REST API Configuration in Gluu

By: Mohanish Sontakke user 20 Mar 2020 at 9:11 a.m. CDT

13 Responses
Mohanish Sontakke gravatar
Hello, I have installed the Gluu with version 4.1 and installed a miniOrange OAuth plugin to configure it with the wordpress site. Everything is working fine. However, I would like to know that how to configure REST API in the Gluu dashboard? Those APIs will pull out the users from another AMS and and I can use those user details to login to the WordPress site. Please suggest how I can achieve this. Thanking you.
Gluu 4.0 Ubuntu 18.04
closed

Answers

By Mohanish Sontakke user 23 Mar 2020 at 4:05 a.m. CDT

Copy
Mohanish Sontakke gravatar
Any updates on this?

By Sahil Arora user 24 Mar 2020 at 9:44 a.m. CDT

Copy
Sahil Arora gravatar
Hi Mohanish, There are no direct APIs available in Gluu. You can either use SCIM calls to add users to Gluu database, or use [Cache Refresh](https://gluu.org/docs/ce/4.1/admin-guide/oxtrust-ui/#cache-refresh) feature to pull users from external LDAP.Let me know if you have any additional questions. Thanks Sahil

By Mohanish Sontakke user 24 Mar 2020 at 10:18 a.m. CDT

Copy
Mohanish Sontakke gravatar
Hello Sahil, Thanks for the response. Can we connect over a quick call to discuss in detail? Please let me know your availability.

By Sahil Arora user 24 Mar 2020 at 11:21 a.m. CDT

Copy
Sahil Arora gravatar
Hi Mohansh, Apologies but call and private support is available only for Gluu customers. You can review our [options](https://www.gluu.org/pricing/) and get in touch with our sales team. Thanks Sahil

By Mohanish Sontakke user 25 Mar 2020 at 3:04 a.m. CDT

Copy
Mohanish Sontakke gravatar
Ok Sahil no issue. You mean we need to save all the users from external server(LDAP) to the Gluu server database and use a wordpress plugin to perform SSO? What I am thinking is that if we can send an username and password to the Gluu, then Gluu make a call to the REST API to get the user's details(without saving in Gluu) from external server to get the response and we can use that response for further processing. Please suggest. I have a REST API(along with the header parameters) to get all of the users from AMS. Please suggests where should I set in the Gluu dashboard?

By Mohanish Sontakke user 26 Mar 2020 at 3:30 a.m. CDT

Copy
Mohanish Sontakke gravatar
Hello Sahil, Any update on the above comments? Thanks

By Sahil Arora user 26 Mar 2020 at 10:02 a.m. CDT

Copy
Sahil Arora gravatar
HI Mohanish, That is not possible. For Gluu to Authenticate Users, they have to be available in its internal database. Which can either be done with `SCIM` or `Cache Refresh` feature.

By Mohanish Sontakke user 27 Mar 2020 at 2:53 a.m. CDT

Copy
Mohanish Sontakke gravatar
Ok Sahil, but to make them available in Gluu, we need to save their passwords also along with the username and email. I see, most of the REST APIs does not provide user's password but username/email. Please suggests. Thanks

By Sahil Arora user 27 Mar 2020 at 9:28 a.m. CDT

Copy
Sahil Arora gravatar
Gluu only allows you to use external AD/LDAP to authenticate users externally. In that case the passoword is not required to be saved in internal database. But you will need to use Cache Refresh feature to pull other attributes from external LDAP. You can refer complete [documentation](https://gluu.org/docs/ce/4.1/user-management/ldap-sync/) to enable Cache Refresh and setup external authentication.

By Mohanish Sontakke user 27 Mar 2020 at 11:04 a.m. CDT

Copy
Mohanish Sontakke gravatar
ok, can we use Impexium(its a AMS) with the Gluu server? Impexium provides REST APIs to pull out the users.

By Yuriy Movchan staff 27 Mar 2020 at 2:37 p.m. CDT

Copy
Yuriy Movchan gravatar
Hi Mohanish, We discussed some time ago special Cache Refresh script to load users from remote data source. But there are few alternatives of this approach: 1. Insert into Gluu DB all user via SCIM Rest API. 2. Implement Auto Enrollment in Authentication Script. In second approach on user login you can do: 1. Authenticate user via Impexium Rest API. 2. Add user into DB if in not exists yet. We can add minimum attributes set. Here are small pattern: ``` externalUid = "Impexium-%s" % impexiumUid userService = CdiUtil.bean(UserService) userByUid = userService.getUserByAttribute("oxExternalUid", externalUid) ... if userByUid == None: // Add user to DB newUser = User() #Fill user attrs newUser.setAttribute("oxExternalUid", externalUid) self.fillUser(newUser, profile) newUser = userService.addUser(newUser, True) else: // Update user in DB if needed ``` Here is [sample](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/passport/PassportExternalAuthenticator.py#L483).

By Mohanish Sontakke user 30 Mar 2020 at 5:52 a.m. CDT

Copy
Mohanish Sontakke gravatar
Hi Yuriy, Thanks for the response. I have gone through the SCIM documentation and looks like we can use its CRUD operations to create/read/update/delete users in the Dashboard. Also, the script/code provided above is in Python language. Do you have it in other languages like in PHP / Javascript / nodejs? Because I can not understand the Python language. Also, where to put that code in the dashboard and how to test/debug script?

By Sahil Arora user 30 Mar 2020 at 8:55 a.m. CDT

Copy
Sahil Arora gravatar
Hi Mohanish, Interception scripts in Gluu are written in Jython, enabling Java or Python classes to be imported. While the syntax of the script requires Python, most of the functionality can be written in Java. Custom scripts can either be inserted directly into the GUI, or a path can be specified to the script. You can refer [this](https://gluu.org/docs/ce/authn-guide/customauthn/#custom-script-location) for more details.

Post an answer