I am adding test users to Identity Server. I can not login with them because I get an error in the logs that state
Your account is not active
How can I activate these dummy accounts?
Add a user and assign user role(s) (admin/everyone or custom defined role) to the created user. Give necessary Permissions to the user role.
Are you using standalone IS? Can you give exact steps to reproduce the issue.
Thanks
Thilini
Related
Using Google Cloud, there exists a BigQuery View table that queries two projects.
However, on the project where the view is located, we wish to run a query against it from Airflow/Composer. Currently it fails with a 403.
AFAIK it will use the default composer service account - however it doesn't have access to the 2nd project used in the sql of the view.
How do I give composer's service account access to the second project?
Think about a service account like a user account: you have a user email that you authorize on different project and component. Exactly the same thing with the service account email.
The service account belongs to a project. An user account belongs to a domain name/organisation. No real difference at the end.
So, you can use a service account email like any user accounts:
Grant authorization in any project
Add it in Google Groups
Even grant it viewer or editor role on GSuite document (Sheet, Docs, Slides,...) to allow it to access and to read/update these document!! Like any users!
EDIT
With Airflow, you can defined connexions and a default connexion. You can use this connexion in your DAG and thus use the service account that you want.
I think you have to add the service account into project IAM.
I'd like to create some OAuth client IDs in the GCP but I do not have some permissions for that. I got a warning "You don't have permission to create an OAuth client"
I can simply add me to the role roles/owner and do it, but I'd like to have something like a minimal permission/role to create OAuth client IDs. What permissions/roles from this list should I use?
https://cloud.google.com/iam/docs/understanding-roles#service_account_roles
I tried roles/iam.serviceAccountTokenCreator but it doesn't work.
Besides having at least the Viewer role assigned in order to see the Google Cloud Platform project and navigate the Cloud Console the only relevant permission in order to create an OAuth client should be clientauthconfig.clients.create. But notice that besides creating them, the user would not have the ability to delete or update them.
My suggestion would be to create a custom role that have at least the following permissions:
clientauthconfig.clients.create
clientauthconfig.clients.createSecret
clientauthconfig.clients.delete
clientauthconfig.clients.get
clientauthconfig.clients.getWithSecret
clientauthconfig.clients.list
clientauthconfig.clients.listWithSecrets
clientauthconfig.clients.undelete
clientauthconfig.clients.update
And make sure that the users have at least the Viewer Role as well as this custom role assigned.
You can try to create a custom role which has permissions clientauthconfig.*
Note: As per https://cloud.google.com/iam/docs/custom-roles-permissions-support, these permissions are in testing phase so please try them out thorougly before putting in production.
Hope this helps.
I am trying to login to the APP publisher after creating a user and assigning the internal/Publisher role to it, but every time it gives me the error as
No Privileges to login. You do not have the permission to login to this application. Please contact your administrator and request permission.
The console error is
User does not have permission to access the publisher application.Make sure the user has the publisher role.
If the user has the internal/publisher role assigned, logging in should be possible.
Can you please mention the exact steps you are executing and any other changes made to configurations.
However there is a known issue [1] where we can't use a new role with permission identical to that of the internal/publisher role.
If you are trying to use such a newly created role, you can try the workaround mentioned in [1]
[1] https://wso2.org/jira/browse/APPM-796
I installed WSO2 Identity server and logged in using admin/admin, but under home pane, I am not able to see SAML SSO, OAuth entries under Manage category. Any help will be appreciated. Thanks
Did you try to login as "admin", to create a new role and validate the list of permission settings visible under this role (see icon permissions). A tree with checkboxes should be visible defining the permission level for each role, by this defining the permissions inherited to the account. Once the role is defined, create and add a user account to this role. Logout and login with the new administrator userid and hopefully you will see all options on the menu.
Is it possible to disable a user account in WSO2 Identity Server 5.0 after a certain period of inactivity? Is there any way to implement this using a REST or SAOP API?
i'm new on WSO2 Identity Server, but I would try this way:
Create a scheduled job.
You can implement it as you want or, for example, you can use WSO2 Task Server features.
The scheduled could call a web service, who implements these steps:
read last login timestamp for each user in IS;
calculate difference from last login timestamp e current timestamp;
populate a list of users to disable;
for each user to disable, call the WSO2 Identity Server Admin Services to "disable operation".
I'don't find the "disable operation" implemented in IS, so i think you could realize a DISABLE status creating a role, called "USER_DISABLED", without login permission or try to remove login permission on the original role of the user.
As I said i'm new on WSO2 IS, but i would try this way.
Sorry for my english.
Bye
Vincenzo F.
You cannot directly disable the user account. what you can do is, you can disable user account by changing the permission of the user in the user group. In order to disable the login account You have to add the particular user to that user group. You can un-check it at the user permission tree.
Find the below steps to change the user permission:
Login to WSO2 IS Management Console.
Click on Configure to access the Configure menu.
From the Configure menu, select Users and Roles.
On the User Management page, click on the Roles link.
Locate the role you want to edit, and click on the Permissions link
associated with it.
On the Permissions of the Role page, deselect permissions assigned
to the role using the check-boxes.
finally click on the Update button to save the alterations.