I have a multi tenant FreeSWITCH setup and I am trying to retrieve the registrations belonging to a particular tenant.
I am aware of the mod command show registrations described here which returns all the current registrations on the FreeSWITCH.
I am also aware of sofia status profile <profile name> reg described here which shows registrations on a particular profile. This won't help either as the profiles on my FreeSWITCH are shared by multiple tenants.
Is there a way I can retrieve the data through event socket for a specified tenant?
you can execute show registrations via ESL and retrieve its output. The second field is realm, which is basically the name of the tenant. So, you would get all the registrations, and later you can filter by realm name. Also in theory, you can get direct access to the registation SQL database and run the queries directly in it.
I have done something similar to this.
first get all the registration of profile using following command:
"api sofia status profile internal reg" using event socket
after this based on your need convert data into json and search based on realm and print the result.
Please refer sofia_presence_data list|status|rpid|user_agent [profile/]<user>#domain cmd.
Even if this doesn't work. You need to get register and unregister events from ESL and save it to common DB and retrieve the user data, which i think a much simpler way.
Related
I am trying to use the ServiceNow API for the first time and I need to get a list of all the users in the sys_user table with all of their available fields/attributes like date created, updated etc.
I tried GET request to this URI:
https://myinstance.service-now.com/api/now/table/sys_user
But the response only returns the Users and some of their attributes but not all of the ones I can see in the portal.
What is the correct URI to make the REST call to get all users and their fields/attributes?
I'm assuming you want to access SN API from another application? Cause if you want to do that from within SN, there is the GlideRecord server API you can use.
Now when you access the table API from external source, you do that through a registered user - depending on this user and their roles, you might see all or only some of the user attributes. Also, if you add specific Query Parameters to your request like sysparm_query or sysparm_fields, this will limit what you get.
ACLs (Access Control Lists) is the mechanism in ServiceNow restricting access to Table API. So I would encourage you to check there. Perhaps you will need to create a technical user with sufficient roles to access the data you need.
Also the REST API Explorer which is found in SN Navigator can be of help to quickly test your table queries.
Hope that helps a bit!
In general table api returns all the columns associated to the table unless until if you have specified the specific column list in sysparam_fields, can you please try in post man or try the same api call from rest api explorer in Servicenow to understand the behavior. H
I am aware of adding/managing users from GUI in NiFi i.e. a admin user and add user and groups/policies etc.
This is maintained in users.xml file.
I wanted to know, can we manually add records in users.xml instead of GUI?
If yes, how is identifier tag of user derived by NiFi. For e.g. I see a tag:
How is above identifier generated?
The reason for above is, we can maintain the users.xml file in our code base and whenever new users need to be added in NiFi, team can update its details in this file and release and we re-start NIFi. We do not have to rely on GUI to add new users.
Is it possible?
EDIT:
To be more clear, currently we have ldap authentication in place using ldap-provider. So that part is fine. I am not lookng for ldap authentication to NiFi.
Now for actual roles/permissions for "authorized users" i.e. who can see the processors/components, create new processors, query data provenance etc admin go to NiFi UI and add users/groups/policies etc. These details are then updated in users.xml.
I am specifically looking to achieve this activity via automating or from backend.
As per the response from Bryan, I think the feasible solution is using Nifi REST API for that.
The users.xml and authorizations.xml really shouldn't be manually edited/maintained, they are internals of the file-based authorizer that are not meant to be a public API.
It would be better to maintain a script that looped through a list of users and used NiFi's REST API to see if the user existed, and if it didn't then created the user using the REST API.
Another option would be to load your users from a Directory Server. This is detailed in the admin guide [1]. This implementation is configured with an interval for retrieving new users from the Directory Server.
[1] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#authorizers-setup
users.xml doesn't intended to updated by users. This can be overcomed if you use external authentication providers ex. ldap-authentication provider
I want to implement a feature like if a User is logged in from PC1, It should not be allowed to login from PC2 or PC3.
Suggest us good approaches.
There is no direct support for this feature.
But you can try some workaround for this.
So Once User1 logs in you set some flag isAlreadyLoggedIn with User Id in a database table and set it to false once User1 logs out. You can capture the requested IP or Machine information also in this table to handle the request coming from different sources.
And you can check for this isAlreadyLoggedIn flag value in login controller method. You can also use Application level variable, static variable or you can write to some file or some azure blob storage for this.
I have the following setup - the Spring SAAS REST service, which allows different companies to manage different events. And there is a rest client (a mobile app) also, shipped separately for each company.
I want to use keycloak for security stuff, and I have a question of how to separate one company from another.
I need companyA to not be able to access companyB event, and also need different roles within the company - some can create events, some can only read it.
First I thought each company will have own realm created in keycloak, but I learned that realm actually specified in the spring boot REST service parameters like
keycloak.realm=demo-realm
Which means it is only one realm per REST application. And I don't want to configure REST service instance per client. I only want one REST rule them all.
Am I trying to use something which really doesn't fit my use case?
Will it be right way to have a keycloack Group configured for each company, and make a logic in such a way that users of one group won't have access to what is created by other group. But then it actually feels wrong, since as I understand group are supposed to be used in a different way - to have admin group and user group, etc, segregating users "vertically" by "privileges", and not "horizontally".
Can you please suggest a right approach for this problem?
I would implement a custom protocol mapper which loads extra user permissions for your application and stores them in a token. This way, you use a single realm and if there are more companies in the future it scales well. Here you've got an example of how to implement it.
Basically, the otherClaims field of the access token is a JSON field that allows a map of properties to be set. You could add a field here such as:
userAccessibleCompanyIds: [1,3,4]
How to load the company ids for the concrete user? You can access your application database from the mapper or get them using the REST API.
Then in your application you need to have a control of what the user accesses. What I do is decode the token and see if the user request suits. If not, return a 403 response.
Does anybody know how user profiles are managed in external networks ? In particular, when we get Users using the REST API, Yammer respond with a user data where:
The user id in the external network is not the same as the user id in the principal network
Email address is replaced by something like username+externalnetwork#users.yammer.com"
Do you know if there is a way to find the user principal properties by requesting the external nerwork (or maybe find a way to match the user between its principal and external networks) ?
By the way is there any documentation somewhere about the External Networks and the REST API ?
User profiles in external networks are separate in that they have different user IDs and state (pending, active, deleted etc.) To avoid duplication you only edit name, job title etc. in the home network and that appears in the other profiles. This explains why the users have different IDs.
When you get a user profile for /domain.com/api/v1/users/current.json and /en-pemalink/api/v1/users/current.json you should get different results back. I don't know if there is a recommended way because this isn't documented, or generally recommended for third parties. Zapier published some information on the quirks of the API that may be helpful.