search

kasmtech / workspaces-issues

18 stars 3 forks source link

[Question] - Creating a group and assigning an OIDC mapper to it using the API #545

Closed mikeshootzz closed 1 month ago

mikeshootzz commented 2 months ago

I want to create a group and give it an OIDC mapper using the API. I managed to create a group using the /api/public/create_group endpoint (which btw isn't mentioned in the documentation btw, had to figure it out by myself). I used the following request body for this: 

{
  "api_key": "{{api_key}}",
  "api_key_secret": "{{api_key_secret}}",
    "target_group": {
            "name": "test",
            "description": null,
            "priority": 10
    }
}

I looked at my existing group with an OIDC mapper using the /api/public/get_groups endpoint, this returned the following: 

        {
            "group_id": "49e5443df9674588871ff4f2472f10b4",
            "name": "Administrators",
            "description": null,
            "priority": 1,
            "is_system": true,
            "group_metadata": {},
            "group_mappings": [
                {
                    "sso_group_id": "6a6d0fe16dc84947990ce1c87a1d9e4a",
                    "ldap_id": null,
                    "saml_id": null,
                    "oidc_id": "d382a9f8054845b5970e2f4a14f317e3",
                    "group_id": "49e5443df9674588871ff4f2472f10b4",
                    "sso_group_attributes": "/Administrators",
                    "apply_to_all_users": false,
                    "sso_name": "User Login",
                    "sso_type": "oidc"
                }
            ]
        }

My intuition told me to just add the group mappings to the create group request JSON, but this doesn't work. I also tried using the update group endpoint but with without any luck either. This is what I tried:

{
  "api_key": "{{api_key}}",
  "api_key_secret": "{{api_key_secret}}",
    "target_group": {
        "group_id": "68d557ac4cac42cca9f31c7c853de0f3",
        "group_mappings": [
      {
        "sso_group_attributes": "/All Users",
        "apply_to_all_users": true,
        "sso_name": "User Login",
        "sso_type": "oidc"
      }
    ]
    }
}

Can anyone help me? Thanks!

j-travis commented 2 months ago

Hi, Here is a guide that recommends how to go about using undocumented APIs. https://kasmweb.atlassian.net/servicedesk/customer/portal/3/article/10682377

Maybe this will help. In short, use dev tools to see what the browser is sending when doing the workflow manually. Then slightly adjust the call to work with your API keys

mikeshootzz commented 2 months ago

THANK YOU! I've been trying this for days now. This is what worked for me:

Endpoint: /api/public/add_sso_mapping_group

Request body: 

{
  "api_key": "{{api_key}}",
  "api_key_secret": "{{api_key_secret}}",
  "target_sso_mapping": {
    "group_id": "68d557ac4cac42cca9f31c7c853de0f3",
    "sso_id": "d382a9f8-0548-45b5-970e-2f4a14f317e3",
    "sso_group_attributes": "/All Users",
    "apply_to_all_users": false
  }
}