Creating VPN Only users and IBMid restrictions

0
votes

After the introduction of IBMid authentication by SoftLayer, we have confusion about how to manage users with VPN Only status (userStatusID = 1022)

The API service being used to create Customer Portal users is http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer/createObject but noticed a new one named http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_OpenIdConnect/createObject

So wondering if SoftLayer_User_Customer_OpenIdConnect is replacing to SoftLayer_User_Customer or if one is for "Legacy" SoftLayer accounts still using the Customer Portal username+password schema vs IBMid authentication for new accounts.

Some testings using python shown that SoftLayer_User_Customer still works and that username needs to be specified as [email protected] in the API call as well as a password for the VPN user (even when documentation stated that 'Note, both password parameters are not used anymore')

...
def create_user(username,password,vpnPassword):
    userinfo = {
        'username': username,
        'firstName': 'FIRSTNAME',
        'lastName': 'USERNAME',
        'email': '[email protected]',
        'companyName': 'MyCompanyName',
        'address1': 'MyAddress1',
        'city': 'MyCity',
        'country': 'MyCountry',
        'postalCode': 'MyPostalCode',
        'userStatusId': 1022,
        'timezoneId': 117
    }
    created_user = client['SoftLayer_User_Customer'].createObject(
        userinfo,
        password,
        vpnPassword)
    return created_user
...
newUsername = '[email protected]'
vpn_password = '@VPN_4_pwd'
...
new_user = create_user(newUsername,password,vpn_password)
...

Looking if someone can provide clarification about what service to use and the correct way to create a VPN Only user now with IBMid use.

Thanks

2
ibm-cloud-infrastructure

2 Answers

0
votes

Your method is fine for creating the user. Since both of the password parameters are now ignored upon creation, you must call updateVpnPassword after the user is created to set the VPN password.

I believe you must also set the sslVpnAllowedFlag attribute for the user and enable the SSL_VPN_ENABLED permission.

Your flow would be something like this:

  1. Create User
  2. Add SSL_VPN_ENABLED permission (addPortalPermission)
  3. Enable sslVpnAllowedFlag for user (editObject)
  4. Set VPN password (updateVpnPassword)
0
votes

The SoftLayer_User_Customer::createObject method works for legacy users and SoftLayer_User_Customer_OpenIdConnect::createObject method is for blueId users. Currently, there is not problems to use anyone of this services, but there are some methods restricted for each kind of user (legacy/blueId)

if you want to set vpn access for user, first you need to create the user and then you need to edit the flags for that, you can try the following script, in order to do this task in one run

"""
This script creates a VPN user

Important manual pages:
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_OpenIdConnect/createObject
http://sldn.softlayer.com/reference/services/SoftLayer_User_Customer_OpenIdConnect/editUser

License: http://sldn.softlayer.com/article/License
Author: SoftLayer Technologies, Inc. <[email protected]>
"""
import SoftLayer

# Your SoftLayer API username. and apiKey
USERNAME = 'set me'
API_KEY = 'set me'

# template for user
templateObject = {'address1': 'test',
                  'city': 'Tokyo',
                  'companyName': 'testCompany',
                  'country': 'JP',
                  'email': '[email protected]',
                  'firstName': 'user',
                  'lastName': 'test',
                  'postalCode': '114-123',
                  'timezoneId': 158,
                  'userStatusId': 1022,
                  'username': 'testrcv123'}

editTemplate = {'sslVpnAllowedFlag': 'true',
                  'pptpVpnAllowedFlag': 'true'}
# set password and vpn password
password = 'Password123*-'
vpnPassword = 'Password123*-'

# Declare the API client
client = SoftLayer.Client(username=USERNAME, api_key=API_KEY)
customerService = client['SoftLayer_User_Customer_OpenIdConnect']

try:
    user = customerService.createObject(templateObject, password, vpnPassword)
    print(user)
    editUser = customerService.editObject(editTemplate, id=user['id'])
    print("User edited?: %s" % editUser)
except SoftLayer.SoftLayerAPIError as e:
    print("Error faultCode=%s, faultString=%s" % (e.faultCode, e.faultString))