Versions Compared

Version Old Version 5 New Version 6
Changes made by

Matija Lukic (Deactivated)

Matija Lukic (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The command-line interface is a automation-friendly executable that orchestrates obtaining access tokens. Furthermore, it provides a number of execution options to improve the locality of change, and reduce efforts to call CXO user sync API.

Command-line interface

The command-line interface (or CLI) provides the functionality of synchronizing the users of one or many CXO Applications with an external repository.

...

Parameter

Short
hand

Description

--cxoUrl

N/A

URL of CXO

--idpUrl

N/A

URL of the CXO identity provider.

--clientId

-c

Identity provider - client Id. See the Security section on how to obtain this value.

--privateKey

-p

Identity provider - client private key. See the Security section on how to obtain this value.

--input

-i

Path of the input file. See the Inputs section.

--applicationsFile

-a

The file path to a list of applications to synchronize.

--masterDatabaseConnectionString

-m

Connection string of the master database. Using this option all applications (from given master database) will be synchronized.

If this option is set, (-a --applicationsFile) option should not be set.

--filterApplications

-f

A comma-separated list of application
names. You may use this option when (-m,
--masterDatabaseConnectionString) is
set to filter the applications to synchronize.

--maxParallelism

-P

Default(1) . Represents the max number of applications to synchronize in parallel. This value should be at most equal to the amount of CXO instances available.

--init

N/A

Initializes the input file and applicationsFile with an example text at the path specified to each parameter.

Security

In order for CXO to process the User synchronization request, the CLI to be authenticated by the CXO Identity Provider (IDP). This is done by associating the CLI with a certain type of IDP client.

You need to register a User synchronization client in CXO IDP. This is done by opening the Identity Provider configuration > New Client, and then creating a client with User synchronization client type

...

The value of the Client Id should be passed to the CLI with (--clientId, -c) option.

When saving you will obtain a private key that the CLI uses to sign messages it sends to the identity provider.

...

This key is what needs to be passed to the CLI with (--privateKey, -p) option.

If you call the following from the command line
./CXO.User.Synchronization.Client.CLI.exe -p "<your-private-key>" -c "<your-client-id>"
you would see that privateKey and clientId are no longer listed as missing required parameters

Inputs

CLI requires the list of users with their corresponding user groups to be supplied as a json file. This input is mandatory, so no passing this file will result in an error. As for the file content, for each user, the following can be specified:

...

To see the structure of these json files, run the CLI in the init mode using --init option

./CXO.User.Synchronization.Client.CLI.exe -p "<your-private-key>" -c "<your-client-id>" --init -a "./applications.json" -i "./input.json"

Running this code snippet will result in two files applications.json and input.json created and initialized with examples.

Security

In order for CXO to process the User synchronization request, the CLI to be authenticated by the CXO Identity Provider (IDP). This is done by associating the CLI with a certain type of IDP client.

You need to register a User synchronization client in CXO IDP. This is done by opening the Identity Provider configuration > New Client, and then creating a client with User synchronization client type

...

The value of the Client Id should be passed to the CLI with (--clientId, -c) option.

When saving you will obtain a private key that the CLI uses to sign messages it sends to the identity provider.

...

This key is what needs to be passed to the CLI with (--privateKey, -p) option.

Putting it all together (example: Powershell)

If you are calling the CLI from a Powershell script, The end result is that you will be calling the CLI something like this (example in Powershell):

Code Block
languagepowershell
$clientId = 'TestUserSynchronization'
$clientSecret = 'MIIEp....<the rest of your private key>'
$cxoUrl = 'https://cxo-dev-t03.cxo-dev.local'
$idpUrl = 'https://cxo-dev-t03.cxo-dev.local/idp'
$applicationFile = '.\applications.json'
$inputFile = '.\input.json'
$exe = './CXO.User.Synchronization.Client.CLI.exe'
& $exe "--cxoUrl" $cxoUrl "--idpUrl" $idpUrl "-c" $clientId "-p" $clientSecret "-i" $inputFile "-a" $applicationFile | Write-Host

This call code-snippet would will automatically synchronize the applications and users from the two input json files.