I add a user in mongo, using the
use production
db.addUser({user:"user",pwd:"pwd",roles:["read"]})
and also authenticate it, using the
db.auth("user","pwd")
My question is how to login the production database with the user I just created info.
Related
I wanted to create an webapp using JHipster with Keycloak and ran into a problem:
There is no deal to create new users using Keycloak or connecting user specific data to these users.
But if I want to delete a user I have to do that via Keycloak too, so the entry in JHipsters JHI_USER, the role-assignments and all the data created by this user will not be affected from these deletion.
So what I can do to make it possible to delete these user's data as well?
If Keycloak supported SCIM, you could use Apache SCIMple to sync your users. Here's a demo script that shows how to do it with Okta:
https://github.com/mraible/okta-scim-spring-boot-example/blob/main/demo.adoc
I configured okta snowflake SSO. I assigned users as well. I configures scim which has permission to create users, deactivate users, sync password. After i configure scim i am having errors for existing users Automatic provisioning of user to app snowflake failed. Error while creating user. Conflict. Error reported by remote server. User exist with given user name. Same thing happening when I am assigning the app to existing user with same user name. Is there any way to fix it or is it best to remove scim.
In order for the merge to be successful, the login mapping needs to be exactly the same (the rest gets updated by okta). So make sure users can login via SSO first.
You also need to transfer ownership manually. Documentation provides this command:
use role accountadmin;
grant ownership on user <user_name> to role okta_provisioner;
Snowflake SCIM doc
I've launched keycloak locally from a docker container with
docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin
Then I've imported a realm (let's call it test-realm) from a json file by POSTing to {keycloak_host}/admin/realms. This works, the realm is created.
It's created without any initial users though. I want to create the users via curl as I want to automatize the whole process (start keycloak server, import realm, create users from json) in the future.
I'm aware of {keycloak_host}/admin/realms/test-realm/users of course. The problem is that POSTing to that end point already requires credentials (e.g. a JWT) from an admin account on test-realm. Or am I mistaken in this assumption?
My question is, how do I create that first admin account on test-realm having access to an admin on master. Or do I even need it to create users on test-realm through curl?
Turned out you can include a users key in the json realm representation. The value is an array of user representations as of version 4.5 of keycloak. So problem solved.
After deploying my Flask app, I get the following error when trying to access the MongoDB service:
OperationFailure: not authorized on [db_name] to execute command ...
I understand this is because the db user does not have read/write access to the database. But I'm not able to create a new user or change permissions. db.grantRolesToUser() returns "not a function" and addUser() gives me no permission... What can I do?
You need to do two things:
Bind the app to the service using cf bind-service (or the web portal)
In the app, parse the VCAP_SERVICES environment variable to get the credentials
This will ensure you app gets readWrite permissions on your database.
Here's a few helpful links in this regard:
https://docs.developer.swisscom.com/devguide/services/application-binding.html
https://docs.developer.swisscom.com/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES
https://docs.developer.swisscom.com/service-offerings/mongodb.html
Is it still possible to deploy to meteor.com and protect it using a password?
When I search for this I find things like
$> mrt deploy -P example.meteor.com
but that doesn't work. I guess something has changed here and I get the impression this feature is removed
Meteor no longer supports deploying with a password directly, and for good reason!.
All publishes are linked to a Meteor developer account. These give:
Ability to allow other users to have access to your apps
Abililty to see all sites you have
Ability to publish without putting in your password every time
(In future) more fine grained permissions options (I'd imagine, considering galaxy's commercial target base).
Simply meteor login, or publish your app like you would normally to kick off the signup process. You can meteor logout to switch to another account.
After you deploy your app, you can see the sites you are authorized with meteor list-sites.