We are using KeyCloak as SSO directory for our application. We use OAuth 2.0 protocol.
We have defined one custom attribute in KeyCloak, and this attributed has "MultiValued" properties on.
Then, each user has multiple values entered as value1##value2##value3
For some users Keycloak correctly send the attribute in the ID token as an array of values, such as ["value1", "value2", "value3"]
But for some other users, the string is passed as it is entered "value1##value2##value3", which is not correct.
I'm struggling finding why these different behaviours occur.
Has anyone seen the same problem ?
Thanks a lot
Keycloak uses ## as a delimiter internally, this is ok. Make sure you have marked the value as multivalued in the clients mapper.
After doing this i went from getting only the last element to getting all elements.
Related
I want to store the unique user id returned in the response by an Oauth provider in my SQL database. I've seen some posts suggesting that varchar(128) should be enough. Are there any providers whose user id extends this limit? I have checked the docs for some of the more popular providers like Google, Facebook and Github but I can't seem to find any information about the size of this user id.
OIDC defines the sub claim as:
A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII characters in length. The sub value is a case sensitive string.
So better use VARCHAR(255).
I've created an ADF flow that loops over URL's to fetch OData using the OData connection.
However, not all fields are available in all URL's, there are certain ones that are available in one URL, but not in the other. A $Select is used to select the fields that we need.
Is it possible to have an optional selection (as in, if the path is not available, do not fetch this field and return null instead for instance)? Would help us a great deal.
I've tried adding ? after the field, but that does not work. $select=Field1,Field2,FieldOptional?
Thanks
As I understand you are trying to loop through a bunch of a URL and the query on the ODATA URL will change and so will be the fields . I think you can use a lookup where you pass the unique url and its gives the fields and then concatenate the url with the fields and make a odata call .
I am working on a project where we have requirement to provide field level access to users.
Example:
Suppose there is an entity named employee with several fields
The application should allow secure access at the field level of the entity.
According to the access user is allowed to edit / read the fields.
We have thought of an implementation using spring acl but it provides instance level security.
Could someone please let know an elegant way to implement it?
Thanks in advance.
Take a look at the fields plugin.
It allows you to control how individual fields are rendered.
You could implement a security check within each field's _field.gsp fragment, or you could override the plugin's taglib's f:all method and add a security check there if you prefer.
You could use the plugin for that, but you'd need to do some extra work. The ACL support in Spring Security basically lets you say "grant permission x on object instance y (of type "foo") with id z to person p". There is an example permissions class with standard instances like Read, Write, Admin, etc., but the underlying infrastructure only works with the numbers 1, 2, 4, 8, etc. so you can easily define your own permission types - they're really just mappings of human-readable names to numbers. You typically grant permissions on domain object instances, but under the hood the names of the domain classes are just strings, so you could store any type name there. And the ids can be any value, e.g. a number or a string.
You wouldn't be able to use the #PreAuthorize and #PostFilter annotations on service methods, but you can still query the ACL beans to see if, given a field or whatever you want, the currently authenticated user is allowed to perform some action.
for our scopes we need to use unique ID generated by us for the answers submitted by users. This is possible by adding "?c=" at the end of the survey link followed by the ID number.
Example Format: http://www.surveymonkey.com/s/XXXXX?c=00001
The terrific problem is that the custom value is not returned anyway via API. It is not added as a property of the Answer object neither its value replaces somehow the respondant_id property.
We see that you are able to expose that data from your internal endpoints that you use for your proprietary web interface but how to get this data from he outside via API?
Thanks
When you call 'get_respondent_list', ensure you pass through 'custom_id' in the list of strings in the 'fields' parameter. This will then be returned in the output with the custom value you entered.
I have a customer requirement to export the checks written in QuickBooks into a specific format because their bank allows fraud prevention by uploading a file and they verify the name on the check against what you give them before clearing it.
I looked at the QuickBooks SDK (we use the XML to communicate in general) and It references a field on the check called PayeeEntityRef with a FullName property, but typically in QuickBooks that data structure would indicate what the entity is called, not what appears on the check (Vendors have a NameOnCheck property, for example, which can be something other than their name).
Without coding up multiple test cases to demonstrate QuickBooks behavior here, does anyone have experience with getting the name as it was printed on the check? What is the best way to do it?
It's somewhat possible to get what you are wanting, but there are going to be some hiccups that you'll need to let you client know about. The main problem being that there's no way to retrieve the actual name printed on the check.
You would first need to query for the Checks/Bill Payment - Checks for the bank account. Then, using the PayeeEntityRef (I would use the ListID component) figure out which "List" the entity is on; Customer, Vendor, Employee, or Other. I don't know of any way to tell which list the PayeeEntityRef is from other than doing a query for each of the lists.
If the PayeeEntityRef is a Vendor or Employee, then you can retrieve the NameOnCheck value. The only thing you would need to keep in mind is that if the NameOnCheck has been modified AFTER the check was printed, the names will not match.
If the PayeeEntityRef is a Customer or Other name, then you have to do a little bit more. The value that QuickBooks uses for the printed name is based on what fields are filled out for the customer record. It first will use the CompanyName field if it is not null. Next, it will try to use the First/Middle/LastName fields, if they are not null. Finally, it will use the Name field as a last resort. Keep in mind that this is not the FullName field, just the Name field.
I haven't tested this with an "Other" name, as I have my clients try not to use that list, but I would imagine it's similar to how Customers work.