Hi All,
I cannot use the service center user provider module because our service center users are managed by SSO (setup in lifetime), so I cannot use this to login to app, I can do most things by changing the 'User provider module' to Users, but I cannot drop tables or entities, looks like some security embedded inside the extension on the GET action.Are there any known workarounds?
Hello André,
Do you mean that you have an external IdP configured in LifeTime?
I have no experience with this scenario, but I was not expecting using an IdP for LifeTime to prevent you from login into applications that use Service Center as the User Provider, as the IdP will be used by the platform only to authenticate the dev user, not even to do auto-provisioning (you still have to create the users manually in the LifeTime).
If you try to log in into DB Cleaner with your developer user, what happens?
But I am 99% sure changing the user provider to Users will not allow you to perform any operations that change the structure of the database (like dropping tables and columns).
Cheers!EDIT:According to Miguel Antunes here, the permissions are inherited from Service Center, and the user must have FULL ADMIN permissions over the environment. So, maybe it's not a problem with the IdP, but instead, a problem your user does not have the right permissions?
Hi Eduardo,Do you know what permissions are needed? Is it a role the user needs access to (that can be given in the users module)? Regarding IdP/SSO, I found a workaround... to login in service centre first and then try and access the application screens, trying to login from the app login screen does not work because it does not call the necessary IdP flows. So I have now found a way to access what I need but answering this might be helpful to others in the future.
Hi,
Indeed, if you are logged in in Service Center, it will work. Even without an IDP in LifeTime, it works the same way.
About the permissions, I am not completely sure, but as the user provider is Service Center, adding roles in the Users application will have no effect, as those users will not be used.
But by "FULL ADMIN" permissions, I understand that probably it requires something like the default Administrator role in LifeTime.
Cheers!