Visibility of Confluence user sessions? - confluence

I can easily view user sessions in Jira by accessing System > Security > User Sessions (see documentation here).
However, I can not find a similiar option in Confluence. Is it possible to access the user sessions in Confluence?
In the end, I would like to access it programmatically but I am afraid that if there is not even a way to get there via the UI, I am out of luck doing so via the Confluence API.
The question was asked here already, but there was no satisfying answer.
Thanks!

You can use the Confluence User List macro (confluence server):
https://confluence.atlassian.com/confeap/user-list-macro-480346630.html?_ga=2.138789171.1460206440.1517834060-1884022569.1490585845
Don't forget to enable the User Log In Listener module as described in the instructions of the link I shared above to be able to see online/offline users.
As for an API way, I don't think there is a way to do this at the moment. You can try and find a way to build your own plugin that extends the listener module used by the above macro if that is even possible.

Related

Use personalised information in a custom google actio

I’ve built a google action that talks to my bespoke web Api.
The actions code currently has personal details hard coded into it. I need to make it so that when someone uses it for the first time it asks them for a username password and URL.
Is there a way to do this? Or maybe there is a way for a user to add those details to there google account in some way that the action can read them.
Alternatively is there a way to publish an action so only specific users can access it?
In general, asking for a username and password is a bad approach for Actions, for several reasons, and asking for a URL can be quite a mess. Particularly if you're expecting the user to access the Action via voice or a device that doesn't support a keyboard.
The better approach is to use Account Linking to connect their Google Account to an account they have created on your system. If you need additional one-time configuration information, you can have them provide this information for their account via a webapp, store it in a datastore of some sort, and then access it when they contact your webhook via the Action.
There is no way to have the Assistant enforce access to a production Action. You can publish an Alpha release to up to 20 accounts, but this is still treated as a "test" version.

Office 365 room mailboxes CalendarProcessing access via Microsoft Graph

When using rooms and equipments, Exchange (in Office 365, but in other versions as well) uses a number of options to handle requests for those resources in events.
By default, Exchange will for instance strip the subject when creating the event in the room's calendar, and replace it with the organiser name. If you then try to fetch the room's calendar (for a meeting room display, for instance), you'll only have the organiser name instead of the subject of each meeting.
This may be appropriate in some scenarios, but in many others one wants the actual subject to be shown in that calendar.
To achieve that, the only option I know of is to use the Powershell Set-CalendarProcessing cmdlet to change DeleteSubject, AddOrganizerToSubject and more.
In a SaaS environment this is pretty annoying as you need the Office 365 admin to use Powershell to do this operation, which may not be completely straightforward, or you need to ask for the user's login and password and pass them to Powershell, which raises security issues, and will not work in many scenarios (2FA, SAML auth...).
Is there a way to access these settings via Microsoft Graph?
Alternatively, if not available via Microsoft Graph, is there a way to use a Microsoft Graph oAuth token to perform this operation via Linux Powershell? I know it's possible to use oAuth tokens, but despite all my efforts I haven't managed to find a way to perform regular hosted oAuth login and use the token received for this purpose.
Any hints welcome!
Edit
To clarify: I'm in a SaaS scenario where I am the SaaS provider, so I need to allow admins of my customers to change those settings easily or automatically, it's not to access my own room mailboxes (I would use powershell for that).
I don't see anything in the MS Graph Reference that would do what you want. With that said, the barriers you state in your question for using the remote powershell api shouldn't be hard to accomodate.
For starters, your IT provider for email should work with you to configure rooms the way that you want/need. If they are willing to delegate this to you, then there are ways to set up Role Based Access Control (https://4sysops.com/archives/create-custom-rbac-roles-in-exchange-and-office-365/) to give you only access to calendar processing.
Likewise, MS has posted instructions and tools to use MFA with Exchange Online Powershell (https://learn.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps).
According to your description, I assume you want to get the subject of a meeting room.
There is no reference on official Doc for your case yet, we can post this issue to the Graph support on the User Voice.
The only interface I'm aware of for managing this (beyond the Exchange UI of course) is PowerShell.
This isn't supported by Microsoft Graph or Exchange Web Services. It's worth noting that even if this operation was supported, it would still require an Admin to execute it. Operations of this nature almost always require Admin Consent.
Try using JEA (Just Enough Administration) or PSSessionConfigurations . Create a constrained endpoints and give access for necessary user/groups for required cmdlets.

Bluemix Single Sign On - remove self registration

I've just integrated my app with IBM's SSO via Cloud Directory. The idea here is that I want access to be very secure and only authorized users (pre-approved) can access the application (e.g. website in this case).
However, I've just realised now that anyone that goes to the app's webpage can, instead of logging in, just select "Register New User" and fill in some details and he's given access? Is there a way to:
1) EITHER keep that registration form, but require one of the admins to approve it before access is given? (better solution)
2) OR completely remove the self-registration option?
As the current situation is far from secure for what I need.
Thanks a lot!
I talked with the support team and that is the best (only) way to do it, just remove the links from the HTML templates.

Calling external rest resources within confluence atlassian wiki

I want to call external rest resource from within confluence atlassian wiki .
Any examples ?
Can this be achieved via CLI in the backend ?
Please kindly share your thoughts.
The fact that you need this is a warning sign about the design of your app. The plugin api is way more powerful than the REST api and you should lern to use it.
Technically, what you want is possible, but you may have a problem with authentication. When you try to reach the web interface from the backend, you have to log in as a user, you will not be automatically logged in as the backend user. You also need to have access to the url, which is not automatic in corporte environment with all kinds of complex networks solutions.
If the rest service is unauthenticated then you could look to Enable the html-include macro.
Which would allow you to do an html include of the GET REST service call within the page.
Would look like this once enabled:
{html-include:url=http://www.example.com/rest/myservice?param1=1}
However, I suggest looking to use their whitelist feature if you do this.
This also only works for self hosted instances and not for on-demand.

How can I get read-only access to the Google Apps Profiles API?

I have an application which wants to provide customization for users once they log in. Simple things like displaying a profile image and job title. This information is available in the Google Apps Profiles API, but the domain-admins are concerned about overreach with the scope. In particular, they don't want to approve the application if it has write access when it isn't needed.
The regular scope (with read/write) for the API according to the API Documentation is https://www.google.com/m8/feeds/profiles and I have tried all of the following with no luck
https://www.google.com/m8/feeds/profiles.readonly
https://www.google.com/m8/feeds/profiles.read
https://www.google.com/m8/feeds/profiles/#readonly
https://www.google.com/m8/feeds.readonly
https://www.google.com/m8/feeds.read
https://www.google.com/m8/feeds/#readonly
What scope can I specify in order to get read-only access to the Profile data? If I'm barking up the wrong tree entirely, where should I be looking?
Any non-admin user can access the GAL programmatically, see:
https://github.com/google/gfw-deployments/blob/master/apps/shell/gal/gal_feed.sh
I don't believe this api call is documented or supported officially. Note that the Global Address List is a compilation of user profiles, groups and shared contacts. If you don't want to see groups and shared contacts you'll need to figure out how to parse them out.
You need the user account under whose credentials the code is running to be either:
super admin or
to be listed under CPanel > Domain Settings > Admin Roles > [...put it in a created/user role...] > "Provisioning APIs" > Users - create/update/read/delete (as required, ticked ON). For example, for read only access to the Profiles API, set it there to 'read'.
I wrestled with this myself. I was not able to get this to work either.