i have some resources at wso2-management consoleand i set permissions for roles and service providers to read these resources.
now, how can i share the resource_bank/database/registry_link or something like that between users.
or users how can reach to these resources except wso2-management console way?
i tried to send https://localhost:9443/carbon/resources/resource.jsp?region=region3&item=resource_browser_menu&path=/&loginStatus=true# address ,but it cant support post method .
thanks.
Related
I am using the Cloud Identity basic and I am admin.
my domain and it's subdomain have many consumer account, which we got to know via "Transfer tool for unmanaged users" . Now the question is :-
how to manage / add consumer accounts via API, as I am looking for the automated process
but details available below link is hard stop for me.
https://cloud.google.com/solutions/migrating-consumer-accounts-to-cloud-identity-or-g-suite
https://support.google.com/cloudidentity/answer/7044710?hl=en&ref_topic=7558419
it is going to create the account with overriding the existing managed id. which I do not want , I want to send email to user for account migration [which is possible via admin UI but seems not with API, but in my organization manual addition of many users is not ]
1) Is there a way by google API to identify adding user, is a consumer account for my domain and subdomain or not? some way or the another , so new user and consumer accounts can be managed separately.
2) I do not want to "Require users to rename their existing account." as it will be more difficult for my org and unmanaged.
Any direction will be welcome , and let me know if more information needed.
https://cloud.google.com/solutions/migrating-consumer-accounts-to-cloud-identity-or-g-suite
https://support.google.com/cloudidentity/answer/7044710?hl=en&ref_topic=7558419
Unfortunately, there is currently no public API to initiate a user transfer or to query whether a given email address is used by a consumer user account. This functionality is currently only exposed via the UI in the transfer tool for unmanaged users.
However, if you have a large number of consumer accounts that you need to send transfer, then Support might be able to help you.
I'm trying to access email metadata via Microsoft Graph without access to the content of the emails. From the documentation, I've noticed there is a Mail.ReadBasic permission that might help but this permission only appears as a Delegated scope. My service is a backend task so I need an Application scope.
I would really appreciate some help with these issues:
Is there a way to enable this Mail.ReadBasic permission as an Application permission?
Can I create custom permission for the application?
Can I use Mail.Read and enforce selection of fields to reduce it into Mail.ReadBasic Permission (otherwise requests will be blocked)
Is there any other way to get only the email metadata from the Microsoft Graph (webhooks, access via audit logs, etc)?
1) I am actually the Program Manager in the process of getting this rolled out into Microsoft Graph right now. We are currently deploying this internally to our pre prod env. It is in the deployment process and should be there in all tenants within the next two months.
2 & 3) You cannot create your own custom permissions or reduce fields with Mail.Read.
4) Mail.ReadBasic will get you the email metadata (not body or attachments) with on behalf of flows right now. And soon app-only.
Using the azure portal and the azure active directory I am sending out invitations to Guest Users. 90% of the time this works great - however there are some users where they cannot get logged in for the first time.
What sort of things should be analyzed?
Does their local AD (or possibly lack of) have anything to do with it?
Does their organization allowing users to receive mail with multiple email addresses have anything to do with it?
This has been a tough problem to solve as these are external users and it can be quite difficult to extract good information from them when attempting to diagnose the problem. Any help would be greatly appreciated.
I'm building a Windows 8.1 store app and need to incorporate authentication. This is an enterprise app used in house. We load the app onto a tablet and a team may check that tablet out for weeks at a time, go out to the field to collect data and then we put in on a shelf until another team needs to use it. Now different teams may work for difference clients so when we authenticate users not only do they get access to the app but we also check what groups they are in to determine what clients they can work on or what previous records they can search for.
I've followed various ADAL tutorials and am able to setup everything in Azure and in my app I am able to authenticate a user successfully and get their groups. This relies on ADAL handling the username/password. What happens when the app shuts down and the user in a place where there is no internet (or even a reliable cell connection)? Specifically how can I have the user type a username/password to re-authenticate and get the same groups they were in when they can't access Azure services?
It appears they isn't available as the guidance always points to that is a risky proposition to have the app handle username/passwords. I understand that stance and can appreciate the caution behind it. However, in all of the ADAL documentation that I find that says this, none of them tell me how to handle an offline authentication scenario.
I have found links such as ADAL v3: How to authenticate using UserPasswordCredential? that tell me how to bypass the ADAL login page. I may have to move to that route and handle all of the username/passwords securely within the app, but first I would like to reach out and see how others tackle this scenario. Is it really as simple as avoiding best practices and just handle the username/password within the app?
If anyone has some guidance, ADAL (or other oauth providers) documentation, or other articles/advice I can follow up on to help achieve offline authentication I would greatly appreciate it!
Additional Information:
My scenario that I'm trying to cover is what happens when I have 1 device, 1 app, and many different users? These users will be in different groups that will determine how data fields get populated (filter data in combo boxes) and what previously submitted forms they can query for. All users would need to login when online to cache their information (say on Day 0) before they can ever use the app. On Day 1 user 1 uses the app and doesn't log out. I would expect the app to have a timeout timer to log that user out after 2 hours of no activity. On Day 2, user 2 just grabs the device off the shelf and takes it out into the field. He has no internet and needs to log in to determine who they are and what group they are in. I would expect since he has logged in once and verified his credentials already that we can enable this sort of scenario.
What I'm looking for is guidance if ADAL as a library can handle this or is it truly up to me the app developer to handle this sort of scenario. As I see it currently I need to store all user credentials, but at the same time it seems like everyone advises against that. I feel like I'm in a situation where I need to create a custom login screen and store the user data, SECURELY of course, even though its not recommended. It seems like all articles on how to use ADAL are written from a consumer app standpoint (or a BYOD) and don't take into account how a mobile app would be written for the enterprise.
That depends on your app design, if the first time(app online) , user login and app store all groups ,user information .After that user doesn't need to use token to get related information again(send request to server to acquire groups/user info). If app is offline , user doesn't need to re-authenticate(app controls the user session) , just get group/user information from cache . When using resource owner flow , you still need to send authenticate request to Azure AD server which need internet.
I would like to create an adf application , this web application will have different user roles like manager,normal user and admin .
First, I want to check users when they try to login into system by getting users info from database. I mean authorization should be provided by adf security from database Users table
Then according to this user's roles, specific web pages should be shown to logged users. Users should see only pages that its responsible pages.
I dont know how to do it, I need your guidance
Users and roles are Weblogic's concern (presuming you are using Weblogic), you may find a great example on how to load users and roles from the database here:
http://soadev.blogspot.co.uk/2010/04/sqlauthenticator-simply-best.html
For enabling security in an ADF application, I presume you have found already enough info, but just in case:
https://docs.oracle.com/middleware/1212/adf/ADFFD/adding_security.htm#ADFFD877