• State Verified Answer
  • Replies 2 replies
  • Subscribers 94 subscribers
  • Views 190 views
  • Users 0 members are here
Options
Related

Lost bookmarks after change of authentication method

andreas2 mueller
1 month ago

We are using version 9.2 of Identity Manager and still using the Web Designer Web Frontend. We are currently migrating from NTLM AD Authentication to OpenID, this works flawlessly, but the users will loose all bookmarks they have created with the old login.

Is there any chance to copy them over or just leave them active? It the same user/identity that is connected, so where are these bookmarks saved?

Thanks in advance

Parents
  • 0 1 month ago

    I found the table DialogUserConfiguration which hold these informations for all users and its based on the UID_QBMXUser, where for each login name there is an own entry. So I actually have to copy the configuration from the existing user to the new one, whenever a new one is created. Any idea to archive this?

  • 0 1 month ago in reply to andreas2 mueller

    Interesting question, I did not find anyhing about this on the forum or documentation.

    If unique QBMXUser entries are created per Person per authetication method: Identity, AD(NTML/Kerberos), OAuth
    and each authetication method has a different Ident_QBMXUser: accountname convention
    Identity = jdoe01 (CentralAccount)
    AD = domain\jdoe01
    OAuth = john.doe@company.com

    Then one option to transistion from ntlm to OAuth would be to change Ident_QBMXUser@QBMXUser
    so from 'domain\jdoe01' into 'john.doe@company.com'

    The DialogUserConfiguration would than be picked up by the new authentication method.
    Be carefull that you do not create duplicate Ident_QBMXUser entries.

    Since you already have entries in the QBMXUser and DialogUserConfiguration for the new authentication method.
    You will need to delete all the QBMXUser and DialogUserConfiguration created by new authentication method
    that have no DialogUserConfiguration entry or where the ConfigurationData@DialogUserConfiguration is empty.
    And than change the Ident_QBMXUser@QBMXUser in bulk with something like this: (just an example change and test first)

    --UPDATE QBMXUser
--SET QBMXUser.Ident_QBMXUser = Person.DefaultEmailAddress
SELECT *
FROM QBMXUser
INNER JOIN Person ON 'contoso\' + Person.Centralaccount = QBMXUser.Ident_QBMXUser
INNER JOIN DialogUserConfiguration ON DialogUserConfiguration.UID_QBMXUser = QBMXUser.UID_QBMXUser
AND DialogUserConfiguration.ConfigurationData IS NOT NULL
AND UID_DialogProduct = 'QBM-622BB2900FC2A11B3BFB908847869C46'
WHERE Person.DefaultEmailAddress NOT IN (
SELECT Ident_QBMXUser
FROM QBMXUser
)

    I would call support to verify this before deleting/changing QBMXUser and DialogUserConfiguration entries.
    Tech support wil probably have a script/procedure for this.
    Or wait on a reply from Markus ;-)

Reply
  • 0 1 month ago in reply to andreas2 mueller

    Interesting question, I did not find anyhing about this on the forum or documentation.

    If unique QBMXUser entries are created per Person per authetication method: Identity, AD(NTML/Kerberos), OAuth
    and each authetication method has a different Ident_QBMXUser: accountname convention
    Identity = jdoe01 (CentralAccount)
    AD = domain\jdoe01
    OAuth = john.doe@company.com

    Then one option to transistion from ntlm to OAuth would be to change Ident_QBMXUser@QBMXUser
    so from 'domain\jdoe01' into 'john.doe@company.com'

    The DialogUserConfiguration would than be picked up by the new authentication method.
    Be carefull that you do not create duplicate Ident_QBMXUser entries.

    Since you already have entries in the QBMXUser and DialogUserConfiguration for the new authentication method.
    You will need to delete all the QBMXUser and DialogUserConfiguration created by new authentication method
    that have no DialogUserConfiguration entry or where the ConfigurationData@DialogUserConfiguration is empty.
    And than change the Ident_QBMXUser@QBMXUser in bulk with something like this: (just an example change and test first)

    --UPDATE QBMXUser
--SET QBMXUser.Ident_QBMXUser = Person.DefaultEmailAddress
SELECT *
FROM QBMXUser
INNER JOIN Person ON 'contoso\' + Person.Centralaccount = QBMXUser.Ident_QBMXUser
INNER JOIN DialogUserConfiguration ON DialogUserConfiguration.UID_QBMXUser = QBMXUser.UID_QBMXUser
AND DialogUserConfiguration.ConfigurationData IS NOT NULL
AND UID_DialogProduct = 'QBM-622BB2900FC2A11B3BFB908847869C46'
WHERE Person.DefaultEmailAddress NOT IN (
SELECT Ident_QBMXUser
FROM QBMXUser
)

    I would call support to verify this before deleting/changing QBMXUser and DialogUserConfiguration entries.
    Tech support wil probably have a script/procedure for this.
    Or wait on a reply from Markus ;-)

Children
No Data