Using GMU To Change A User's Password

Document ID : KB000010929
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

Some clients have been inquiring if there is any automated way to update an

internal identity provider user's password instead of having to do it through

the policy manager.  You can make use of the gateway migration utility

to accomplish this.

Instructions:

You can run a command such as the following to obtain a list of all users and

obtain the desired user id:

 

gatewaymigrationutility.bat restman -z Myargs.args --unwrapItem -method GET --path 1.0/users

 

You can expect output similar to the following:

 

Running.....

Status: 200 OK

Server: Apache-Coyote/1.1

Content-Length: 5373

Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<l7:List xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">

    <l7:Name>USER List</l7:Name>

    <l7:Type>List</l7:Type>

    <l7:TimeStamp>2017-10-06T09:37:24.675-04:00</l7:TimeStamp>

    <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/users"/>

    <l7:Link rel="template" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000ffff

fffffffffffe/users/template"/>

    <l7:Item>

        <l7:Name>JohnSmith</l7:Name>

        <l7:Id>60a61a0e4a64a691d361ed5264bcea34</l7:Id>

        <l7:Type>USER</l7:Type>

        <l7:TimeStamp>2017-10-06T09:37:24.672-04:00</l7:TimeStamp>

        <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000ffff

fffffffffffe/users/60a61a0e4a64a691d361ed5264bcea34"/>

        <l7:Resource>

            <l7:User providerId="0000000000000000fffffffffffffffe" id="60a61a0e4a64a691d361ed5264bcea34">

                <l7:Login>JohnSmith</l7:Login>

                <l7:FirstName></l7:FirstName>

                <l7:LastName></l7:LastName>

                <l7:Email></l7:Email>

                <l7:Properties>

                    <l7:Property key="accountExpiration">

                        <l7:LongValue>-1</l7:LongValue>

                    </l7:Property>

                    <l7:Property key="enabled">

                        <l7:BooleanValue>true</l7:BooleanValue>

                    </l7:Property>

                    <l7:Property key="name">

                        <l7:StringValue>JohnSmith</l7:StringValue>

                    </l7:Property>

                </l7:Properties>

            </l7:User>

        </l7:Resource>

    </l7:Item>

    <l7:Item>

        <l7:Name>l7apiportal</l7:Name>

        <l7:Id>4aa0fff5b13e671eb0733fd8acc08c2e</l7:Id>

        <l7:Type>USER</l7:Type>

        <l7:TimeStamp>2017-10-06T09:37:24.675-04:00</l7:TimeStamp>

        <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000ffff

fffffffffffe/users/4aa0fff5b13e671eb0733fd8acc08c2e"/>

        <l7:Resource>

            <l7:User providerId="0000000000000000fffffffffffffffe" id="4aa0fff5b13e671eb0733fd8acc08c2e">

                <l7:Login>l7apiportal</l7:Login>

                <l7:Properties>

                    <l7:Property key="accountExpiration">

                        <l7:LongValue>-1</l7:LongValue>

                    </l7:Property>

                    <l7:Property key="enabled">

                        <l7:BooleanValue>true</l7:BooleanValue>

                    </l7:Property>

                    <l7:Property key="name">

                        <l7:StringValue>l7apiportal</l7:StringValue>

                    </l7:Property>

                </l7:Properties>

            </l7:User>

        </l7:Resource>

    </l7:Item>

    <l7:Item>

        <l7:Name>admin</l7:Name>

        <l7:Id>00000000000000000000000000000003</l7:Id>

        <l7:Type>USER</l7:Type>

        <l7:TimeStamp>2017-10-06T09:37:24.675-04:00</l7:TimeStamp>

        <l7:Link rel="self" uri="https://GatewayHostName:8443/restman/1.0/identityProviders/0000000000000000ffff

fffffffffffe/users/00000000000000000000000000000003"/>

        <l7:Resource>

            <l7:User providerId="0000000000000000fffffffffffffffe" id="00000000000000000000000000000003">

                <l7:Login>admin</l7:Login>

                <l7:FirstName></l7:FirstName>

                <l7:LastName></l7:LastName>

                <l7:Email></l7:Email>

                <l7:Properties>

                    <l7:Property key="accountExpiration">

                        <l7:LongValue>-1</l7:LongValue>

                    </l7:Property>

                    <l7:Property key="enabled">

                        <l7:BooleanValue>true</l7:BooleanValue>

                    </l7:Property>

                    <l7:Property key="name">

                        <l7:StringValue>admin</l7:StringValue>

                    </l7:Property>

                </l7:Properties>

            </l7:User>

        </l7:Resource>

    </l7:Item>

</l7:List>

 

 

You can then obtain the user id from the above output, in this case

we are going to update the password for the user 'JohnSmith'.

 

We created a NewPassword.xml file which contained the updated password

for our user 'JohnSmith'.

 

We could then execute a command such as the following to update that user's password:

 

gatewaymigrationutility.bat restman -z Myargs.args --unwrapItem -method PUT --path 1.0/users/60a61a0e4a64a691d361ed5264bcea34/password --request NewPassword.xml

 

We will get a 200 return code from the gmu command along with information pertaining to the user in question which we just updated upon successful completion such as the following:

 

Running......

Status: 200 OK

Server: Apache-Coyote/1.1

Content-Length: 1891

Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<l7:User xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management" id="60a61a0e4a64a691d361ed5264bcea34" providerId="00

00000000000000fffffffffffffffe">

    <l7:Login>JohnSmith</l7:Login>

    <l7:FirstName/>

    <l7:LastName/>

    <l7:Email/>

    <l7:Properties>

        <l7:Property key="accountExpiration">

            <l7:LongValue>-1</l7:LongValue>

        </l7:Property>

        <l7:Property key="enabled">

            <l7:BooleanValue>true</l7:BooleanValue>

        </l7:Property>

        <l7:Property key="name">

            <l7:StringValue>JohnSmith</l7:StringValue>

        </l7:Property>

    </l7:Properties>

</l7:User>

 

 

We should then attempt to login to policy manager with the updated password

for the user in question and it should be successful.