Filtering users return HTTP error
16 views
Skip to first unread message
Cornelius
May 23, 2014, 6:25:19 AM5/23/14
to os...@googlegroups.com
Hi there,
I am running the demo OSIAM database, now.
I am putting my application against it, which wants to read users from the resource serves.
Looks nice so far:
I was not able to use the python connector library since the requests module, that is used does not like being called from within a web application.
I realized that it is only one request I need, so I used httplib2 myself.
Now, when I construct such a URL to issue my get request
http://localhost:8080/osiam-resource-server/Users?filter%3DuserName%20eq%20marissa
-> 505 error
http://localhost:8080/osiam-resource-server/Users?filter=userName+eq+marissa
-> 409 error
Calling /Users without the filter parameter works fine.
In the catalino log I see such things:
WARN [org.osiam.security.helper.SSLRequestLoggingFilter] - <SSL/TLS should be used>
line 1:12 mismatched input 'marissa' expecting VALUE
Mai 23, 2014 12:21:08 PM org.osiam.resources.exceptions.OsiamExceptionHandler handleConflict
Warnung: An exception occurred
java.lang.IllegalArgumentException: mismatched input 'marissa' expecting VALUE
Hm, has the filtering language changed?
Any ideas?
THanks a lot and kind regards
Cornelius
I am running the demo OSIAM database, now.
I am putting my application against it, which wants to read users from the resource serves.
Looks nice so far:
I was not able to use the python connector library since the requests module, that is used does not like being called from within a web application.
I realized that it is only one request I need, so I used httplib2 myself.
Now, when I construct such a URL to issue my get request
http://localhost:8080/osiam-resource-server/Users?filter%3DuserName%20eq%20marissa
-> 505 error
http://localhost:8080/osiam-resource-server/Users?filter=userName+eq+marissa
-> 409 error
Calling /Users without the filter parameter works fine.
In the catalino log I see such things:
WARN [org.osiam.security.helper.SSLRequestLoggingFilter] - <SSL/TLS should be used>
line 1:12 mismatched input 'marissa' expecting VALUE
Mai 23, 2014 12:21:08 PM org.osiam.resources.exceptions.OsiamExceptionHandler handleConflict
Warnung: An exception occurred
java.lang.IllegalArgumentException: mismatched input 'marissa' expecting VALUE
Hm, has the filtering language changed?
Any ideas?
THanks a lot and kind regards
Cornelius
Thomas Krille
May 23, 2014, 9:18:24 AM5/23/14
to Cornelius, os...@googlegroups.com
Hello Cornelius,
the value to search for must be wrapped in double quotes. So this should work as expected: userName eq "marissa"
Best Regards
Thomas Krille
Softwareentwicklung
tarent solutions GmbH
Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.kr...@tarent.de
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-0 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Softwareentwicklung
tarent solutions GmbH
Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.kr...@tarent.de
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-0 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
--
You received this message because you are subscribed to the Google Groups "OSIAM" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osiam+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Cornelius
May 23, 2014, 9:35:09 AM5/23/14
to Thomas Krille, os...@googlegroups.com
Hi Thomas,
thanks for the hint.
It works for the userName, but it fails for the id:
When I call this URL:
We were calling the URL http://localhost:8080/osiam-resource-server/Users?filter=id+eq+%22cef9452e-00a9-4cec-a086-d171374ffbef%22
Traceback (most recent call last):
File "privacyidea/lib/resolvers/SCIMIdResolver.py", line 316, in <module>
ret = y.getUserInfo(loginId)
File "/data/home/corny/src/privacyIDEA.github/privacyidea/lib/resolvers/SCIMIdResolver.py", line 95, in getUserInfo
userId) })
File "/data/home/corny/src/privacyIDEA.github/privacyidea/lib/resolvers/SCIMIdResolver.py", line 273, in _search_with_get_on_users
raise Exception("Could not get user list token: %s" % resp.get("status"))
Exception: Could not get user list token: 409
I understand that I usually would call
http://localhost:8080/osiam-resource-server/Users/cef9452e-00a9-4cec-a086-d171374ffbef
if I have the ID, but as privacyIDEA has its own idea about User IDs, it provides a mapping that defines, which field contains the userid.
Does the filter not work on the ID?
Kind regards
Cornelius
thanks for the hint.
It works for the userName, but it fails for the id:
When I call this URL:
We were calling the URL http://localhost:8080/osiam-resource-server/Users?filter=id+eq+%22cef9452e-00a9-4cec-a086-d171374ffbef%22
Traceback (most recent call last):
File "privacyidea/lib/resolvers/SCIMIdResolver.py", line 316, in <module>
ret = y.getUserInfo(loginId)
File "/data/home/corny/src/privacyIDEA.github/privacyidea/lib/resolvers/SCIMIdResolver.py", line 95, in getUserInfo
userId) })
File "/data/home/corny/src/privacyIDEA.github/privacyidea/lib/resolvers/SCIMIdResolver.py", line 273, in _search_with_get_on_users
raise Exception("Could not get user list token: %s" % resp.get("status"))
Exception: Could not get user list token: 409
I understand that I usually would call
http://localhost:8080/osiam-resource-server/Users/cef9452e-00a9-4cec-a086-d171374ffbef
if I have the ID, but as privacyIDEA has its own idea about User IDs, it provides a mapping that defines, which field contains the userid.
Does the filter not work on the ID?
Kind regards
Cornelius
Cornelius
May 23, 2014, 10:19:27 AM5/23/14
to Thomas Krille, os...@googlegroups.com
...looks like I am right.
When I define the "userName" to be the privacyIDEA userid
{ "username" : "userName" , "userid" : "userName"}
Then everything works fine, but in the privacyIDEA world we loose the flexibility.
Is it recommend to not being able to filter for the id?
As there are also other boolean filters except the eq, I would expect that it might be possible to filter for the id like
filter=id sw "12345"
Kind regards
cornelius
When I define the "userName" to be the privacyIDEA userid
{ "username" : "userName" , "userid" : "userName"}
Then everything works fine, but in the privacyIDEA world we loose the flexibility.
Is it recommend to not being able to filter for the id?
As there are also other boolean filters except the eq, I would expect that it might be possible to filter for the id like
filter=id sw "12345"
Kind regards
cornelius
Am 23.05.2014 15:18, schrieb Thomas
Krille:
Thomas Krille
May 27, 2014, 5:00:38 AM5/27/14
to Cornelius, os...@googlegroups.com
Hello Cornelius,
sorry for the late answer. You are absolutely right, filtering by 'id' attribute is not implemented in the current version of OSIAM. I think this has something to do with the ability to get the user by id via /Users/{id}, as you already mentioned. If you think this is a bug or missing feature we can open an issue in our Jira for that. IMHO it should be possible to search for the resource by id to be able to fulfill use cases such as yours.
Best Regards
Thomas Krille
Softwareentwicklung
tarent solutions GmbH
Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.kr...@tarent.de
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-0 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Softwareentwicklung
tarent solutions GmbH
Telefon +49 (0) 30 138803-128
Telefax +49 (0) 228 54881-235
t.kr...@tarent.de
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-0 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Thomas Krille
May 27, 2014, 8:57:16 AM5/27/14
to os...@googlegroups.com, Thomas Krille
Hello Cornelius,
what do you mean with "do a wildcard search for the id"? IDs are randomly generated UUIDs. I don't think that using operators like sw, co, etc. make any sense in this case, do they?
Reply all
Reply to author
Forward
0 new messages