Using GMU To Change A User's Password
search cancel

Using GMU To Change A User's Password

book

Article ID: 10929

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

Some clients have been inquiring if there is any automated way to update an internal identity provider user's password instead of having to do it through the policy manager.  You can make use of the gateway migration utility via the restman endpoint to accomplish this.



Environment

Release: CA API Gateway 10.x 11.x 
Component:

Resolution

You can run a command such as the following to obtain a list of all users and obtain the desired user id:

 

gatewaymigrationutility.bat restman -z Myargs.args --unwrapItem -method GET --path 1.0/users

 

You can expect output similar to the following:

 

Running.....

Status: 200 OK

Server: Apache-Coyote/1.1

Content-Length: 5373

Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<l7:List xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">

    <l7:Name>USER List</l7:Name>

    <l7:Type>List</l7:Type>

    <l7:TimeStamp>2017-10-06T09:37:24.675-04:00</l7:TimeStamp>

    <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/users"/>

    <l7:Link rel="template" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000fffffffffffffffe/users/template"/>

    <l7:Item>

        <l7:Name>SampleUser</l7:Name>

        <l7:Id>60a61a0e4a64a691d361ed5264bcea34</l7:Id>

        <l7:Type>USER</l7:Type>

        <l7:TimeStamp>2017-10-06T09:37:24.672-04:00</l7:TimeStamp>

        <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000fffffffffffffffe/users/60a61a0e4a64a691d361ed5264bcea34"/>

        <l7:Resource>

            <l7:User providerId="0000000000000000fffffffffffffffe" id="60a61a0e4a64a691d361ed5264bcea34">

                <l7:Login>SampleUser</l7:Login>

                <l7:FirstName></l7:FirstName>

                <l7:LastName></l7:LastName>

                <l7:Email></l7:Email>

                <l7:Properties>

                    <l7:Property key="accountExpiration">

                        <l7:LongValue>-1</l7:LongValue>

                    </l7:Property>

                    <l7:Property key="enabled">

                        <l7:BooleanValue>true</l7:BooleanValue>

                    </l7:Property>

                    <l7:Property key="name">

                        <l7:StringValue>SampleUser</l7:StringValue>

                    </l7:Property>

                </l7:Properties>

            </l7:User>

        </l7:Resource>

    </l7:Item>

    <l7:Item>

        <l7:Name>admin</l7:Name>

        <l7:Id>00000000000000000000000000000003</l7:Id>

        <l7:Type>USER</l7:Type>

        <l7:TimeStamp>2017-10-06T09:37:24.675-04:00</l7:TimeStamp>

        <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000ffff

fffffffffffe/users/00000000000000000000000000000003"/>

        <l7:Resource>

            <l7:User providerId="0000000000000000fffffffffffffffe" id="00000000000000000000000000000003">

                <l7:Login>admin</l7:Login>

                <l7:FirstName></l7:FirstName>

                <l7:LastName></l7:LastName>

                <l7:Email></l7:Email>

                <l7:Properties>

                    <l7:Property key="accountExpiration">

                        <l7:LongValue>-1</l7:LongValue>

                    </l7:Property>

                    <l7:Property key="enabled">

                        <l7:BooleanValue>true</l7:BooleanValue>

                    </l7:Property>

                    <l7:Property key="name">

                        <l7:StringValue>admin</l7:StringValue>

                    </l7:Property>

                </l7:Properties>

            </l7:User>

        </l7:Resource>

    </l7:Item>

</l7:List>

 

 

You can then obtain the user id from the above output, in this case we are going to update the password for the user 'SampleUser'.

We created a NewPassword.xml file which contains the updated password for our user 'SampleUser'.  The NewPassword.xml file only contains the new password for the user we are updating.

We could then execute a command such as the following to update that users password:

gatewaymigrationutility.bat restman -z Myargs.args --unwrapItem -method PUT --path 1.0/users/60a61a0e4a64a691d361ed5264bcea34/password --request NewPassword.xml

We will get a 200 return code from the gmu command along with information pertaining to the user in question which we just updated upon successful completion such as the following:

 

Running......

Status: 200 OK

Server: Apache-Coyote/1.1

Content-Length: 1891

Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<l7:User xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" id="60a61a0e4a64a691d361ed5264bcea34" providerId="0000000000000000fffffffffffffffe">

    <l7:Login>SampleUser</l7:Login>

    <l7:FirstName/>

    <l7:LastName/>

    <l7:Email/>

    <l7:Properties>

        <l7:Property key="accountExpiration">

            <l7:LongValue>-1</l7:LongValue>

        </l7:Property>

        <l7:Property key="enabled">

            <l7:BooleanValue>true</l7:BooleanValue>

        </l7:Property>

        <l7:Property key="name">

            <l7:StringValue>SampleUser</l7:StringValue>

        </l7:Property>

    </l7:Properties>

</l7:User>

 

We should then attempt to login to policy manager with the updated password for the user in question and it should be successful.

Additional Information

We have a video doc that goes over this entire process which you can access at the following link:
https://www.youtube.com/watch?v=z6TZyE-hgt4
Powered by Wolken Software