Forum Discussion

jeffshurtliff's avatar
jeffshurtliff
Boss
4 years ago
Solved

Unable to change SSO ID of user with the API

Hey all,

We need to update the SSO ID of our users systematically and I am writing a Python script to do so.  However, when attempting to do so in the API v1 using a POST call to the /users/id/{id}/sso_id/set endpoint, I am getting the following response.

{
  "response": {
    "status": "error",
    "error": {
      "code": 303,
      "message": "Permission Denied"
    }
  }
}

I am authenticated as a user with full admin privileges so I'm not sure why I would be getting the Permission Denied message, especially since my user can change SSO IDs via Community Admin just fine.  The payload (value=) is also a simple numeric string so it shouldn't be due to invalid. characters or anything.

Anyone ever experienced this and know how I can get around it?

Thanks in advance!

API
Community API
Rest API

10 Replies

Sort By
  • JoseL's avatar
    JoseL
    Khoros Alumni (Retired)
    4 years ago

    Hi jeffshurtliff,


    I'm following up here from the Support case to close the loop for others with the same issue.

    As mentioned in the ticket, we don't support the /users/id/{id}/sso_id/set endpoint using HTML methods, which is why our documentation doesn't mention it:

    https://devdocportal.khoros.com/t5/Community-API-v1-Reference/bd-p/restv1docs?section=commv1&leaf-id=User.sso_id#User.sso_id

    The only supported method is via Community Admin > Mod Tools > Edit Users:

    https://community.khoros.com/t5/Single-Sign-On-SSO/Change-a-user-s-SSO-ID/ta-p/124139

    This similar thread mentions using FreeMarker as a workaround:

    https://community.khoros.com/t5/Developer-Discussion/Forcefully-assign-SSO-ID-to-a-user-via-API/m-p/315767

    However, the FreeMarker method isn't supported and may not work in the future.

    Since you have to update hundreds of SSO IDs, I'm glad our Professional Services team is helping with the new SSO ID mapping!

    Thank you for reaching out to us about this issue.

     

    All the best,

  • jeffshurtliff's avatar
    jeffshurtliff
    Boss
    4 years ago

    Thanks JoseL for the info.

    To further close the loop on this, here is a FreeMarker function that I wrote a while back (also provided in the support case) that does work to update SSO IDs via the REST API, which our support team utilizes in a custom modal I built to fix duplicate users:

     

    <#-------------------- Function: updateSsoId -------------------->
<#-- This function updates the SSO ID of a user with an API v1 POST call -->
<#function updateSsoId userId userSsoId>
  <#local result = {"successful": true, "message": ""} />
  <#if userId?is_number>
    <#local userId = userId?c />
  </#if>
  <#if userSsoId?? && userSsoId?is_string>
    <#attempt>
      <#local response = restadmin('/users/id/${userId}/sso_id/set?value=${userSsoId?url}')!{} />
      <#if response?? && response.status?? && response.status?is_string && response.status != "success">
        <#local result += {"successful": false} />
      </#if>
      <#if response.message?? && response.message?has_content>
        <#local result = {"successful": false, "message": "${response.message}"} />
      </#if>
    <#recover>
      <#local result += {"successful": false} />
    </#attempt>
  </#if>
  <#return result />
</#function>

     

    So I guess the POST call is set up to only work when utilized within the restadmin FreeMarker directive and not through third-party API calls, which is disappointing but is what it is.

    That said, I really hope the FreeMarker method doesn't get removed in a future release because at the moment we are utilizing it heavily and it would trip us up quite a bit to lose the functionality.

  • jeffshurtliff's avatar
    jeffshurtliff
    Boss
    4 years ago

    Just to further close the loop on this, I was able to accomplish what I wanted by leveraging the FreeMarker function from my comment above within a custom endpoint, which I was then able to call in my Python script to systematically update my list of users.

  • gangadharaiah's avatar
    gangadharaiah
    Guide
    3 years ago

    Hi jeffshurtliff ,

    I have a similar requirement to update SSO IDs of bulk users.

    Can the above method be called for bulk update within khoros studio tool without using Python or SDK ?

  • GakuS's avatar
    GakuS
    Khoros Staff
    3 years ago

    Hello gangadharaiah

    Unfortunately, Studio doesn't have a tool that would help with this workaround approach for bulk updates. Like mentioned above, this approach should only work within the restadmin Freemarker directive, not through external API calls - so you'll also want to go through the SDK.

    I’d like to re-emphasize that our recommendation when dealing with SSO IDs in general is to use the Admin “Edit User” feature and edit them one by one. If you have a 'bulk' use case that involves more than just a few users, I'd strongly recommend that you reach out to our support team. Thanks!

  • AmanMalhotra's avatar
    AmanMalhotra
    Expert
    3 years ago

    Hi gangadharaiah ,

    You can loop the users in any freemarker component like this and the bulk sso-id for users will be updated.

     

    <#assign userIds = ['11','22','33','44','55','66'] />
<#assign ssoId = ['0001','0002','0003','0004','0005','0006'] />
<#list userIds as userId >
  <#attempt>
    <#assign resp = restadmin('/users/id/${userId}/sso_id/set?value=${ssoId[userId?index]?url}')!{} />
  <#recover>
  </#attempt>
</#list>

     

     

    I recommend using the code in batches of around 200-500 users at once depending upon your community.

     

  • gangadharaiah's avatar
    gangadharaiah
    Guide
    3 years ago

    Thank you! Where do we write this code? if I create a custom component with this code what triggers or calls this code in order this to be executed?

  • AmanMalhotra's avatar
    AmanMalhotra
    Expert
    3 years ago

    You can simply create a custom component and write this code, as soon as you click the save button, the code will get executed automatically because below that we have a preview window ... in order to preview the result ... custom component code will be executed automatically ...

    Let me know if you have any more questions.

    Hit the like button if my reply was helpful to you.

  • gangadharaiah's avatar
    gangadharaiah
    Guide
    3 years ago

    Hi Aman,

     

    Thanks for your response! Much appreciated the help on this.

    So I am assuming we need write a custom component even it's for a one time data update? 

    If yes, we need to execute the script and then delete the component ? as we won't be needing this after this one time data update/cleanup?

    Also, to execute this in prod instance where studio tool is not available, what would be the triggering point for this code in custom component  once we deploy this to production? is it right after a successful deployment of the component?

     

    Thank you,

    Swetha

  • AmanMalhotra's avatar
    AmanMalhotra
    Expert
    3 years ago

    Hi Swetha,

    For Production, we can move this code to an endpoint and can run the endpoint on production using the URL.

    For repeatedly changing the userIds/SsoIds, you can add them to custom content and fetch them from the endpoint.

    Custom Content:  https://prnt.sc/PKATzeuLBNon

    For fetching content/data from Custom Content you can use the below code:

     

    <#assign data = settings.name.get("customcontent.10_text","") />

     

    Note: change custom content number according to your use, currently it is 10 in above code.

    So you just need to run or hit the endpoint URL on production and change the custom content data from Production Admin Settings after every hit.


    Let me know if you have any more questions.

    Hit the like button if my reply was helpful to you.