idnio 2.3.2b → 2.3.3b
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/idnio/markdown.rb +0 -8
- data/lib/idnio/program.rb +15 -0
- data/lib/idnio/version.rb +2 -2
- data/lib/idnio.rb +0 -1
- data/lib/objects/account-profiles.rb +1 -1
- data/lib/objects/account-schemas.rb +1 -1
- data/lib/objects/attribute-sync-config.rb +3 -3
- data/lib/objects/connectors.rb +45 -44
- data/lib/objects/identity-attributes.rb +43 -4
- data/lib/objects/identity-profiles.rb +139 -20
- data/lib/objects/lifecycle-states.rb +30 -16
- data/lib/objects/public-identities-config.rb +10 -3
- data/lib/objects/system-settings.rb +30 -28
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: afc6ee33e894329b2b06bafc2c6faaecd7ecf4e3c02f57e93a28982472393d6d
|
4
|
+
data.tar.gz: f3f30b000a14b49340bb4cec18033ff806c70ef695e4c2c0c4cab06f5e11acff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2747b53f8ccb2839b001e8aaab3b39aba77673d5a08ca0855c92a1c152bc046da0ab2f0d9e1b0bcdc8722e1bde515f4021750cf18f2d346f25427d335b653e07
|
7
|
+
data.tar.gz: 9098412cc2d768cab5a855b10b78b972440c8f6ad4504dc7ac163c95ebb57ffe17a7c23ec5431faba469f89efffa36c1340d302ef27def9f8a07c1cf36ebeabc
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/lib/idnio/markdown.rb
CHANGED
data/lib/idnio/program.rb
CHANGED
@@ -9,6 +9,21 @@ module Program
|
|
9
9
|
|
10
10
|
end
|
11
11
|
|
12
|
+
def self.humanize( var )
|
13
|
+
case var
|
14
|
+
when true
|
15
|
+
return "Yes"
|
16
|
+
when false
|
17
|
+
return "No"
|
18
|
+
when "true"
|
19
|
+
return "Yes"
|
20
|
+
when "false"
|
21
|
+
return "No"
|
22
|
+
else
|
23
|
+
return var
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
12
27
|
def self.line
|
13
28
|
$log.info "--------------------------------------------------------------"
|
14
29
|
end
|
data/lib/idnio/version.rb
CHANGED
data/lib/idnio.rb
CHANGED
@@ -143,7 +143,7 @@ module AccountProfiles
|
|
143
143
|
|
144
144
|
accountProfile["fields"].each do |field|
|
145
145
|
|
146
|
-
Markdown.text "|#{field['name']}|#{field['type']}|#{field['isRequired']}|#{field['multi']}|#{field['transform']}|\n"
|
146
|
+
Markdown.text "|#{field['name']}|#{field['type']}|#{Program.humanize( field['isRequired'] )}|#{Program.humanize( field['multi'] )}|#{field['transform']}|\n"
|
147
147
|
|
148
148
|
end # accountProfile["fields"].each do |field|
|
149
149
|
|
@@ -329,7 +329,7 @@ s
|
|
329
329
|
Markdown.text( "| Name | Description | Type | Multi-valued | Entitlement |\n" )
|
330
330
|
Markdown.text( "|------|-------------|------|--------------|-------------|\n" )
|
331
331
|
accountSchema["attributes"].each do |attribute|
|
332
|
-
Markdown.text( "|#{attribute["name"]}|#{attribute["description"]}|#{attribute["type"]}|#{attribute["entitlement"]}|#{attribute["multi"]}|\n" )
|
332
|
+
Markdown.text( "|#{attribute["name"]}|#{attribute["description"]}|#{attribute["type"]}|#{Program.humanize( attribute["entitlement"] )}|#{Program.humanize( attribute["multi"] )}|\n" )
|
333
333
|
end
|
334
334
|
end
|
335
335
|
end
|
@@ -108,10 +108,10 @@ module AttributeSyncConfig
|
|
108
108
|
|
109
109
|
unless ( syncAttributes.nil? || syncAttributes["syncAttributes"].nil? || syncAttributes["syncAttributes"].empty? )
|
110
110
|
Markdown.h3( "#{source["name"]}" )
|
111
|
-
Markdown.text( "| Account Attribute | Identity Attribute | Enabled |\n" )
|
112
|
-
Markdown.text( "
|
111
|
+
Markdown.text( "| Account Attribute | Identity Attribute | Enabled? |\n" )
|
112
|
+
Markdown.text( "|-------------------|--------------------|----------|\n" )
|
113
113
|
syncAttributes["syncAttributes"].each do |syncAttribute|
|
114
|
-
Markdown.text( "|#{syncAttribute["targetAttribute"]}|#{syncAttribute["identityAttributeName"]}|#{syncAttribute["enabled"]}|\n" )
|
114
|
+
Markdown.text( "|#{syncAttribute["targetAttribute"]}|#{syncAttribute["identityAttributeName"]}|#{Program.humanize( syncAttribute["enabled"] )}|\n" )
|
115
115
|
end
|
116
116
|
end
|
117
117
|
end
|
data/lib/objects/connectors.rb
CHANGED
@@ -133,6 +133,45 @@ module Connectors
|
|
133
133
|
"Workday Accounts"
|
134
134
|
]
|
135
135
|
|
136
|
+
#
|
137
|
+
# Gets a connector script, given type
|
138
|
+
#
|
139
|
+
def self.get_script( type )
|
140
|
+
return @@script_type[ type ]
|
141
|
+
end
|
142
|
+
|
143
|
+
#
|
144
|
+
# Gets a connector by the type
|
145
|
+
#
|
146
|
+
def self.get_by_type( type )
|
147
|
+
return Connectors.get_by_attribute( "type", type )
|
148
|
+
end
|
149
|
+
|
150
|
+
#
|
151
|
+
# Gets a connector by an attribute
|
152
|
+
#
|
153
|
+
def self.get_by_attribute( attribute, value )
|
154
|
+
|
155
|
+
response = IDNAPI.get( "#{$url}/cc/api/connector/list", $token )
|
156
|
+
|
157
|
+
unless response.nil?
|
158
|
+
|
159
|
+
connectors = JSON.parse( response.body )
|
160
|
+
|
161
|
+
connectors['items'].each do |connector|
|
162
|
+
|
163
|
+
if ( connector[ attribute ] == value )
|
164
|
+
return connector
|
165
|
+
end
|
166
|
+
|
167
|
+
end # connectors['items'].each do |connector|
|
168
|
+
|
169
|
+
end # unless response.nil?
|
170
|
+
|
171
|
+
return nil
|
172
|
+
|
173
|
+
end # def self.get_by_attribute( attribute, value )
|
174
|
+
|
136
175
|
#
|
137
176
|
# Exports Connector configurations.
|
138
177
|
#
|
@@ -216,8 +255,6 @@ module Connectors
|
|
216
255
|
#
|
217
256
|
def self.doc
|
218
257
|
|
219
|
-
Markdown.h2( "Connectors" )
|
220
|
-
|
221
258
|
response = IDNAPI.get( "#{$url}/cc/api/connector/list", $token )
|
222
259
|
|
223
260
|
case response
|
@@ -225,17 +262,18 @@ module Connectors
|
|
225
262
|
|
226
263
|
connectors = JSON.parse( response.body )
|
227
264
|
|
265
|
+
Markdown.h2 "Connectors"
|
228
266
|
$log.info "\tDetected #{connectors['total']} connectors."
|
229
267
|
|
268
|
+
Markdown.text "| Connector Name | Connector Class | Direct Connect | Status |\n"
|
269
|
+
Markdown.text "|----------------|-----------------|----------------|--------|\n"
|
270
|
+
|
230
271
|
connectors['items'].each do |connector|
|
231
272
|
|
232
273
|
if (!@@default_connectors.include? connector["name"] || $config["include-defaults"])
|
233
274
|
$log.info "\tConnector: #{connector["name"]}"
|
234
|
-
|
235
|
-
Markdown.
|
236
|
-
Markdown.text( "- Class: #{connector["className"]}\n" )
|
237
|
-
Markdown.text( "- Direct Connect: #{connector["directConnect"]}\n" )
|
238
|
-
Markdown.text( "- Status: #{connector["status"]}\n" )
|
275
|
+
|
276
|
+
Markdown.text "| #{connector["name"]} | #{connector["className"]} | #{Program.humanize(connector["directConnect"])} | #{connector["status"]} |\n"
|
239
277
|
|
240
278
|
else
|
241
279
|
$log.info "\tSkipping Default Connector: #{connector["name"]}"
|
@@ -249,43 +287,6 @@ module Connectors
|
|
249
287
|
|
250
288
|
end
|
251
289
|
|
252
|
-
#
|
253
|
-
# Gets a connector script, given type
|
254
|
-
#
|
255
|
-
def self.get_script( type )
|
256
|
-
return @@script_type[ type ]
|
257
|
-
end
|
258
|
-
|
259
|
-
#
|
260
|
-
# Gets a connector by the type
|
261
|
-
#
|
262
|
-
def self.get_by_type( type )
|
263
|
-
return Connectors.get_by_attribute( "type", type )
|
264
|
-
end
|
265
|
-
|
266
|
-
#
|
267
|
-
# Gets a connector by an attribute
|
268
|
-
#
|
269
|
-
def self.get_by_attribute( attribute, value )
|
270
290
|
|
271
|
-
response = IDNAPI.get( "#{$url}/cc/api/connector/list", $token )
|
272
|
-
|
273
|
-
unless response.nil?
|
274
|
-
|
275
|
-
connectors = JSON.parse( response.body )
|
276
|
-
|
277
|
-
connectors['items'].each do |connector|
|
278
|
-
|
279
|
-
if ( connector[ attribute ] == value )
|
280
|
-
return connector
|
281
|
-
end
|
282
|
-
|
283
|
-
end # connectors['items'].each do |connector|
|
284
|
-
|
285
|
-
end # unless response.nil?
|
286
|
-
|
287
|
-
return nil
|
288
|
-
|
289
|
-
end # def self.get_by_attribute( attribute, value )
|
290
291
|
|
291
292
|
end
|
@@ -53,7 +53,7 @@ module IdentityAttributes
|
|
53
53
|
'system' => identity_attribute['system'],
|
54
54
|
'type' => identity_attribute['type']
|
55
55
|
}
|
56
|
-
|
56
|
+
return IDNAPI.post_json( "#{$url}/cc/api/identityAttribute/create", $token, create_json )
|
57
57
|
end
|
58
58
|
|
59
59
|
#
|
@@ -70,7 +70,7 @@ module IdentityAttributes
|
|
70
70
|
'system' => identity_attribute['system'],
|
71
71
|
'type' => identity_attribute['type']
|
72
72
|
}
|
73
|
-
|
73
|
+
return IDNAPI.post_json( "#{$url}/cc/api/identityAttribute/update?name=#{identity_attribute['name']}", $token, update_json )
|
74
74
|
end
|
75
75
|
|
76
76
|
#
|
@@ -108,6 +108,8 @@ module IdentityAttributes
|
|
108
108
|
|
109
109
|
JSON.parse( identity_attributes ).each do |identity_attribute|
|
110
110
|
|
111
|
+
$log.debug "\tIdentity attribute: #{identity_attribute["name"]}"
|
112
|
+
|
111
113
|
unless ( @@disallowed_identity_attributes.include? identity_attribute["name"] )
|
112
114
|
|
113
115
|
existing_identity_attribute = IdentityAttributes.get_by_name( identity_attribute["name"] )
|
@@ -118,8 +120,15 @@ module IdentityAttributes
|
|
118
120
|
response = IdentityAttributes.update( identity_attribute )
|
119
121
|
end
|
120
122
|
|
123
|
+
case response
|
124
|
+
when Net::HTTPSuccess
|
125
|
+
$log.debug "\tIdentity attribute successfully imported."
|
126
|
+
else
|
127
|
+
$log.error "\tCould not import identity attribute #{identity_attribute["name"]}"
|
128
|
+
end
|
129
|
+
|
121
130
|
else
|
122
|
-
$log.warn "\
|
131
|
+
$log.warn "\tSkipping default identity attribute: #{identity_attribute["name"]}."
|
123
132
|
end
|
124
133
|
end
|
125
134
|
|
@@ -130,7 +139,37 @@ module IdentityAttributes
|
|
130
139
|
# Documents Identity Attribute configurations.
|
131
140
|
#
|
132
141
|
def self.doc
|
133
|
-
|
142
|
+
|
143
|
+
response = IDNAPI.get( "#{$url}/cc/api/identityAttribute/list", $token )
|
144
|
+
|
145
|
+
case response
|
146
|
+
when Net::HTTPSuccess
|
147
|
+
|
148
|
+
identity_attributes = JSON.parse( response.body )
|
149
|
+
|
150
|
+
$log.info "\tRetreived identity attributes."
|
151
|
+
|
152
|
+
unless identity_attributes.nil? || identity_attributes.empty?
|
153
|
+
|
154
|
+
Markdown.h2 "Identity Attributes"
|
155
|
+
|
156
|
+
Markdown.text "| Display Name | Technical Name | Searchable | Details |\n"
|
157
|
+
Markdown.text "|--------------|----------------|------------|---------|\n"
|
158
|
+
|
159
|
+
identity_attributes.each do |identity_attribute|
|
160
|
+
|
161
|
+
details = identity_attribute.select{|k, v| v == true }.keys.join(", ")
|
162
|
+
|
163
|
+
Markdown.text "| #{identity_attribute['displayName']} | #{identity_attribute['name']} | #{Program.humanize( identity_attribute['searchable'] )} | #{details} |\n"
|
164
|
+
|
165
|
+
end # identity_attributes.each do |identity_attribute|
|
166
|
+
|
167
|
+
end # unless identity_attributes.nil? || identity_attributes.empty?
|
168
|
+
|
169
|
+
else
|
170
|
+
$log.error "\tError: Unable to fetch identity attributes."
|
171
|
+
end # case response
|
172
|
+
|
134
173
|
end
|
135
174
|
|
136
175
|
end
|
@@ -75,24 +75,36 @@ module IdentityProfiles
|
|
75
75
|
|
76
76
|
response = IDNAPI.get( "#{$url}/cc/api/profile/list", $token )
|
77
77
|
|
78
|
-
|
78
|
+
case response
|
79
|
+
when Net::HTTPSuccess
|
79
80
|
|
80
|
-
|
81
|
+
identity_profiles = JSON.parse( response.body )
|
81
82
|
|
82
|
-
$log.info "\tDetected #{
|
83
|
+
$log.info "\tDetected #{identity_profiles.count} identity profiles."
|
83
84
|
|
84
|
-
|
85
|
+
identity_profiles.each do |identity_profile|
|
85
86
|
|
86
|
-
response = IDNAPI.get( "#{$url}/cc/api/profile/get/#{
|
87
|
+
response = IDNAPI.get( "#{$url}/cc/api/profile/get/#{identity_profile["id"]}", $token )
|
87
88
|
|
88
|
-
|
89
|
+
case response
|
90
|
+
when Net::HTTPSuccess
|
89
91
|
|
90
|
-
|
92
|
+
idp_details = JSON.parse( response.body )
|
91
93
|
|
92
|
-
|
94
|
+
$log.info "\tIdentity Profile: #{idp_details["name"]}"
|
95
|
+
|
96
|
+
Program.write_file( "#{directory}/identity-profiles/", "Identity Profile - #{idp_details["name"]}.json", JSON.pretty_generate( idp_details ) )
|
97
|
+
|
98
|
+
else
|
99
|
+
$log.error "\tError: Unable to fetch identity profile details."
|
100
|
+
end # case response
|
101
|
+
|
102
|
+
end # identity_profiles.each do |identity_profile|
|
103
|
+
|
104
|
+
else
|
105
|
+
$log.error "\tError: Unable to fetch identity profiles."
|
106
|
+
end # case response
|
93
107
|
|
94
|
-
end
|
95
|
-
end
|
96
108
|
end
|
97
109
|
|
98
110
|
#
|
@@ -182,24 +194,131 @@ module IdentityProfiles
|
|
182
194
|
# Documents Identity Profile configurations.
|
183
195
|
#
|
184
196
|
def self.doc
|
185
|
-
Markdown.h2( "Identity Profiles" )
|
186
197
|
|
187
198
|
response = IDNAPI.get( "#{$url}/cc/api/profile/list", $token )
|
188
|
-
unless response.nil?
|
189
|
-
identityProfiles = JSON.parse( response.body )
|
190
199
|
|
191
|
-
|
200
|
+
case response
|
201
|
+
when Net::HTTPSuccess
|
202
|
+
|
203
|
+
identity_profiles = JSON.parse( response.body )
|
192
204
|
|
193
|
-
|
205
|
+
Markdown.h2 "Identity Profiles"
|
206
|
+
$log.info "\tDetected #{identity_profiles.count} identity profiles."
|
194
207
|
|
195
|
-
|
208
|
+
identity_profiles.each do |identity_profile|
|
196
209
|
|
197
|
-
|
210
|
+
response = IDNAPI.get( "#{$url}/cc/api/profile/get/#{identity_profile["id"]}", $token )
|
198
211
|
|
199
|
-
|
212
|
+
case response
|
213
|
+
when Net::HTTPSuccess
|
200
214
|
|
201
|
-
|
202
|
-
|
215
|
+
idp_details = JSON.parse( response.body )
|
216
|
+
|
217
|
+
Markdown.h3 "#{idp_details["name"]}"
|
218
|
+
$log.info "\tIdentity Profile: #{idp_details["name"]}"
|
219
|
+
|
220
|
+
Markdown.h4 "Settings"
|
221
|
+
|
222
|
+
Markdown.text " - Account Source: #{idp_details['source']['name']}\n"
|
223
|
+
Markdown.text " - Description: #{idp_details["description"]}\n"
|
224
|
+
Markdown.text " - Priority: #{idp_details["priority"]}\n"
|
225
|
+
Markdown.text " - Needs Update: #{idp_details["dirtyFlag"]}\n"
|
226
|
+
Markdown.text " - Error Message: #{idp_details["authErrorText"]}\n"
|
227
|
+
|
228
|
+
Markdown.h4 "Authentication"
|
229
|
+
|
230
|
+
case idp_details['enablePassthroughAuthn']
|
231
|
+
when "false"
|
232
|
+
Markdown.text " - Authentication: IdentityNow Login\n"
|
233
|
+
when "true"
|
234
|
+
Markdown.text " - Authentication: Pass-through Authentication to Source '#{idp_details['credentialService']['name']}'\n"
|
235
|
+
end
|
236
|
+
|
237
|
+
Markdown.text " - Block Access From: \n"
|
238
|
+
Markdown.text "\t - Off Network: #{idp_details["blockOffNetwork"]}\n"
|
239
|
+
Markdown.text "\t - Untrusted Geographies: #{idp_details["blockUntrustedGeographies"]}\n"
|
240
|
+
|
241
|
+
Markdown.text " - Strong Authentication to Sign In: \n"
|
242
|
+
Markdown.text "\t - All Users: #{idp_details["strongAuthLogin"]}\n"
|
243
|
+
Markdown.text "\t - Off Network: #{idp_details["strongAuthLoginOffNetwork"]}\n"
|
244
|
+
Markdown.text "\t - Untrusted Geographies: #{idp_details["strongAuthLoginUntrustedGeographies"]}\n"
|
245
|
+
|
246
|
+
Markdown.text " - Strong Authentication Methods: \n"
|
247
|
+
Markdown.text "\t - Verification Code to alternate phone: #{idp_details["pwdResetPersonalPhone"]}\n"
|
248
|
+
Markdown.text "\t - Verification Code to work phone: #{idp_details["pwdResetWorkPhone"]}\n"
|
249
|
+
Markdown.text "\t - Verification Code to alternate email: #{idp_details["pwdResetPersonalEmailCode"]}\n"
|
250
|
+
Markdown.text "\t - Verification Code to work email: #{idp_details["pwdResetWorkEmailCode"]}\n"
|
251
|
+
Markdown.text "\t - Verification via security questions: #{idp_details["pwdResetKba"]}\n"
|
252
|
+
Markdown.text "\t - Verification via Duo Integration: #{idp_details["pwdResetDuo"]}\n"
|
253
|
+
Markdown.text "\t - Verification via RSA Integration: #{idp_details["pwdResetRsa"]}\n"
|
254
|
+
Markdown.text "\t - Verification via Symantec VIP Integration: #{idp_details["pwdResetSymantecVip"]}\n"
|
255
|
+
Markdown.text "\t - Verification via SafeNet Integration: #{idp_details["pwdResetSafenet"]}\n"
|
256
|
+
|
257
|
+
Markdown.h4 "Password Reset"
|
258
|
+
|
259
|
+
Markdown.text " - Password Reset and User Unlock Settings: \n"
|
260
|
+
Markdown.text "\t - Enable Two-Factor Authentication: \n"
|
261
|
+
Markdown.text "\t - Mask Phone Numbers: #{idp_details['pwdResetPhoneMask']}\n"
|
262
|
+
|
263
|
+
Markdown.text " - Password Reset and User Unlock Methods: \n"
|
264
|
+
Markdown.text "\t - Verification Code to alternate phone: #{idp_details["strongAuthPersonalPhone"]}\n"
|
265
|
+
Markdown.text "\t - Verification Code to work phone: #{idp_details["strongAuthWorkPhone"]}\n"
|
266
|
+
Markdown.text "\t - Verification Code to alternate email: #{idp_details["strongAuthPersonalEmail"]}\n"
|
267
|
+
Markdown.text "\t - Verification Code to work email: #{idp_details["strongAuthWorkEmail"]}\n"
|
268
|
+
Markdown.text "\t - Verification via security questions: #{idp_details["strongAuthKba"]}\n"
|
269
|
+
Markdown.text "\t - Verification by re-entering password: #{idp_details["strongAuthPassword"]}\n"
|
270
|
+
Markdown.text "\t - Verification via Duo Integration: #{idp_details["strongAuthDuo"]}\n"
|
271
|
+
Markdown.text "\t - Verification via RSA Integration: #{idp_details["strongAuthRsa"]}\n"
|
272
|
+
Markdown.text "\t - Verification via Symantec VIP Integration: #{idp_details["strongAuthSymantecVip"]}\n"
|
273
|
+
Markdown.text "\t - Verification via SafeNet Integration: #{idp_details["strongAuthSafenet"]}\n"
|
274
|
+
|
275
|
+
unless idp_details["attributeConfig"].nil? || idp_details['attributeConfig']['attributeTransforms'].nil? || idp_details['attributeConfig']['attributeTransforms'].empty?
|
276
|
+
|
277
|
+
Markdown.h4 "Attribute Mappings"
|
278
|
+
|
279
|
+
Markdown.text "| Attribute Name | Attribute Value |\n"
|
280
|
+
Markdown.text "|----------------|-----------------|\n"
|
281
|
+
|
282
|
+
idp_details['attributeConfig']['attributeTransforms'].each do |attribute|
|
283
|
+
|
284
|
+
case attribute['type']
|
285
|
+
when "accountAttribute"
|
286
|
+
Markdown.text "| #{attribute['attributeName']} | Attribute '#{attribute['attributes']['attributeName']}' from source '#{attribute['attributes']['sourceName']}' |\n"
|
287
|
+
when "reference"
|
288
|
+
Markdown.text "| #{attribute['attributeName']} | Transform '#{attribute['attributes']['id']}' |\n"
|
289
|
+
else
|
290
|
+
$log.warn "\tWarning: Cannot document identity attribute #{attribute['name']} with type #{attribute['type']}"
|
291
|
+
end
|
292
|
+
|
293
|
+
end # idp_details['attributeConfig']['attributeTransforms'].each do |attribute|
|
294
|
+
|
295
|
+
end #unless idp_details["configuredStates"].nil? || idp_details["configuredStates"].empty?
|
296
|
+
|
297
|
+
unless idp_details["configuredStates"].nil? || idp_details["configuredStates"].empty?
|
298
|
+
|
299
|
+
Markdown.h4 "Lifecycle States"
|
300
|
+
|
301
|
+
Markdown.text "| DisplayName | Technical Name | Enabled? | Identity Count |\n"
|
302
|
+
Markdown.text "|-------------|----------------|----------|----------------|\n"
|
303
|
+
|
304
|
+
idp_details["configuredStates"].each do |lcs|
|
305
|
+
|
306
|
+
Markdown.text "| #{lcs['displayName']} | #{lcs['name']} | #{Program.humanize( lcs['enabled'] )} | #{lcs['identityCount']} |\n"
|
307
|
+
|
308
|
+
end
|
309
|
+
|
310
|
+
end # unless idp_details["configuredStates"].nil? || idp_details["configuredStates"].empty?
|
311
|
+
|
312
|
+
|
313
|
+
else
|
314
|
+
$log.error "\tError: Unable to fetch identity profile details."
|
315
|
+
end # case response
|
316
|
+
|
317
|
+
end # identity_profiles.each do |identity_profile|
|
318
|
+
|
319
|
+
else
|
320
|
+
$log.error "\tError: Unable to fetch identity profiles."
|
321
|
+
end # case response
|
203
322
|
|
204
323
|
Markdown.write
|
205
324
|
end
|
@@ -50,36 +50,50 @@ module LifecycleStates
|
|
50
50
|
# Documents Lifecycle State configurations.
|
51
51
|
#
|
52
52
|
def self.doc
|
53
|
-
Markdown.h2( "Lifecycle States" )
|
54
53
|
|
55
54
|
response = IDNAPI.get( "#{$url}/cc/api/profile/list", $token )
|
56
55
|
|
57
|
-
|
56
|
+
case response
|
57
|
+
when Net::HTTPSuccess
|
58
58
|
|
59
59
|
identity_profiles = JSON.parse( response.body )
|
60
60
|
|
61
|
+
Markdown.h2 "Lifecycle States"
|
62
|
+
|
61
63
|
identity_profiles.each do |identity_profile|
|
62
64
|
|
63
65
|
response = IDNAPI.get( "#{$url}/cc/api/profile/get/#{identity_profile["id"]}", $token )
|
64
66
|
|
65
|
-
|
67
|
+
case response
|
68
|
+
when Net::HTTPSuccess
|
66
69
|
|
67
|
-
JSON.parse( response.body )
|
70
|
+
idp_details = JSON.parse( response.body )
|
68
71
|
|
69
|
-
|
72
|
+
unless idp_details["configuredStates"].nil? || idp_details["configuredStates"].empty?
|
70
73
|
|
71
|
-
|
74
|
+
Markdown.h3 "#{idp_details["name"]} Lifecycle States"
|
75
|
+
|
76
|
+
Markdown.text "| DisplayName | Technical Name | Enabled? | Identity Count |\n"
|
77
|
+
Markdown.text "|-------------|----------------|----------|----------------|\n"
|
78
|
+
|
79
|
+
idp_details["configuredStates"].each do |lcs|
|
80
|
+
|
81
|
+
Markdown.text "| #{lcs['displayName']} | #{lcs['name']} | #{Program.humanize( lcs['enabled'] )} | #{lcs['identityCount']} |\n"
|
82
|
+
|
83
|
+
end # idp_details["configuredStates"].each do |lcs|
|
84
|
+
|
85
|
+
end # unless idp_details["configuredStates"].nil? || idp_details["configuredStates"].empty?
|
86
|
+
|
87
|
+
else
|
88
|
+
$log.error "\tError: Unable to fetch identity profile details."
|
89
|
+
end # case response
|
90
|
+
|
91
|
+
end # identity_profiles.each do |identity_profile|
|
92
|
+
|
93
|
+
else
|
94
|
+
$log.error "\tError: Unable to fetch identity profile details."
|
95
|
+
end # case response
|
72
96
|
|
73
|
-
$log.info "\tLifecycle State: #{identity_profile["name"]} - #{lifecycle_state["displayName"]}"
|
74
|
-
Markdown.h3( "#{identity_profile["name"]} - #{lifecycle_state["name"]}" )
|
75
|
-
Markdown.text( "- **Display Name** - #{lifecycle_state["displayName"]}\n" )
|
76
|
-
Markdown.text( "- **Name** - #{lifecycle_state["name"]}\n" )
|
77
|
-
Markdown.text( "- **Enabled** - #{lifecycle_state["enabled"]}\n" )
|
78
|
-
Markdown.text( "- **Description** - #{lifecycle_state["description"]}\n" )
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
97
|
Markdown.write
|
84
98
|
end
|
85
99
|
|
@@ -13,7 +13,7 @@ module PublicIdentitiesConfig
|
|
13
13
|
def self.export( directory )
|
14
14
|
|
15
15
|
response = IDNAPI.get( "#{$url}/beta/public-identities-config/", $token )
|
16
|
-
|
16
|
+
|
17
17
|
case response
|
18
18
|
when Net::HTTPSuccess
|
19
19
|
$log.info "\tRetreived configuration."
|
@@ -65,8 +65,15 @@ module PublicIdentitiesConfig
|
|
65
65
|
config = JSON.parse( response.body )
|
66
66
|
|
67
67
|
Markdown.text "Attributes:\n"
|
68
|
-
|
69
|
-
|
68
|
+
|
69
|
+
unless config['attributes'].empty?
|
70
|
+
|
71
|
+
config['attributes'].each do |attribute|
|
72
|
+
Markdown.text "- #{attribute['name']}\n"
|
73
|
+
end
|
74
|
+
|
75
|
+
else
|
76
|
+
Markdown.text "Note: There are no attributes configured.\n"
|
70
77
|
end
|
71
78
|
|
72
79
|
else
|
@@ -41,7 +41,7 @@ module SystemSettings
|
|
41
41
|
def self.export( directory )
|
42
42
|
|
43
43
|
response = IDNAPI.get( "#{$url}/cc/api/org/get", $token )
|
44
|
-
|
44
|
+
|
45
45
|
case response
|
46
46
|
when Net::HTTPSuccess
|
47
47
|
$log.info "\tRetreived configuration."
|
@@ -105,30 +105,40 @@ module SystemSettings
|
|
105
105
|
|
106
106
|
Markdown.h2 "System Settings"
|
107
107
|
|
108
|
-
Markdown.h3 "
|
108
|
+
Markdown.h3 "View Configurations"
|
109
109
|
|
110
|
-
Markdown.text " -
|
111
|
-
Markdown.text " -
|
112
|
-
Markdown.text " -
|
110
|
+
Markdown.text " - Usage Agreement Required: #{Program.humanize( config['usageCertRequired'] )}\n"
|
111
|
+
Markdown.text " - Username Label: #{config['usernameLabel']}\n"
|
112
|
+
Markdown.text " - Username Validation: #{config['usernameEmptyText']}\n"
|
113
113
|
|
114
114
|
Markdown.h3 "Network Settings"
|
115
115
|
|
116
|
-
Markdown.text " -
|
117
|
-
Markdown.text " -
|
118
|
-
Markdown.text " -
|
116
|
+
Markdown.text " - Netmasks : #{config['netmasks']}\n"
|
117
|
+
Markdown.text " - Country Whitelist : #{config['whiteList']}\n"
|
118
|
+
Markdown.text " - Country Codes : #{config['countryCodes']}\n"
|
119
119
|
|
120
120
|
Markdown.h3 "System Features"
|
121
121
|
|
122
|
-
|
122
|
+
config['features'].each do |feature|
|
123
|
+
case feature
|
124
|
+
when "ACCESS_REQUEST"
|
125
|
+
Markdown.text " - Access Request\n"
|
126
|
+
when "PASSWORD_MANAGEMENT"
|
127
|
+
Markdown.text " - Password Management\n"
|
128
|
+
when "PROVISIONING"
|
129
|
+
Markdown.text " - Provisioning\n"
|
130
|
+
when "CERTIFICATION"
|
131
|
+
Markdown.text " - Certification\n"
|
132
|
+
when "SOD"
|
133
|
+
Markdown.text " - Separation of Duties\n"
|
134
|
+
end
|
135
|
+
end
|
123
136
|
|
124
137
|
Markdown.h3 "Notifications"
|
125
138
|
|
126
139
|
Markdown.text " - Email 'from' Address: #{config['emailFromAddress']}\n"
|
127
|
-
|
128
|
-
Markdown.text " -
|
129
|
-
|
130
|
-
|
131
|
-
Markdown.text " - XXX : #{config['emailTestAddress']}\n"
|
140
|
+
Markdown.text " - Email Test Mode Enabled: #{config['emailTestMode']}\n"
|
141
|
+
Markdown.text " - Email Test Address : #{config['emailTestAddress']}\n"
|
132
142
|
|
133
143
|
Markdown.h3 "Security Settings"
|
134
144
|
|
@@ -140,11 +150,11 @@ module SystemSettings
|
|
140
150
|
|
141
151
|
### Minutes until attempt count resets
|
142
152
|
|
143
|
-
Markdown.text " -
|
153
|
+
Markdown.text " - Lockout Attempt Threshold : #{config['lockoutAttemptThreshold']}\n"
|
144
154
|
|
145
155
|
### Minutes until user locked out
|
146
156
|
|
147
|
-
Markdown.text " -
|
157
|
+
Markdown.text " - Lockout Time (minutes) : #{config['lockoutTimeMinutes']}\n"
|
148
158
|
|
149
159
|
## Password Reset Lockout Settings
|
150
160
|
|
@@ -162,18 +172,10 @@ module SystemSettings
|
|
162
172
|
|
163
173
|
### X hours
|
164
174
|
|
165
|
-
Markdown.text " -
|
166
|
-
Markdown.text " -
|
167
|
-
Markdown.text " -
|
168
|
-
|
169
|
-
Markdown.text " - KBA Attributes Required for Authentication: #{config['kbaReqForAuthn']}\n"
|
170
|
-
|
171
|
-
#
|
172
|
-
#
|
173
|
-
# Markdown.text "Attributes:\n"
|
174
|
-
# config['attributes'].each do |attribute|
|
175
|
-
# Markdown.text "- #{attribute['name']}\n"
|
176
|
-
# end
|
175
|
+
Markdown.text " - iFrame Whitelist: #{config['iframeWhitelist']}\n"
|
176
|
+
Markdown.text " - Security Questions\n"
|
177
|
+
Markdown.text "\t - Required Answers: #{config['kbaReqAnswers']}\n"
|
178
|
+
Markdown.text "\t - Required for Authentication: #{config['kbaReqForAuthn']}\n"
|
177
179
|
|
178
180
|
else
|
179
181
|
$log.error "\tUnable to retreive configuration."
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: idnio
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.3b
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- neil-mcglennon-sp
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
31
31
|
80azxZfuZm4FunGL6GShaDghT24HpxRCz7dpM7TZP9MiQ1D0W2bp0ir6uo8cxGlU
|
32
32
|
QQ63knon4BERaw==
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date: 2019-11-
|
34
|
+
date: 2019-11-12 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: bundler
|
metadata.gz.sig
CHANGED
Binary file
|