I am using Openam12 , I have following scenario:
install openam12 with with embedded or external openDJ.
add some users/groups on this data store.
Add new AD LDS datastore, using ADAM configuration load openam schema to AD LDS.
I can view existing users/groups in AD LDS
reflect in in my Openam12 Console in subjects(user/groups).
now my question is since I had created a some users/gorups earlier in Openam12 using external OpenadJ/or embedded data store.
how can I get those users/groups in AD LDS, if I remove “external OpenadJ/or embedded data store. this”
i.e. how am get this data? from existing data store to newly data store.
Is it possible to get existing old data from one data store to new AD LDS data store ?
This depends on the goal of moving the data from OpenDJ to AD LDS.
The simplest way to move data from OpenDJ to AD LDS is to export the data in LDIF format and import in AD. This assumes that AD LDS knows the format and accepts user passwords hashed with the algorithm configured in OpenDJ.
If the goal is to have 2 identical sets of data, then I would suggest a synchronization solution like OpenIDM.
LDIF export the data from OpenDJ, and do an LDIF import into AD
Related
I am building a Microsoft Teams application and I need to store sensitive user data (access tokens and some additional stuff) for each user using my application.
My requirement is that this data can only be accessible from the user and no one else - and it needs to potentially serve tens of thousands of users. Furthermore, this data shall be accessible from any Microsoft product (i.e. not bound to MS Teams, but let's say, as long as I get a the JWT, then I would be able to access the data).
What are my options using Azure? Is there some kind of storage I can use OOTB? Or, would I need to select an Azure service for this? If yes, which service would be the best? Can I instantiate such service for ALL the users I need to serve, or would I need a separate instance for each tenant the user is coming from (e.g. its company?).
Thanks a lot for helping me out, I tried to figure this out already and I got some ideas, but I am still confused.
Based on the requirement, you can store the sensitive user data with the following options
Azure keyvault: For Secrets Management, Key Management and Certificate Management.
Azure storage tables: To store and retrieve the access tokens, users data and the conversation.
I am new to web development, so the question might be trivial.
I have some physical devices, which will transmit humidity (and other stuff) to Azure Cosmos DB. I want users to be able to read their devices only(through a graph in a web app). All devices end up the the same collection.
I have set up a system in Azure in the following way:
Device -> Azure IoT-Hub -> Azure functions -> Azure Cosmos DB.
The web app uses Azure B2C for users to be able to sign in, but how do i "assign" device-id´s to a user? I have read that it is possible to create access tokens with specific access to certain partition keys, but how do I store the information with access permissions for each user? Do I need a new database for storing this information only?
In the beginning it is fine if I have to grant permissions manually.
General info:
The data in the Azure cosmos db are using device-id as the partition key.
Users can have more than one device.
The web app is running ASP.NET core (I am new here).
The web app requires log-in to be accessed.
I am coding in Visual Studio 2019, and have used the example with a build-in authorization.
Thank you for your help.
NOTE: It might be too much to ask for, but a general explanation together with a code example would be perfect for me :)
UPDATE:
I managed to fetch the email of the logged in user:
#using System.Security.Claims; // for using ClaimsIdentity
// Get user information
var userEmailAddress = ((ClaimsIdentity)User.Identity).FindFirst("emails").Value;
My initial idea is then to have a database containing: "Email" and "accessible devices". I guess this has to be a separate database since i need the Time-To-Live parameter in cosmos db.
You might be able to achieve what you are looking for by using Resource Tokens.
As in this sample from the documentation, you can assign permissions by partition key:
//Create a user.
Database database = benchmark.client.GetDatabase("SalesDatabase");
User user = await database.CreateUserAsync("User 1");
// Create a permission on a container and specific partition key value
Container container = client.GetContainer("SalesDatabase", "OrdersContainer");
user.CreatePermissionAsync(
new PermissionProperties(
id: "permissionUser1Orders",
permissionMode: PermissionMode.All,
container: benchmark.container,
resourcePartitionKey: new PartitionKey("012345")));
Alright, I have been busy with other projects, but i finally came back to this issue.
So basically the reason why I wanted a separate database was because I need the TTL on the Azure Cosmos-DB, and I do not want to delete the user permissions.
It turns out that it is possible to overrule the database's default TTL by setting a "ttl" field in the document itself. Thereby it is possible to exclude documents from being deleted.
So the basic solution is:
Create a documents with a "ttl" parameter set to -1 to exclude it from being deleted. Then this document can contain information about which users have access to what.
I've an Azure Active Directory for B2B client.
AAD provides all the necessary fields like name, email, custom email, etc.
I need to store some more information in it.
I'm using a VOIP provider and it has a unique data for each User, I need to store some of that data in AAD itself.
I've seen B2C allows us to create the custom fields.
My question is can we create the custom fields in AAD-B2B, if yes then how to create it?
I did not found any well documented steps for that
I'm using Azure AD B2C Graph API to create and manager users. Users have data and progression so I wanted to know, how should I go about storing information about the user in my app (such as how much gold the user has)?
I want to grab their userPrincipalName or their objectId and use that as a primary key in a separate database to keep track of app related information but before doing that I wanted to know if this was the correct way to do it with graph API, unless there's a standard graph API has for storing app data per user?
Ideally I don't want to be able to associate data with specific users for security and privacy reasons.
With Azure AD B2C you can extend your schema with custom attributes and read/write to them using Azure AD Graph API.
Please see how to create a custom attribute and this page for how to use custom attributes with the Graph API.
In my opinion, if you just need to store data, use Azure AD B2C with custom attributes, but if you also need some complex logic when reading/writing the properties, or even crate some relations between properties, then consider a custom data store.
I need to implement the store based access to web portal. For that we have created the following roles
Admin
Store Manager1
Store Manager2
I am able to implement authorization for Store Manger 1, Store Manager 2. If there are around 500 stores do I need to add 500 roles in active directory since each role has different view?
It sounds like quite a lot of work to make roles for each store. Though you could automate it with PowerShell, to me it seems a bit weird.
You could instead just have a Store Manager role, and then on your app side check which stores they access to. One way would be a relational table with one column being the user's id and the other a store id they have access to. You can query that when you authenticate the user and store the values in claims/session data.