I live in an enterprise environment where most of our production domains are currently non-routable (e.g. .local).
I tried extending the schema but since the non-routable cannot be verified and the default .onmicrosoft I don't think could either. My enterprise allows me to easily create subdomains so I attached it and verified for testing purposes and ran into the same verified domain error.
Per the documentation, I should be able to either us the ID of my domain name or just the scheme name and get 8 random-alpha-chars added. Neither approach works in this case.
POST: https://graph.microsoft.com/v1.0/schemaExtensions
{
"id": "idmdomain.sub.domain.net_Owners",
"description": "Owners of the group",
"targetTypes": [
"Group"
],
"properties": [{
"name": "PrimaryOwners",
"type": "String"
},
{
"name": "SecondaryOwners",
"type": "String"
}
]
}
Message Received:
{
"code": "BadRequest",
"message": "Your organization must own the namespace idmdomain.sub.domain.net as a part of one of the verified domains.",
"request-id": "1c7363f9-d54b-408a-8b29-2c0d2a94280a",
"date": "2018-03-22T21:47:22"
}
From the documentation:
If you already have a vanity .com,.net, .gov, .edu or a .org domain that you have verified with your tenant, you can use the domain name along with the schema name to define a unique name, in this format {domainName}_{schemaName}.
For example, if your vanity domain is contoso.com, you can define an id of, contoso_mySchema. This is the preferred option.
So in your example, idmdomain.sub.domain.net_Owners should simply be domain_Owners. It shouldn't include idmdomain, sub, net or any ..
Thank you Marc for pointing me in the correct direction. Even though my app had the correct delegated permissions (Directory.AccessAsUser.All) I now understand that I needed to execute this change in the user context instead of application as application is not supported.
For those that come behind me {domainName}_{schemaName} works if you validate your domain, if dont and you just leave schemename then the generated guid works as documented. I recommended reviewing the two links below as they were what finally unlocked the puzzle for me.
Helped me understand how this is working (authentication vs authorization)
https://developer.microsoft.com/en-us/graph/docs/concepts/rest
Helped me setup postman to quickly validate
https://blogs.msdn.microsoft.com/softwaresimian/2017/10/05/using-postman-to-call-the-graph-api-using-azure-active-directory-aad/
I should add for the postman route, a few changes...
Auth URL
https://login.microsoftonline.com/yourtennantid/oauth2/authorize?resource=https%3A%2F%2Fgraph.microsoft.com
Access Token URL
https://login.microsoftonline.com/yourtennantid/oauth2/token
Scope = Directory.AccessAsUser.All
Related
Via the BIM360 API, I am able to create Quality Issues and upload files (to be used as attachments). However, even though I am calling Post Attachments (https://forge.autodesk.com/en/docs/bim360/v1/reference/http/field-issues-attachments-POST/) (and all responses are good), nothing appears on the Issue screen.
Issue screen with manually added file. How can I make my attached file appear under the References->Files section?
(Note, I saw a mention elsewhere of the relationships API, but I get a random error just calling the first "asset" API [{"title":"Forbidden","detail":"Forbidden","errorCode":"GENERAL_ERROR","type":"https://developer.api.autodesk.com/bim360/assets/v1/error-codes/GENERAL_ERROR"}])
firstly, the screenshot shows you are working with Issues in Autodesk Construction Cloud (ACC), while the API you are using is for BIM360 Issue. This API is NOT compatible with ACC.
To work with ACC Issue, the API is available at the category of ACC:
https://forge.autodesk.com/en/docs/acc/v1/reference/http/issues-issues-GET/
this blog tells more.
https://forge.autodesk.com/blog/acc-issues-api-available-preview
In the context of ACC, the attachment(references) is managed by the general API (Relationship API). In Additional Tests of Postman collection of ACC Issue API, I demoed how to add Photo with the Issue. The logic is similar.
https://github.com/Autodesk-Forge/forge-acc.issues.api-postman.collection
Firstly, use Data Management API to get the document urn. Then, use ACC Issue API to get id of one issue. finally, use Relationship API to bind them.
PUT https://developer.api.autodesk.com/bim360/relationship/v2/containers/{{project_id_without_b}}/relationships
P.s. -bim360- in the domains is just because of legacy design of the terminologies. It can work for the contexts of both BIM360 and ACC (note it is Relationship API can work within both of the contexts)
Payload:
[
{
"entities": [
{
"domain": "autodesk-bim360-issue",
"type": "issue",
"id": "{{one_issue_id}}"
},
{
"domain": "autodesk-bim360-documentmanagement",
"type": "documentlineage",
"id": "{{one_document_urn}}"
}
]
}
]
I am working with cas-overlay-template project in version 6.1.4. I have implemented two mfa providers on my CAS, Google Authenticator and CAS Simple. Both are working, I have tested them separately and I have got the results I've expected.
Until now, I have been activating the mfa modifying the cas.properties file adding this properties: cas.authn.mfa.globalProviderId=mfa-gauth when I wanted to use Google, or cas.authn.mfa.globalProviderId=mfa-simple when I used the CAS itself.
Well, in CAS documentation is mentioned that is possible to enable a provider selection menu, if resolved more than one just by adding this propertie: cas.authn.mfa.provider-selection-enabled=true. So, my configuration is the following:
cas.authn.mfa.provider-selection-enabled=true
cas.authn.mfa.globalProviderId=mfa-gauth
cas.authn.mfa.globalProviderId=mfa-simple
But when I try to login with any user (I'm using the default one casuser:Mellon), CAS don't show me a menu in which I can select the following mfa provider, It directly goes to mfa-simple provider.
What am I doing wrong?
Well, in CAS documentation is mentioned that is possible to enable a provider selection menu, if resolved more than one just by adding this properties:
So far so good.
So, my configuration is the following:
That's the problem. You are not resolving/triggering more than just one provider. You start with mfa-gauth and then override it with mfa-simple. In CAS 6.1.x, the globalProviderId only accepts a single identifier. It's not a list or a container of any kind to accept more than one value. This has been addressed in the next coming release.
At the moment, to resolve more than one provider you will need to assign the MFA providers to a registered service definition. Like so:
{
"#class": "org.apereo.cas.services.RegexRegisteredService",
"serviceId": "^(https|imaps)://.*",
"name": "Example",
"id": 1,
"description": "This service definition defines a service.",
"evaluationOrder": 1,
"multifactorPolicy" : {
"#class" : "org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy",
"multifactorAuthenticationProviders" : [ "java.util.LinkedHashSet", [ "mfa-duo", "mfa-gauth" ] ]
}
}
This means, provider selection can be enabled on a per-application basis. Alternatively, you can write a small groovy script to return more than one provider back to CAS, allowing the selection menu to display the menu items.
Read this post for full details.
I am trying to deploy an ARM template through Azure DevOps. I've tried doing a test deployment (Test-AzResourceGroupDeployment) through PowerShell without any issues.
This issue has persisted for several weeks, and i've read some posts stating it dissapeared after a few hours or after a day, however this has not been the case for me.
In Azure DevOps my build is succeeding just fine. But when i try to create a release through my release pipeline using the resource "Azure resource group deployment" it will fail stating the error:
"Code": "Conflict",
"Message": "Cannot modify this site because another operation is in progress. Details: Id: 4f18af87-8848-4df5-82f0-ec6be47fb599, OperationName: Update, CreatedTime: 9/27/2019 8:55:26 AM, RequestId: 691b5183-aa8b-4a38-8891-36906a5e2d20, EntityType: 3"
Update
I have later noticed that the error surfaces when trying to deploy my hostNameBindings for the site.
I have 2 different hostNameBindings in my template which causes the failure.
It fails apparently because it tries to deploy both of them at the same time, though i am not aware of an apparent fix for this so any help would still be appreciated!
I tried to use the copy function but as far as i know that will make an exact copy for both hostNameBindings which is not what i need. first of all they have different names and properties, anyone got a fix for this?
Make the one hostNameBindings depend on the other host name binding. Then they will be executed 1 after another and you should not get the same error message.
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', variables('websitename'))]",
"[resourceId('Microsoft.Web/sites/hostNameBindings/',variables('websitename'), variables('firstbindingame-aftertheslash-sowithoutthewebsitename'))]"
],
Look like people already notice this issue and trying to fix it.
https://status.azure.com/
I had the same issue when using the Copy function in order to add multiple Custom Domains. Thanks to David Gnanasekaran's blog I was able to fix this issue.
By default the copy function will execute in parallel. By setting the mode to serial and setting the batchSize to 1 I did not receive any operation is in progress errors.
Here is my piece of ARM template to set the custom domains.
"copy": {
"name": "hostNameBindingsCopy",
"count": "[length(parameters('customDomainNames'))]",
"mode": "Serial",
"batchSize": 1
},
"apiVersion": "[variables('webApiVersion')]",
"name": "[concat(variables('webAppName'), '/', parameters('customDomainNames')[copyIndex()])]",
"type": "Microsoft.Web/sites/hostNameBindings",
"kind": "string",
"location": "[resourceGroup().location]",
"condition": "[greater(length(parameters('customDomainNames')), 0)]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('webAppName'))]"
],
"properties": {
"customHostNameDnsRecordType": "CName",
"hostNameType": "Verified",
"siteName": "parameters('webAppName')"
}
We deploy azure resources using an ARM template as part of our build process before deploying the actual application.
So far all our application resources are self contained within a resource group. e.g. A web app that requires a sql server and a storage account are clubbed into one resource group.
However we have come across a scenario/need where we need to share a resource eg. storage account across resource groups. Resource Group A has the storage account and Resource Group B's web app requires the connection string/app keys pertaining to the storage account in its appconfig.json/web.config.
Question
How do I build the connection string for the app in resource group B to connect to a resource in resource group A as I need to obtain the Id of the resource group A in B
Here is how i build the connection string if they are in the same resource group
"variables"
{
"storageAccounts_id": "[concat(**resourceGroupA**().id,'/providers/Microsoft.Storage/storageAccounts/', variables('storageAccntName'))]",
},
"resources": [
{
"apiVersion": "2015-08-01",
"type": "config",
"name": "connectionstrings",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('MyWebSiteName'))]"
],
"properties": {
"AzureWebJobsDashboard": {
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',variables('storageAccntName'),';AccountKey=',concat(listKeys(variables('storageAccounts_id'),'2015-05-01-preview').key1))]",
"type": "Custom"
},
}
}
]
Notes:
I did go through this site https://azure.microsoft.com/en-us/documentation/articles/resource-group-linked-templates/ about linked templates, but it does not suit our current build process which uses Octo (unless there is something I may be missing) which deployes the ARM first then the application (web).
For this scenario where the storage account name is known and does not depend on the resource group (eg, uniqueString(resourceGroup().id)), then you can simply use the longer form for resourceId(). The full form looks like:
resourceId([subscriptionId], [resourceGroupName], resourceType, resourceName1, [resourceName2]...)
so we can optionally supply subscriptionId and resourceGroupName.
listKeys(resourceId(parameters('ResourceGroupAName'), 'Microsoft.Storage/storageAccounts', variables('ccPaymentStorageName'))
If it was in a different subscription, you could also specify the subscription.
listKeys(resourceId(parameters('SubscriptionId'), parameters('ResourceGroupAName'), 'Microsoft.Storage/storageAccounts', variables('ccPaymentStorageName'))
If your storage account name depends on the resource group like
"storageName": "[concat('mystorage', uniqueString(resourceGroup().id))]" // in Resource Group A
then you'll either need to always run the template that creates this account and output the storageName and the resourceGroup or find a way to reference the other resource group to get it's id so that the name can be re-created.
I have been able to use something like this to "re-create" the resource group id so I can generate the proper name of the storage account.
"otherResourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('ResourceGroupName'))]"
Then I can use that to generate the name appropriately:
"storageAccountName": "[concat('mystorage', uniqueString(variables('otherResourceGroupId')))]"
You can try below(for an example ):-
"subNetId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('virtualNetworkNameRG'), '/providers/', 'Microsoft.Network/virtualNetworks/',parameters('virtualNetworkName'),'/subnets/', parameters('subnetName'))]",
refer https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions
I'm trying to get all hostgroups/hosts through the zabbix API.
I have used the following json requests:
{
"jsonrpc": "2.0",
"method": "hostgroup.get",
"params": {
"output": "extend"
},
"auth": "6f38cddc44cfbb6c1bd186f9a220b5a0",
"id": 1
}
The one for hosts differs only in "host.get" instead of "hostgroup.get".
But unfortunately some information is hidden. The frontend shows everything correct. But the API output is missing some hostgroupts/hosts.
It's bizarre because one of my self created hostgroups is displayed, the other one is not. Same happens with the hosts that are currently inside this hostgroup. As you can see I don't use any filter option.
Does somebody have a clue?
Thanks in advance!
If your user is not a Zabbix "superadmin", it must have permissions on those host groups. Otherwise you would not be able to retrieve groups or their members.