public async Task <IUser> CreateActiveUser(string userName, string firstName, string password) { var options = new CreateUserWithPasswordOptions { Profile = new UserProfile { Email = userName, Login = userName, FirstName = firstName, LastName = "Lastname", PrimaryPhone = "2065551212", }, Password = password, Activate = true, }; return(await _client.Users.CreateUserAsync(options)); }
private CSEntryChangeResult PutCSEntryChangeAdd(CSEntryChange csentry, ExportContext context) { AuthenticationProvider provider = new AuthenticationProvider(); provider.Type = AuthenticationProviderType.Okta; UserProfile profile = new UserProfile(); bool suspend = false; string newPassword = null; foreach (AttributeChange change in csentry.AttributeChanges) { if (change.Name == "provider.type") { provider.Type = new AuthenticationProviderType(change.GetValueAdd <string>()); logger.Info($"Set {change.Name} to {provider.Type ?? "<null>"}"); } else if (change.Name == "provider.name") { provider.Name = change.GetValueAdd <string>(); logger.Info($"Set {change.Name} to {provider.Name ?? "<null>"}"); } else if (change.Name == "suspended") { suspend = change.GetValueAdd <bool>(); } else if (change.Name == "export_password") { newPassword = change.GetValueAdd <string>(); } else { if (change.IsMultiValued) { profile[change.Name] = change.GetValueAdds <object>(); } else { profile[change.Name] = change.GetValueAdd <object>(); logger.Info($"Set {change.Name} to {profile[change.Name] ?? "<null>"}"); } } } IOktaClient client = ((OktaConnectionContext)context.ConnectionContext).Client; IUser result; if (newPassword != null) { CreateUserWithPasswordOptions options = new CreateUserWithPasswordOptions() { Password = newPassword, Activate = false, Profile = profile }; result = AsyncHelper.RunSync(client.Users.CreateUserAsync(options, context.CancellationTokenSource.Token), context.CancellationTokenSource.Token); } else { CreateUserWithProviderOptions options = new CreateUserWithProviderOptions() { Profile = profile, ProviderName = provider.Name, ProviderType = provider.Type, Activate = false }; result = AsyncHelper.RunSync(client.Users.CreateUserAsync(options, context.CancellationTokenSource.Token), context.CancellationTokenSource.Token); } if (context.ConfigParameters[ConfigParameterNames.ActivateNewUsers].Value == "1") { bool sendEmail = context.ConfigParameters[ConfigParameterNames.SendActivationEmailToNewUsers].Value == "1"; AsyncHelper.RunSync(client.Users.ActivateUserAsync(result.Id, sendEmail, context.CancellationTokenSource.Token), context.CancellationTokenSource.Token); } if (suspend) { AsyncHelper.RunSync(result.SuspendAsync(context.CancellationTokenSource.Token), context.CancellationTokenSource.Token); } List <AttributeChange> anchorChanges = new List <AttributeChange>(); anchorChanges.Add(AttributeChange.CreateAttributeAdd("id", result.Id)); return(CSEntryChangeResult.Create(csentry.Identifier, anchorChanges, MAExportError.Success)); }
public async Task <Entities.Users.User> RegisterUserAsync(RegisterUserRequest request) { IUser oktaUser = null; try { var oktaUserRequest = new CreateUserWithPasswordOptions { Activate = true, Profile = new UserProfile { FirstName = request.FirstName, LastName = request.LastName, Email = request.Email, Login = request.Email }, Password = request.Password }; oktaUser = await _oktaClient.Users.CreateUserAsync(oktaUserRequest); _logger.LogDebug($"Registered user {request.Email} with Okta. Okta ID: {oktaUser.Id}"); if (!string.IsNullOrEmpty(_oktaConfig.AppGroupName)) { var appGroup = await _oktaClient.Groups.FirstOrDefaultAsync(x => x.Profile.Name == _oktaConfig.AppGroupName); if (appGroup != null) { await _oktaClient.Groups.AddUserToGroupAsync(appGroup.Id, oktaUser.Id); } _logger.LogDebug($"Added user {request.Email} to Okta group {_oktaConfig.AppGroupName}"); } } catch (OktaApiException oktaEx) { _logger.LogError(oktaEx, $"Error creating user {request.Email} in Okta. Error Code: {oktaEx.ErrorCode}. Summary: {oktaEx.ErrorSummary}"); // TODO: throw a more friendly error message throw new Exception(oktaEx.ErrorSummary, oktaEx); } try { var user = new Entities.Users.User { SubjectId = oktaUser.Id, EmailAddress = request.Email, FirstName = request.FirstName, LastName = request.LastName, RegisteredOn = DateTime.UtcNow }; await CreateUserAsync(user); _logger.LogDebug($"Registered user {request.Email}"); return(user); } catch (Exception ex) { _logger.LogError(ex, $"Error registering user {request.Email}"); throw ex; } }
public IActionResult ValidateUser(string psw, string username) { string temp = psw; PswMigrationResponse pswMigrationRsp = new PswMigrationResponse(); Okta.Sdk.IUser oktaUser = null; var client = new OktaClient(new OktaClientConfiguration { OktaDomain = _config.GetValue <string>("OktaWeb:OktaDomain"), Token = _config.GetValue <string>("OktaWeb:ApiToken") }); //use received username and password to bind with LDAP //if password is valid, set password in Okta try { //check username in Okta and password status oktaUser = (Okta.Sdk.User)client.Users.GetUserAsync(username).Result; } catch (OktaApiException ex) { //trap error, handle User is null var test = ex.ErrorCode; } catch (Exception e) { //trap error, handle User is null OktaApiException myExp = (OktaApiException)e.InnerException; var myErr = myExp.ErrorCode; } if (oktaUser != null) { //if user password already set, no furhter processing if (oktaUser.Profile["IsPasswordInOkta"] == null || oktaUser.Profile["IsPasswordInOkta"].ToString() == "false") { //check user credentials in LDAP bool rspIsAuthenticated = _credAuthentication.IsAuthenticated(username, psw, _ldapServiceModel); if (rspIsAuthenticated) { //set password in Okta Okta.Sdk.PasswordCredential setPassword = new Okta.Sdk.PasswordCredential(); setPassword.Value = psw; oktaUser.Credentials.Password = setPassword; oktaUser.Profile["IsPasswordInOkta"] = "true"; Okta.Sdk.IUser rspPartialUpdate = oktaUser.UpdateAsync().Result; if (rspPartialUpdate != null) { if (rspPartialUpdate.PasswordChanged != null) { pswMigrationRsp.status = "set password in Okta successful"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.status = "set password in Okta failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //arrive here is user creds not validated in Ldap pswMigrationRsp.status = "LDAP validation failed"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { //no work required pswMigrationRsp.status = oktaUser.Status; pswMigrationRsp.isPasswordInOkta = "true"; } //build response pswMigrationRsp.oktaId = oktaUser.Id; pswMigrationRsp.login = oktaUser.Profile.Login; } else { //arrive here if user not found in Okta //check user credentials and get profile from LDAP //Okta.Sdk.IUser rspOktaUser = null; CustomUser rspCustomUser = _credAuthentication.IsCreated(username, psw, _ldapServiceModel); if (rspCustomUser != null) { //create Okta user with password //dont auto activate, sincewe dont want email CreateUserWithPasswordOptions newUserOptions = new CreateUserWithPasswordOptions { // User profile object Profile = new UserProfile { Login = rspCustomUser.Email, FirstName = rspCustomUser.FirstName, LastName = rspCustomUser.LastName, Email = rspCustomUser.Email }, Password = psw, Activate = false, }; newUserOptions.Profile["IsPasswordInOkta"] = "true"; Okta.Sdk.IUser rspAddCustomUser = client.Users.CreateUserAsync(newUserOptions).Result; if (rspAddCustomUser != null) { var rspActivate = rspAddCustomUser.ActivateAsync(sendEmail: false).Result; if (rspActivate != null) { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "Created in Okta"; pswMigrationRsp.isPasswordInOkta = "true"; } else { pswMigrationRsp.oktaId = rspAddCustomUser.Id; pswMigrationRsp.login = rspAddCustomUser.Profile.Login; pswMigrationRsp.status = "User NOT ACTIVE in Okta"; pswMigrationRsp.isPasswordInOkta = "unknown"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT Created in Okta"; pswMigrationRsp.isPasswordInOkta = "false"; } } else { pswMigrationRsp.oktaId = "none"; pswMigrationRsp.login = "******"; pswMigrationRsp.status = "User NOT found in External Source"; pswMigrationRsp.isPasswordInOkta = "false"; } } return(Content(content: JsonConvert.SerializeObject(pswMigrationRsp), contentType: "application/json")); // return this.Ok("Web Api unprotected endpoint, SUCCESS"); }