IBMid SoftLayer linked user password automated reset - ibm-cloud

My question is basically the same as this question SoftLayer API OpenIdConnect Reset Password.
Once SoftLayer users are linked to IBM Bluemix users, the softlayer API can no longer be used to reset user passwords.
The only answer to the previous question indicates that "a bluemix api" must be used.
I've been searching for such an api but I'm not finding much, a million links for API design and connect on Bluemix but nothing for resetting the password in an automated fashion.
Can anyone point me to an API can can be used to reset or change the password for SoftLayer IBMid linked users?
Thanks!
Update:
I continue to search for a solution, I've downloaded and installed the BlueMix CLI and the Cloud Foundry CLI cf.
The bluemix CLI doesn't seem to have any password functionality, cf has a user password function but after prompting for Current Password and New and Confirm, it reports that current password doesn't match, which leads me to believe that the CF user functions are not tied to the IBMid open id server. (makes sense, just wanted to make sure and rule it out as an option)

Related

Connecting to MS Forms connector using Service Principal within logic app

I am creating a logic app that will trigger when a form request is submitted.
The MS Form connector requires me to sign in. This is acceptable during development, but we have a lot of logic apps and so use DevOps to automate deployment.
With the current connector, after deployment we still have to:
manually open the logic app in the portal.
connect using authorized credentials.
save the logic app.
This manual process completely defeats the point of using DevOps with Logic Apps.
Its a similar issue when using the Outlook connector.
Is there a way to supply server principal credentials to these connectors, so that they are correct at deployment time and require no manual intervention?
It seems that it's not supported to login on MS Forms connector with service principal. Connectors that can use service principal authentication will have "Connect with Service Principal" option, like Azure Data explorer. You can give your voice on this feedback to promote this feature.
API Connections with OAuth authentication, like Office 365 and Microsoft Team connectors etc, require manual consent. Unfortunately, at this point in time, authentication for those cannot be fully automated.
Here is a ticket you can refer to.

Granting service accounts access to AzureDevOps

I'm wondering what is the correct way to grant service accounts access to AzureDevOps. Ex: access to source code, API's, etc.
Since "Basic Authentication" was deactivated, I've been using personal access tokens but it seems awkward to login using a service account, generating the PAT, and so on. Also, since they are limited in time, we have to ensure renewal schedules/reminders for each connexions.
I am on the wrong track? Is there a more "natural" way to do it? Is SSH more adapted for this?
I've found this guide which helps but I can't find how (for example) granting a third-party application access to a project's repository.
https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/authentication-guidance?view=azure-devops
PS: Service Connections and Service Hooks are not what I'm looking for.
What you are looking for probably is OAuth 2.0 Client Credentials Flow for Azure DevOps. Unfortunately Client Credentials Flow is not yet supported on Azure DevOps. See this thread Client Credentials Flow for Azure DevOps.
But, You can check out OAuth 2.0 auth code flow,which is now supported on Azure Devops. Please check out this detailed tutorial Authorize access to REST APIs with OAuth 2.0. This is an example to implement OAuth 2.0 auth code flow.
There are also Codes samples provided in above web link you mentioned in the question. You can checkout these samples to learn their authentication mechanism, and choose one that suits you most.

Configure Authentication for actual html login page

We've got an install of Azure Devops server that currently authenticates against our active directory server and authentication works, but it appears to do so by means of browser basic authentication (the browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such that users that have never logged in, actually get a login page... not just the basic authentication prompt in the browser.
I appreciate any input, I've used and administered azure devops in the cloud for a LONG time, but the devops server stuff I'm new to.
NOTE: I've played with IIS settings for authentication (enabling and disabling basic authentication and forms auth etc, but nothing really seemed to help there)
it appears to do so by means of browser basic authentication (the
browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such
that users that have never logged in, actually get a login page... not
just the basic authentication prompt in the browser.
What's the login page do you mean?
1.If you mean the login page to connect to TFS web portal, as I know using basic prompt with username+password is the only appraoch.
Web Portal:
Only logic page:
2.But if you mean something used for authentication when accessing the code. I think you must be familiar with PAT which is widely used in Azure Devops Service. IIS Basic Authentication is not recommended. You can check Enabling IIS Basic Authentication invalidates using Personal Access Tokens and Use the TFS Cross Platform Command Line with TFS using basic authentication or personal access tokens (PATs).
Hope it helps to resolve your puzzle :)
So after lots of research, I found that in the differences between azure devops server and azure devops services documentation. In this documentation it states that it uses windows authentication, and you will never be presented with any login experience.
I'd vote that this should be something that be configured to show a login screen, as sometimes we want to log in as users other than the users we logged into the machine as.

Access/use roles and custom info from OpenId Connect profile within Dynamics 365 Portal?

I am starting to work with Dynamics 365 Portal add-on (Online, not on-prem), which I've configured to use an external authentication provider in the form of Identity Server with OpenId Connect. The problem with this is that I don't have access to the under-the-hood portal authentication process, there's just a few basic config settings and users can authenticate using the external IdP. I can't access roles, claims, or any custom info that might come back as part of the OpenId Connect user's profile (userinfo object response). I need to get at that data to customize the portal user experience. I've looked through whatever documentation I could find on the portal but can't find anything. Am I missing something or is it just not possible to access that info and customize the portal login process? Since it doesn't seem possible to do anything server-side within the portal because it's Online, can I do anything client-side within the portal to get the OpenID access token and call the UserInfo endpoint with that?
I had a case open with Microsoft and finally got an answer from them: In Dynamics CRM Online with the Online Portal add-on, there is currently no way to access anything coming back from an external identity provider. So for example, if you've configured the portal to use an external identity provider such Google, Facebook, etc, or like in my case an Identity Server instance with OpenId Connect, you can't access the claims or any other info coming back from the provider.
UPDATE:
I got another response from Microsoft support: they have confirmed their dev teams are working on making this available but don't have an ETA yet. At least it's on their radar.

Where to get the Alchemyapi API key?

I'm doing the, Getting Started with AlchemyAPI Using Ruby, Ruby tutorial. But I cannot seem to find my API key.
Source: http://www.alchemyapi.com/developers/getting-started-guide/using-alchemyapi-with-ruby
At step 3:
3) Configure the Ruby SDK to use your API Key Now that you have the
Ruby SDK code on your computer, you need to do configure it to use
your API key. In the alchemyapi_ruby directory, run:
ruby alchemyapi.rb YOUR_API_KEY
Where YOUR_API_KEY is the 40 character API key you received in your
e-mail when you registered. If everything goes okay, you should see
the following output:
But I didn't get an API Key in an email...
The tutorial sent me to IBM Bluemix to register, which I have.
This is the email from signing up.
Hi XXX,
Thank you for signing up for Bluemix! During your trial, you'll have
access to Bluemix to build apps, with 2 GB of runtime and container
memory, as well as up to 10 provisioned Bluemix services. And, you
won't need to provide any form of payment for this trial.
Confirm your account to start your 30-day trial.
If you have any problems logging in, let us know at IBM Bluemix
Support.
Welcome to Bluemix!
--IBM Bluemix Team
After confirming - still no API Key. I've logged into the Bluemix site and have been searching around but also don't see it.
I apologize in advance if I've missed something obvious. But I'm wasting a lot of time here and would really appreciate any help :)
Has anyone signed up for this service recently and been able to get their API key. Can you tell me where it came from?
Login to Bluemix, go to Services & APIs. In Watson section chose AlchemyAPI and create one. After AlchemyAPI is created go to the dashboard and select created instance.
Under Service Credentials you can find the apikey:
After the acquisition of AlchemyApi by IBM the endpoints have changed hence the old legacy code in GitHub will not be able to use the key which you get from ibm bluemix.
Click on the watson --> then on the previously created credentials --> again click create. Then highlight the 'service credentials' to see the json format details.