APIs
which should return all atributes, but there is not roles inside... when I tried
this for example worked and returned all emails of user.
curl -v -k --user admin:admin https://x:9443/wso2/scim/Users/x9-4fb9-be82-b1c97c073f02?attributes=emails
but when I do this, comma separated retriving of roles, that doesnt work. Maybe it is not considered as attribute?
curl -v -k --user admin:admin https://x:9443/wso2/scim/Users/x9-4fb9-be82-b1c97c073f02?attributes=emails,roles
I just want to achieve that I will have all user information with request, whether it is for all users or one user with all attributes
I have read this https://wso2.org/jira/browse/IDENTITY-4430 issue, but seems like with attributes in url we can fix that
I have tried the same requests you gave, but it gives the role names under "group". part of the response is as follows:-
"groups":[{"display":<your group(role) name associated with the particular user>,"value":<group_id>}]
Did you assign roles(groups) to the specific user before try the above requests?
And here along with the request you are specifying the user id so the response will give only the particular user information, not all user's information.
We are working with WSO2 IS 5.1 with LDAP (embedded, in this time) as user store.
We would like to represent our organizational structure by group objects in LDAP (member attributes).
In SCIM API I add a user to group members properly, but when I try add group object to members of another group, IS interprets group id as user id and, of course, answers that there aren't any user with such id.
How could I add group to members of another group by SCIM API? Is it possible?
To creating a group with users, you need to have that user already existing in the user store and provide its unique id. For an example, to create a new group named: 'engineer' with user 'adam' as a member, you can invoke the following request
curl -v -k --user admin:admin --data "{"displayName": "engineer","members": [{"value":"6b14c23d-4811-4bbd-b653-04fcda2df266","display": "adam"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups
I have an app and I want to post to the users feed.
All the users have allowed publish_stream permission but I have no idea how to post to their feeds which I should be able to do even if the user is offline.
I want to use curl and the graph like this:
curl -F 'access_token=...' \
-F 'message=Hello, Arjun. I like this new API.' \
https://graph.facebook.com/arjun/feed
Do I simply use the access code I got when the users initially allowed me access, or do I have to get a new access code each time I want to post to their feed, if so, how do I do that?
Any help, much appreciated.
After the user authorized your application you get an access-token from facebook. You can use this token to post to the users-wall until he changes his password or removes your application from his application list.
I think you need to include your api-key in the request. Otherwise please provide the error message your getting!