Develop Reference

Is it possible to create guest users using Java SDK graph api?

I am using this code to create users in Azure Active Directory from Java SDK. I have installed all required packages and libraries.
User user = new User();
user.accountEnabled = true;
user.displayName = "Kevin";
user.mailNickname = "kevin";
user.userPrincipalName = "kevin234#domain.onmicrosoft.com";
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.forceChangePasswordNextSignIn = true;
passwordProfile.password = "***********";
user.passwordProfile = passwordProfile;
graphClient.users()
.buildRequest()
.post(user);
I can create normal users but how to create guest users. I included user.userType='guest' in the above code
user.userPrincipalName = "kevin234#hotmail.com";
user.userType='guest'; // I added this that outputs Invalid Request error
graphClient.users()
.buildRequest()
.post(user);
Is there any easy way to do that using Graph API query? Can somebody suggest the changes I have to do in my code to achieve my scenario?
TIA

I tried to reproduce the same in my environment and got the below results:
To create guest users, you can make use of below query:
POST https://graph.microsoft.com/v1.0/invitations
Content-type: application/json
{
"invitedUserEmailAddress": "kevin234#hotmail.com",
"inviteRedirectUrl": "https://yourwebsite.com"
}
Response:
When I checked the Portal, guest user created successfully like below:
You can find the code snippet in Java beside your query response like below:
Code Sample in Java:
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
Invitation invitation = new Invitation();
invitation.invitedUserEmailAddress = "kevin234#hotmail.com";
invitation.inviteRedirectUrl = "https://yourwebsite.com";
graphClient.invitations()
.buildRequest()
.post(invitation);
Credits: Create invitation - Microsoft Docs

How to optimize Bulk upload users Azure B2C JAVA?

Hi I need to migrate 20k users I have followed the Microsoft documentation for the SDK and saw some of the post on stack overflow but I still don't see how I can bulk upload my users to Azure AD B2C. The below method will take me 4 hours.
GraphServiceClient<Request> graphClient = GraphServiceClient.builder().authenticationProvider( tokenCredentialAuthProvider ).buildClient();
for (DBuser dbuser : users) {
com.microsoft.graph.models.User user = new com.microsoft.graph.models.User();
user.accountEnabled = true;
user.displayName = dbuser.getFirstName();
final LinkedList<ObjectIdentity> identitiesList = new LinkedList<ObjectIdentity>();
ObjectIdentity identities = new ObjectIdentity();
identities.signInType = "emailAddress";
identities.issuerAssignedId = dbuser.getEmail();
identities.issuer = "issuer";
identitiesList.add(identities);
user.identities = identitiesList;
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.password = dbuser.getPassword();
passwordProfile.forceChangePasswordNextSignIn = false;
user.passwordProfile = passwordProfile;
user.passwordPolicies = "DisablePasswordExpiration";
graphClient.users().buildRequest().post(user);
}

PowerShell script to create local accounts in bulk
Connect-azuread
$users = import-csv C:\temp\Admin.csv
$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile
$PasswordProfile.Password = "P#$$w0rd"
foreach ($usr in $users)
{
New-AzureADUser -DisplayName $usr.name -PasswordProfile $PasswordProfile UserPrincipalName $usr.upn -AccountEnabled $true -MailNickName $usr.email
}
Below is how my C:\temp\test.csv file looks:
Reference : Use Graph Call for Social Accounts :
https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http#example-2-create-a-user-with-social-and-local-account-identities
Creating bulk social identities via Graph API, you can combine multiple requests in one HTTP call using JSON batching as documented here: https://learn.microsoft.com/en-us/graph/json-batching
Note: You may need to modify it as per your requirement

Shiro Session logout not working

I'm working in a project where we are using Apache Shiro for security.
Now, I'm not sure if the problem is in the Shrio configuration or if it is somewhere else.
What happens is, that when a User has entered the credentials and is authenticated with basic auth, the values for username and password are preserved until the browser has been shutdown. I've tried this in Firefox and Chrome and it is the same behaviour.
From what I understand this sounds like the Shiro "RememberMe" function, but I "think" I've shut this off.
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
logger.info("Remember Me active ? {}", upToken.isRememberMe());
Prints:
09:44:00,323 INFO [TestRealm] Remember Me active ? false
I've also tried using the Shiro logout configured in the shiro.ini file
[main]
...
logout.redirectUrl = /logout.jsp
...
[url]
/logout = logout
The logout.jsp looks as follows:
<%# page import="org.apache.shiro.SecurityUtils" %>
<% SecurityUtils.getSubject().logout();%>
You have succesfully logged out.
Non of this helps, the session is still active as long the browser has not been shutdown. When on the logout page, using Chrome-developer, I can see that the cookie is removed in the resources.
The shiro.ini complete file
[main]
authBasicRealm = se.test.TestRealm
securityManager.realms = $authBasicRealm
#builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $builtInCacheManager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#securityManager.sessionManager.sessionIdCookieEnabled = false
# cookie for single sign on
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = test.session
cookie.path = /test
cookie.maxAge = 60
#cookie.secure = true
cookie.httpOnly = false
sessionManager.sessionIdCookie = $cookie
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager.sessionDAO = $sessionDAO
securityManager.sessionManager = $sessionManager
logout.redirectUrl = /logout.jsp
[users]
# format: username = password, role1, role2, ..., roleN
admin = admin, 4
user = user, 2
[roles]
admin = *
user = *
#User Get Specified
1 = 1
#User Get All
2 = 1
#Create Put Update
3 = 2:*
#Admin
4 = admin:*
test = 2:*
[urls]
/logout = logout
/** = authcBasic
Best,
Henrik

There muust be some probelm in configuration you can try a demo app from https://github.com/dominicfarr/skybird-shiro and check if it works.

Why is SocialAuth saying "facebook is not a provider or valid OpenId URL"?

Using SocialAuth: v2.3 via Railo CFML Engine, I am getting the following exception thrown:
Railo 3.3.4.003 Error (org.brickred.socialauth.exception.SocialAuthException)
Message facebook is not a provider or valid OpenId URL
Cause org.brickred.socialauth.exception.SocialAuthException
Stacktrace The Error Occurred in
/Users/rountrjf/Sites/ccpd-dev/controllers/socialauth.cfc: line 31
29: manager.setSocialAuthConfig(config);
30: successUrl = "http://dev.ccpd.uc.edu/socialauth/success";
31: providerUrl = manager.getAuthenticationUrl("facebook", successUrl);
Here is a snippet of my CFC code:
public string function login() {
id = params.key;
configFile = expandPath("/SocialAuth/oauth_config.properties");
inputFile = createObject("java","java.io.File").init(configFile);
inputStream = createObject("java", "java.io.FileInputStream").init(inputFile);
SocialAuthConfig = createObject("java","org.brickred.socialauth.SocialAuthConfig").init();
config = SocialAuthConfig.getDefault();
config.load(configFile);
SocialAuthManager = createObject("java","org.brickred.socialauth.SocialAuthManager").init();
manager = SocialAuthManager;
manager.setSocialAuthConfig(config);
successUrl = "http://dev.ccpd.uc.edu/socialauth/success";
providerUrl = manager.getAuthenticationUrl("facebook", successUrl);
Why is it throwing this error? The "configFile" has a property for "facebook" and it configured as shown in step 3 of the "Getting Started" guide.
CONFIG FILE I'M USING
#google
www.google.com.consumer_key = opensource.brickred.com
www.google.com.consumer_secret = YC06FqhmCLWvtBg/O4W/aJfj
#you can set custom permission by using custom_permissions with provider prefix.
#www.google.com.custom_permissions = http://www.google.com/m8/feeds/,http://picasaweb.google.com/data/
#yahoo
api.login.yahoo.com.consumer_key = dj0yJmk9VTdaSUVTU3RrWlRzJmQ9WVdrOWNtSjZNMFpITm1VbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1iMA--
api.login.yahoo.com.consumer_secret = 1db3d0b897dac60e151aa9e2499fcb2a6b474546
#twitter
twitter.com.consumer_key = E3hm7J9IQbWLijpiQG7W8Q
twitter.com.consumer_secret = SGKNuXyybt0iDdgsuzVbFHOaemV7V6pr0wKwbaT2MH0
#facebook
graph.facebook.com.consumer_key = 152190004803645
graph.facebook.com.consumer_secret = 64c94bd02180b0ade85889b44b2ba7c4
#you can set custom permission by using custom_permissions with provider prefix.
#graph.facebook.com.custom_permission = publish_stream,email,user_birthday,user_location,offline_access
#hotmail
consent.live.com.consumer_key = 000000004403D60E
consent.live.com.consumer_secret = cYqlii67pTvgPD4pdB7NUVC7L4MIHCcs
#AOL
api.screenname.aol.com.consumer_key = ab1QxoYXlT-x-ARL
api.screenname.aol.com.consumer_secret = 000
#LinkedIn
api.linkedin.com.consumer_key = 9-mmqg28fpMocVuAg87exH-RXKs70yms52GSFIqkZN25S3m96kdPGBbuSxdSBIyL
api.linkedin.com.consumer_secret = e6NBqhDYE1fX17RwYGW5vMp25Cvh7Sbw9t-zMYTIW_T5LytY5OwJ12snh_YftgE4
#MySpace
api.myspace.com.consumer_key = 29db395f5ee8426bb90b1db65c91c956
api.myspace.com.consumer_secret = 0fdccc829c474e42867e16b68cda37a4c4b7b08eda574fe6a959943e3e9be709
#FourSquare
foursquare.com.consumer_key = JQKEM1PHWFW4YF2YPEQBRRESXE3SBGNCYJWWDTZKF3IZNJ3V
foursquare.com.consumer_secret = 4IILLDFDVPP2LC554S4KXKETQNTDKPDSEVCKVHA2QEHKYBEQ
#Yammer
www.yammer.com.consumer_key=5zyIkp12TrkulSRbSegQ
www.yammer.com.consumer_secret=zUcCB9kqWhI1IiTAJbl9QdG2AWcUJMDWp3Qyv5VJJw
#Mendeley
api.mendeley.com.consumer_key=f31077a7576d5e02537e232eb649403c04fce1dd0
api.mendeley.com.consumer_secret=1810bc92d4625f673e4ff35cb248aab3
#Salesforce
login.salesforce.com.consumer_key = 3MVG9Y6d_Btp4xp4yFMR0tPSndkAVu4OBejuYcL2iGFC68tA49PknWKX20XdPl5s1iwWldyuAbSINWHbB2Jcu
login.salesforce.com.consumer_secret = 1993703471433041656

I would suggest using Constants.FACEBOOK which is actually "facebook" but in case it isn't it has a value that should work.
A possible reason that the error appears is that you are not using the correct input file.
Make sure that the configuration config is loaded correctly,
try to call config.getProviderConfig(Constants.FACEBOOK) and see if it returns null
Lastly you can try this. This is what I used and works.
SocialAuthConfig config = new SocialAuthConfig();
SocialAuthManager socialAuthManager = new SocialAuthManager();
config.load(inputStream);
socialAuthManager.setSocialAuthConfig(config);
I don't really know Railo CFML Engine and what it does so I can't help.
Maybe remove .getDefault() from config = SocialAuthConfig.getDefault();?

Grails, Spring Security LDAP Plugin

I'm trying to get the LDAP plugin work. I only want a LDAP authentication against an Active Directory but it seems that I'm missing something.
Config
grails {
plugins {
springsecurity {
userLookup.userDomainClassName = 'de.ac.dmf.security.User'
userLookup.authorityJoinClassName = 'de.ac.dmf.security.UserRole'
authority.className = 'de.ac.dmf.security.Role'
ldap {
context.managerDn = 'CN=dmf Systemuser,CN=Users,DC=dmf,DC=local'
context.managerPassword = 'Password1'
context.server = 'ldap://192.168.100.133:389/'
authorities{
groupSearchBase ='OU=Groups'
groupSearchFilter = '(member={0})'
retrieveGroupRoles = false
retrieveDatabaseRoles = false
defaultRole = 'USER'
ignorePartialResultException = true
}
search{
base = 'CN=Users,DC=dmf,DC=local'
filter = '(sAMAccountName={0})'
searchSubtree = true
}
// mapper.userDetailsClass = 'user'
// auth.hideUserNotFoundExceptions = false
useRememberMe = false
}
}
}
}
On every login I just get this exception
2011-04-29 08:49:09,129 [http-8080-1] DEBUG springsecurity.RequestHolderAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.AuthenticationServiceException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=dmf,DC=local'; remaining name 'CN=Users,DC=dmf,DC=local'
It doesn't matter which user from my AD I'm trying to authenticate. Is my configuration wrong?
I'm using
Grails 1.3.7
spring-security-core 1.1.2
spring-security-ldap 1.04

are you sure about your base configuration? Looks like OU=Users could work instead of CN=Users. Easiest way to figure this out is to use a tool like ad explorer (http://technet.microsoft.com/de-de/sysinternals/bb963907), connect to your AD, browse to a user and take a look at the path to the user...

Try using:
filter = '(&(sAMAccountName={0})(objectclass=user))'
That works on our AD.

You are missing the provider name list.
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider']