I'm working in an instance of AppDynamics where we enter using SSO, so we just type the name of our account and enter without an user/password.
I need to create a custom event and, according to this documentation https://docs.appdynamics.com/display/PRO43/Alert+and+Respond+API#AlertandRespondAPI-CreateaCustomEvent
what I would need is to run a curl like curl -X POST --user user1#customer1:secret 'http://demo.appdynamics.com/controller/rest/applications/5/events?severity=INFO&summary=test1&eventtype=CUSTOM&customeventtype=mycustomevent&propertynames=key1&propertynames=key2&propertyvalues=value1&propertyvalues=value'
Problem is, I don't have an user/password. If I don't type them I get a 401 as expected.
I can see in My Preferences my username, but I can't find any password in the application.
Is there something I could do to find that password or something that would work for that POST to work?
The credentials for an SSO user reside with the Identity Provider (on your side) not the Service Provider (AppDynamics).
So there are two options here:
Create (or ask an admin to create) an AppDynamics user in the Controller Administration UI. Then use the username / password from this user in your requests.
Create (or ask an admin to create) and API Client configuration in the Controller Administration UI. Then use the Access Token in your requests (Docs: https://docs.appdynamics.com/appd/22.x/latest/en/extend-appdynamics/appdynamics-apis/api-clients)
Related
I am using Meteor user accounts api to create user accounts.
https://github.com/meteor-useraccounts/core/blob/master/Guide.md
How to add email restriction to particular domain such as only #mydomain.org so that only those users with the domain will be allowed to log into the system while other users with other domains such as #gmail.com would not be able to log into the system?
There is this (unfortunately) undocumented Accounts.config which is part of accounts-base. It allows you to set a email domain restriction for accounts creation. This your app won't allow any accounts to be created that are not part of this domain:
Put the following in server and client startup code to configure the accounts package:
Accounts.config({
restrictCreationByEmailDomain: 'mydomain.com'
})
The source documentation says on this particular option
#param {String | Function} options.restrictCreationByEmailDomain If set to a string, only allows new users if the domain part of their email address matches the string. If set to a function, only allows new users if the function returns true. The function is passed the full email address of the proposed new user. Works with password-based sign-in and external services that expose email addresses (Google, Facebook, GitHub). All existing users still can log in after enabling this option. Example: Accounts.config({ restrictCreationByEmailDomain: 'school.edu' }).
Source code of the Account.config method: https://github.com/meteor/meteor/blob/devel/packages/accounts-base/accounts_common.js#L170
I would recommend using accounts-password package to manage user creation and authentication.
With Accounts.createUser method you can easily create an user where you can apply any kind of check. In your case add a regex check to make sure the email address comes from your domain before calling the Account.createUser method.
I am just starting out with using the WP REST API.
For authentication, I use JSON Web Tokens.
The only question I have is how I can give users the possibility to register by themselves, since registering a user also requires an authentication key.
Since the user has not yet logged in, this key cannot yet be retrieved.
I came up with the following two options, but cannot figure out how to do either of them.
The application itself has an authorization key with which the request can be made.
Disabling authentication requirement for user creation.
If I'm looking at this in the wrong way, any answers are welcome!
Thanks!
If your application is a web page then the easiest is to do this separately from the WordPress REST API. WordPress has a web page http://aaa.bbb.ccc/wp-login.php?action=register that allows you to register new users. To enable this web page check the Dashboard -> Settings -> General -> Membership -> 'Anyone can register' option.
If your application is a mobile app then your mobile can just sent the same HTTP request that http://aaa.bbb.ccc/wp-login.php?action=register sends. I.E. a POST request with query parameter action=register with POST parameters user_email, user_login, wp-submit=Register.
If you really insists on doing this using the REST API I think the following will work. (Disclaimer: I have not actually implemented this.)
You will need to override the WordPress REST authentication. First create a new role with the capability 'create_users'. Second create a user with this role. Create a nonce that specifies that a new user is to be registered. When your app returns this nonce and the user credentials to the http://aaa.bbb.ccc/wp-json/wp/v2/users endpoint you should override the WordPress authentication to set the current user to the user you created with the role 'create_users'.
Does anyone know how to have a restlet run as a different role? (e.g. similar to how Suitelets can be configured to run as the Administrator role)
Any tricks to make this possible?
There is no configuration of role on the Restlet script itself.
The role is defined when you send a request to the Restlet.
The header of the request contains the role that the restlet will execute as.
If you are using NLAuth to authenticate then one of the parameters is the role id. So if you want to execute it as admin, send "3" as the role id.
If you are using token authentication, then when you are creating the token, one of the steps is to choose the role.
In this case, you can not execute as admin, you will have to define a role that will correspond to your needs.
I have a Wordpress/WooCommerce installation using Wordpress itself for authentication. I want to switch to LDAP-based authentication (e.g. OpenLDAP). How can I migrate existing users with minimal intervention on their part?
Ideally they would simply continue using their pre-existing credentials for Wordpress and for any other resources using the same LDAP database.
In addition, new users created via WooCommerce purchases should be created as LDAP users.
(Existing plugins like Simple LDAP Login seem to handle creating Wordpress users for pre-existing LDAP credentials just fine. I'm looking for support in the other direction.)
I think you'll have to develop this task yourself. You could check tools like : https://lsc-project.org/start which will allow you to configure mapping and synchronising SQL database to LDAP directory and schedule the task regularly (or trigger it on new row in the DB)
Only point where you could have some problem would be the "keep their credentials". I don't know wordpress, but if the hashing and/or crypting mechanism of the passwords are not natively supported by OpenLDAP, you will have to hash the clear password of the user to store it with a mechanism compatible.
One way would be to tell every user that the password will be reset and that they will have to retype it (some custom landing page where you authenticate the user with his credentials on the wordpress DB and if successful write the password on the LDAP)
Another way would be to deploy some self service password with all account reset and a need to re-set them with a link send to their email (from the LDAP). There are tools like that, for example : https://ltb-project.org/documentation/self-service-password
Follow Esteban's advice I developed a solution as follows:
Wordpress interface
Install Simple LDAP Login
Install JWT Authentication for WP REST API
Users authenticate against LDAP, fall back on Wordpress
"Change password" sends them to new interface
New interface
User logs in via new interface
Users authenticate against LDAP, fall back on:
Authenticate against Wordpress via JWT. On success:
Create LDAP user (we have the password)
Delete Wordpress password hash (no longer needed, forces LDAP-based authentication in future)
Workflow
Existing users can sign in via Wordpress or the new interface. Once they use the new interface (to sign in or change their password), they are migrated to LDAP-based authentication.
New users are registered in LDAP. They can sign in via Wordpress or the new interface, both backed by LDAP.
Anyone can help ,
I have created an api key and and secret key but I am getting an issue regarding to the login section means the api redirect to the https://auth.aweber.com/1.0/oauth/authorize_app/ url and here need a username and password but I am inserting my username and password but its not open and send me a message like
Notice: Invalid credentials - please retry
Make sure that you're using valid AWeber credentials when filling out that form. The username/password are not the API developer account from https://labs.aweber.com, but an actual AWeber account (i.e. what you would use to login to https://aweber.com).