cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dynatrace Cluster API and adding user via API after update 1.208

Nickolay
Frequent Guest

Hi all!

With update 1.208 comes new functional, "You can now add users via UI or REST API additionally in LDAP or SSO mode in order to pre-configure their permissions before they sign-in first time." 

release notes 1.208 

Ok, it is fine. But our company uses for automated user management Cluster API v1, part /users(PUT POST DELETE). Also we use SSO-authorization. 

After update from 1.206 to 1.208 we lost capabilty to manage our cluster user via API. Because of error 403, Operation forbidden - LOCAL authentication is turned off, users are updated during LDAP or SSO login.

I have checked the API changelog documentation(1.208 and 1.207) and found no entries regarding Cluster API and section '/users' changes.

Has anyone else encountered a similar problem?

2 REPLIES 2

ChadTurner
Leader

I would recommend putting in a support ticket as all updates should not prevent you from your daily duties and tasks. This might be an issue or bug that they are unaware of. 

-Chad

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Actually, we've fixed with 1.208 the REST API that you rely on. Previously we allowed to manipulate users/groups via REST API when automatic assignment of groups by LDAP/SSO was turned on - which is a bug - as no matter what you set via REST API it gets overwritten during user sign-in with the data returned from identity provider - LDAP or SSO. 

 

To have this working properly - you need to turn off "automatic group assignment" in LDAP configuration screen or SSO - SAML/OpenID screen. With this setting then, user gets authenticated with LDAP/SSO but authorized (check groups permission) based on the configuration in Dynatrace.