SAPs User API for the HANA Cloud Platform, gives you the posibility to look up a user like this:
InitialContext ctx = new InitialContext();
UserProvider userProvider = (UserProvider) ctx.lookup("java:comp/env/user/Provider");
user = userProvider.getUser(reqUser);
it also allows you to look up the assignt role ( for example Administrator)
user.hasRole("Administrator");
(untils this point everthing works fine)
and finally the password like this:
userProvider.checkUserPassword(username, userPasswordAsCharArray);
The Question:
Why does the checkUserPassword method even exists if there is no way to assign passwords to the users you can create in the Hana cloud cockpit?
(You can add a user to a group and assign a role to the user, but there is no password option)
Where is my mistake ?( I checked the Documentation and searched the web but couldn't find anything in 2 hours!)
You don't create users via cloud cockpit. You only assign them application or account member roles and groups.
The UserProvider.checkUserPassword() method will by default check the password of the provided user against the SAP ID Service.
If you have configured an on-premise user store (see OnPremise User Store) then the method will check the password agains the configured user store.
Related
How do I create a system user? The goal is using this user as an administrator.
I can only create normal (client) and server (something like client) users, but I'm unable to create a system user.
I tried the Atlas App Services Admin Rest API but there I can do just the same I can here.
I see that a possible solution is adding custom user data but there isn't a way in the console.
Any solution?
A server user is for backend access to your database. This may be useful if you are looking to perform backend database administration.
When you use Atlas App Services, you are creating users for frontend access to user-appropriate data. If you want to create users on the frontend with a role/privilege of 'Administrator', then you need to implement that logic.
You can create custom data for users, which is a separate document linked to the user with additional fields. A simple implementation would be a custom field 'isAdmin'.
A rule would need to be implemented to only give your frontend users access to restricted data once 'isAdmin' === true. For example:
{
"%%true": {"%%user.custom_data.isAdmin"}
}
For more rule examples: https://www.mongodb.com/docs/atlas/app-services/rules/examples/
I am developing an addon for gmail and the data I need is in the firestore. Can they help me connect firestore with Google app script
The easiest way to use this library is to create a Google Service Account for your application and give it read/write access to your datastore. Giving a service account access to your datastore is like giving access to a user's account, but this account is strictly used by your script, not by a person.
If you don't already have a Firestore project you want to use, create one at the Firebase admin console.
To make a service account,
Open the Google Service Accounts page by clicking here.
Select your Firestore project, and then click "Create Service
Account."
For your service account's role, choose Datastore > Cloud Datastore
Owner.
Check the "Furnish a new private key" box and select JSON as your
key type.
When you press "Create," your browser will download a .json file
with your private key (private_key), service account email
(client_email), and project ID (project_id). Copy these values into
your Google Apps Script — you'll need them to authenticate with
Firestore.
[Bonus] It is considered best practice to make use of the Properties
Service to
store this sensitive information.
For more information on this Please refer this link.
I would like to get login user (username, roles ...) when start new process via KieSession.
Any one can help?
UserGroupCallback is the kie API entrypoint that it is responsible for verifying whether a user or group exists and for collecting groups for a specific user.
Notice that default UserGroupCallback is based on the security context, therefore it can only retrieve information about authenticated user.
You can see different custom implementations here:
https://github.com/kiegroup/jbpm/tree/master/jbpm-human-task/jbpm-human-task-core/src/main/java/org/jbpm/services/task/identity
And this is the property for configuring a custom one: org.jbpm.ht.custom.callback
If I go to any IBM Cloud aka Bluemix service, say Cloudant service instance > Service Credentials, there is a new credential button. But it always generates the same credentials (same password etc).
I have tried multiple ways but result is always same, for eg,
Delete the existing credential and try to create a new one
Create a new one while a credential already exists
Delete the existing credential and Create a new one with same name
Delete the existing credential and Create a new one with a different name etc
Could anybody please let me know how to get new password or set it to whatever we want ? This is an important requirement in cases like compromised passwords etc. Hence the question.
Currently there is no option to reset the service credentials that are auto-generated for Cloudant. You can create a new Cloudant instance (with new auto-generated creds and URL) and replicate the data over.
There is no way to reset the service credentials without creating a new instance and copying over the data.
I recommend generating an API key for your database through Cloudant:
You will be able to fine-tune the permissions and create/revoke API keys as much as you would like.
I'm investigating a migration process from a legacy system into keycloak. Based on some of the ideas here: https://github.com/Smartling/keycloak-user-migration-provider we're looking to create user accounts in keycloak at the point of login by looking up user credentials from some dedicated endpoints on our legacy system.
As part of this, I need the user ID to remain the same as it was in the legacy system.
Is it possible to create a user with a specified ID rather than relying on keycloak to auto-generate it?
Running into this issue when attempting to create users via the API, I looked into the code for the users service. It looks like it is currently not possible to set the user id due to how the user is created.
From the code in https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java specifically on line https://github.com/keycloak/keycloak/blob/7cfe6addf01676939206e034a87c791460031032/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java#L115 the user is first created using the username, then updated. I believe id is not an updatable field. Thus it is not currently possible.
Checking the api I see it is now possible to add an optional "id" field in the userRepresentation object that you pass to create a new user in keycloak.
Find more information here: https://www.keycloak.org/docs-api/5.0/rest-api/index.html#_userrepresentation