Solved: Dynatrace Cluster API and adding user via API after update 1.208

Nickolay · ‎27 Apr 2021

Hi all!

With update 1.208 comes new functional, "You can now add users via UI or REST API additionally in LDAP or SSO mode in order to pre-configure their permissions before they sign-in first time."

release notes 1.208

Ok, it is fine. But our company uses for automated user management Cluster API v1, part /users(PUT POST DELETE). Also we use SSO-authorization.

After update from 1.206 to 1.208 we lost capabilty to manage our cluster user via API. Because of error 403, Operation forbidden - LOCAL authentication is turned off, users are updated during LDAP or SSO login.

I have checked the API changelog documentation(1.208 and 1.207) and found no entries regarding Cluster API and section '/users' changes.

Has anyone else encountered a similar problem?

ChadTurner · ‎05 May 2021

I would recommend putting in a support ticket as all updates should not prevent you from your daily duties and tasks. This might be an issue or bug that they are unaware of.

-Chad

Radoslaw_Szulgo · ‎05 May 2021

Actually, we've fixed with 1.208 the REST API that you rely on. Previously we allowed to manipulate users/groups via REST API when automatic assignment of groups by LDAP/SSO was turned on - which is a bug - as no matter what you set via REST API it gets overwritten during user sign-in with the data returned from identity provider - LDAP or SSO.

To have this working properly - you need to turn off "automatic group assignment" in LDAP configuration screen or SSO - SAML/OpenID screen. With this setting then, user gets authenticated with LDAP/SSO but authorized (check groups permission) based on the configuration in Dynatrace.

Senior Product Manager,
Dynatrace Managed expert