I want to create a user in IAM which is only for service purposes. Nobody has ever to login on this user. Because we have many environments, I want to automate this. Creating the user is not a problem, but i do not know how to set the password with encryption.
I see i need the password, a salt and the password-hash and then i understand that i can use the sql script:
but in what way can i determine the values of the hash?
Page 1 / 1
YES, YES, YES
That was the problem, now it works right away…
Thanks for your help…
Eric
Hello Eric,
I just realized that you might not be using Indicium Universal, this would explain the behavior that you are seeing. If this is indeed the case, could you try my original request on Indicium Universal?
I hope this helps.
We are using IAM 2022.1
Hello Eric,
Which version of IAM are you using?
Hello Vincent,
(every where in this post i have changed the real username to <###>, because I am using now a different username)
I have used now the following url: https://<***>/indicium/iam/iam/usr(tenant_id=1,usr_id='<###>')/task_set_usr_password
I checked this url works, by first trying a GET with it, and it returned a complete json with all the userids and data.
So I'm sure the url is correct
After this i tried the POST (got an error 500) and so I checked the indicium error log. In the indicium error log the following error appeared: 2022-07-26T15:34:14.4152137+02:00 0HMJEA0A3PB93:00000002 [err] System.Exception: The following query failed with an exception: 'INSERT INTO [usr] DEFAULT VALUES' ---> Microsoft.Data.SqlClient.SqlException: Cannot insert the value NULL into column 'tenant_id', table 'acto_D_upnew_EVO_IAM.dbo.usr_general'; column does not allow nulls. INSERT fails.
So I expanded the Body with the field: tenant_id
After that the next error appeared in the indicium error log.
It’s possible that the quotation marks are wrong when copying and pasting to/from the community. Try my URL and if necessary, manually fix the quotation marks by regular, single quotes.
Body - raw - Json { "new_password": "qwertyxx", "confirm_password": "qwertyxx" }
I receive an 400 error (Invalid OData URL.)
Hello ericbosman,
The URL that you are using for the task is not valid. It is necessary to apply a key filter (between parentheses after the table name) instead of $filter.
Hello Vincent, If tried many variations, but no results. I tried the next combination (with Postman) for changing password. Post url: https://<xxx>/indicium/iam/iam/usr?$deselect=profile_picture_data&$select=tenant_id,usr_id&$filter=((tenant_id eq 1) and (usr_id eq %27dklaassen%27))/task_set_usr_password Body - raw - Json { "new_password": "qwertyxx", "confirm_password": "qwertyxx" }
I always get an 500 error
But if I do the next: Get url: https://<xxx>/indicium/iam/iam/usr?$deselect=profile_picture_data&$select=tenant_id,usr_id&$filter=((tenant_id eq 1) and (usr_id eq %27dklaassen%27)) I get a 200 OK and the Body I receive is: { "@odata.context": "https://acto-d-upgradetest-evo.acto.nl/iam/iam/$metadata#usr", "value": > { "tenant_id": 1, "usr_id": "dklaassen" } ] }
The Autorisation in both test is of an IAM user which is a IAM main administrator
Can you tell me, what am i doiing wrong? Eric
Vincent,
Thanks for your reaction.
I will try to use the API call
Greetings,
Eric
Hello ericbosman,
The task that is shown in the screenshot below can be called through the API of IAM as well.
If you don't want to perform an API call, and assuming that you don't want to use task in a GUI either, then you could also automate this with a system flow. Starting by creating a process flow like this: Application connector → Http connector
Where the Application connector reads some parameters (Indicium URL, tenant_id, usr_id, password) from some kind of staging table (which you will have to make yourself) and then performs the API call shown above for you. You can then have this process flow be scheduled to run every 5 seconds or so. With this, you can trigger this process flow by a single insert statement into the staging table.
You could also create a similar solution but use the following process flow.
The Hash password process action will allow you to hash the password and it will output the three columns that you are looking for. The database connector allows you to run a SQL statement on any database on any database server that you have access to (which seems to be useful since you said “many environments”). It requires a connection string, which you could format in a process procedure based on some parameters like database server, database name and perhaps some credentials. This solution will allow you to combine some steps and create the user with all of its properties and set the password with a single insert statement.
Both of these process flows could be defined only once in any application in any IAM and be used to create users in any IAM.