Forum Discussion

jeffshurtliff's avatar
jeffshurtliff
Boss
3 years ago

Unable to change SSO ID of user with the API

Hey all,

We need to update the SSO ID of our users systematically and I am writing a Python script to do so.  However, when attempting to do so in the API v1 using a POST call to the /users/id/{id}/sso_id/set endpoint, I am getting the following response.

{
  "response": {
    "status": "error",
    "error": {
      "code": 303,
      "message": "Permission Denied"
    }
  }
}

I am authenticated as a user with full admin privileges so I'm not sure why I would be getting the Permission Denied message, especially since my user can change SSO IDs via Community Admin just fine.  The payload (value=) is also a simple numeric string so it shouldn't be due to invalid. characters or anything.

Anyone ever experienced this and know how I can get around it?

Thanks in advance!

API
Community API
Rest API
  • JoseL's avatar
    JoseL
    Khoros Alumni (Retired)
    3 years ago

    Hi jeffshurtliff,


    I'm following up here from the Support case to close the loop for others with the same issue.

    As mentioned in the ticket, we don't support the /users/id/{id}/sso_id/set endpoint using HTML methods, which is why our documentation doesn't mention it:

    https://devdocportal.khoros.com/t5/Community-API-v1-Reference/bd-p/restv1docs?section=commv1&leaf-id=User.sso_id#User.sso_id

    The only supported method is via Community Admin > Mod Tools > Edit Users:

    https://community.khoros.com/t5/Single-Sign-On-SSO/Change-a-user-s-SSO-ID/ta-p/124139

    This similar thread mentions using FreeMarker as a workaround:

    https://community.khoros.com/t5/Developer-Discussion/Forcefully-assign-SSO-ID-to-a-user-via-API/m-p/315767

    However, the FreeMarker method isn't supported and may not work in the future.

    Since you have to update hundreds of SSO IDs, I'm glad our Professional Services team is helping with the new SSO ID mapping!

    Thank you for reaching out to us about this issue.

     

    All the best,

    • jeffshurtliff's avatar
      jeffshurtliff
      Boss
      3 years ago

      Thanks JoseL for the info.

      To further close the loop on this, here is a FreeMarker function that I wrote a while back (also provided in the support case) that does work to update SSO IDs via the REST API, which our support team utilizes in a custom modal I built to fix duplicate users:

       

      <#-------------------- Function: updateSsoId -------------------->
<#-- This function updates the SSO ID of a user with an API v1 POST call -->
<#function updateSsoId userId userSsoId>
  <#local result = {"successful": true, "message": ""} />
  <#if userId?is_number>
    <#local userId = userId?c />
  </#if>
  <#if userSsoId?? && userSsoId?is_string>
    <#attempt>
      <#local response = restadmin('/users/id/${userId}/sso_id/set?value=${userSsoId?url}')!{} />
      <#if response?? && response.status?? && response.status?is_string && response.status != "success">
        <#local result += {"successful": false} />
      </#if>
      <#if response.message?? && response.message?has_content>
        <#local result = {"successful": false, "message": "${response.message}"} />
      </#if>
    <#recover>
      <#local result += {"successful": false} />
    </#attempt>
  </#if>
  <#return result />
</#function>

       

      So I guess the POST call is set up to only work when utilized within the restadmin FreeMarker directive and not through third-party API calls, which is disappointing but is what it is.

      That said, I really hope the FreeMarker method doesn't get removed in a future release because at the moment we are utilizing it heavily and it would trip us up quite a bit to lose the functionality.

      • jeffshurtliff's avatar
        jeffshurtliff
        Boss
        3 years ago

        Just to further close the loop on this, I was able to accomplish what I wanted by leveraging the FreeMarker function from my comment above within a custom endpoint, which I was then able to call in my Python script to systematically update my list of users.

  • gangadharaiah's avatar
    gangadharaiah
    Guide
    3 years ago

    Hi jeffshurtliff ,

    I have a similar requirement to update SSO IDs of bulk users.

    Can the above method be called for bulk update within khoros studio tool without using Python or SDK ?

    • GakuS's avatar
      GakuS
      Khoros Staff
      3 years ago

      Hello gangadharaiah

      Unfortunately, Studio doesn't have a tool that would help with this workaround approach for bulk updates. Like mentioned above, this approach should only work within the restadmin Freemarker directive, not through external API calls - so you'll also want to go through the SDK.

      I’d like to re-emphasize that our recommendation when dealing with SSO IDs in general is to use the Admin “Edit User” feature and edit them one by one. If you have a 'bulk' use case that involves more than just a few users, I'd strongly recommend that you reach out to our support team. Thanks!

    • AmanMalhotra's avatar
      AmanMalhotra
      Expert
      2 years ago

      Hi gangadharaiah ,

      You can loop the users in any freemarker component like this and the bulk sso-id for users will be updated.

       

      <#assign userIds = ['11','22','33','44','55','66'] />
<#assign ssoId = ['0001','0002','0003','0004','0005','0006'] />
<#list userIds as userId >
  <#attempt>
    <#assign resp = restadmin('/users/id/${userId}/sso_id/set?value=${ssoId[userId?index]?url}')!{} />
  <#recover>
  </#attempt>
</#list>

       

       

      I recommend using the code in batches of around 200-500 users at once depending upon your community.

       

      • gangadharaiah's avatar
        gangadharaiah
        Guide
        2 years ago

        Thank you! Where do we write this code? if I create a custom component with this code what triggers or calls this code in order this to be executed?