I’m using the API call api/users/update_identity_provider to migrate users from LDAP to SAML
When I issue this command, it works:
When I issue this command, it works
When I issue this command, it fails
If the first ‘.’ in the email address is followed by a capital letter, I get
Invoke-RestMethod : The remote server returned an error: (400) Bad Request.
I can run the same command with these parameters without issue:
BlakeADuffey
blake.duffey
Blake.duffey
This causes a pretty significant problem because the email addresses in our IdP are capitalized.
So when I convert an LDAP user, the identity has to match exactly. Otherwise, the SAML login creates a 2nd account.
Since I never got any response - I was able to work around this by doing the following:
$login = “ldap_ID”
$newIdentity = “email.address@domain.com”$foo = “http://localhost:9000/api/users/update_identity_provider?login=$login&newExternalProvider=saml”
Invoke-RestMethod -Uri $foo -Headers $headers -Method POST
Invoke-RestMethod -Uri $foo -Headers $headers -Method POST
For some reason if you do it as 2 separate steps it works.
Hi,
Thanks for this report and sorry it got overlooked initially.
I’ve flagged this for team attention.
Ann
Hi @bduffey,
Thanks for the detailed report and for the workaround that you found!
We’ll investigate this on our side and we’ll open a ticket if we confirm it.
I’ll post an update as soon as we find time to take a look.
Hi Blake,
Sorry for the very late answer.
Since 10.4, we deprecated POST api/users/update_identity_provider and we recommend using PATCH api/v2/users-management/users/{id}.
Cheers,
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.