cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2293
Views
0
Helpful
8
Replies

User alias beyond 4

Matt Wilks
Level 1
Level 1

The admin API documentation indicates that you can set aliases on the user account:

It references alias1…4, however the number of aliases was recently increased to 8. Am I correct in assuming that we can now send alias5…8 and set the remaining four aliases as well?

8 Replies 8

DuoKristina
Cisco Employee
Cisco Employee

Yes, they are just in a different parameter now.

The individual parameters alias1 to alias4 are still included for backward-compatibility.

The new parameter that lets you set all aliases 1 through 8 is aliases.

From The Create Users section of the Admin API doc:

Username aliases for the user. Up to eight aliases may be specified with this parameter as a set of URL-encoded key-value pairs e.g. alias1=joe.smith&alias2=jsmith@example.com . Ignores alias position values not specified.

So in your POST you could include something like this to add aliases beyond the four you have set already…
aliases=alias5=something&alias6=somethingelse

Duo, not DUO.

Trying to use this old thread. The current documentation is confusing as it does not provide any example of how to do things. I am trying to add aliases to modify user as per @DuoKristina 's suggestion by url encoding and appending it to the url like below

 

/admin/v1/users/DWZVIO5GPD4?aliases%3Dalias5%3Dalias59

 

This throws Invalid signature in request credentials error. If we add aliases to parameters without adding in url, it throws invalid parameter aliases  error.

If we send url as below, it is executed without any issue but does not allow to set aliases.

 

/admin/v1/users/DWZVIO5GPD4

 

What am I missing here ? According to document guide Up to eight aliases may be specified with this parameter as a set of URL-encoded key-value pairs which we are trying to do but are not successful. Any guidance is greatly appreciated.

There are instructions for using the API here, with example.

How are you trying to use our API? Are you using one of our API clients off the duosecurity GitHub, or Postman, or curl, or ... ?

This is what the post looks like when I try it in Postman (with a pre-request script in place that performs the HMAC authentication on each request - there is an example script in this post).

DuoKristina_0-1695320333844.png

And it set the value of `alias7` as I wanted:

DuoKristina_1-1695320553996.png

Here's I'm using duo_client_python to do a GET on the user by `user_id` and can see the user only has `alias7` set:

kristina@ duo_client % python -m duo_client.client --ikey $IKEY --skey $SKEY --host $HOST --path /admin/v1/users/DU3FGI7H8nnn --method GET
200 OK
{
"response": {
"alias1": null,
"alias2": null,
"alias3": null,
"alias4": null,
"aliases": {
"alias7": "alias7"
},
"created": 1642708619,
...


Then using duo_client_python to add a value for `alias8`:

kristina@ duo_client % python -m duo_client.client --ikey $IKEY --skey $SKEY --host $HOST --path /admin/v1/users/DU3FGI7H8nnn aliases=alias8=alias8 --method POST

200 OK
{
"response": {
"alias1": null,
"alias2": null,
"alias3": null,
"alias4": null,
"aliases": {
"alias7": "alias7",
"alias8": "alias8"
},
"created": 1642708619,
...

 

Duo, not DUO.

Thanks for the reply. 

I am using API from our java code. The thing is, it works fine if I do not add aliases but gives Invalid signature in request credentials when I add aliases. I had tried using the link that you have provided to set up postman but was not successful and did not follow up much on it.  This is the url I am hitting using my code

 

https://api.duosecurity.com/admin/v1/users/DURWEIR4XXZVIO5GPD4?aliases%3Dalias5%3Dalias57%26alias6%3Dalias6%26alias4%3Dtarun4

 

 

DuoKristina
Cisco Employee
Cisco Employee

Have you tried _our_ Java API client? It takes care of the encoding and authentication for you: https://github.com/duosecurity/duo_client_python

Duo, not DUO.

Thank you @DuoKristina for your replies. It looks like the link is of python client. We have included all encoding in our java code. Our requirement is not to connector using client but through our code which works perfectly fine when done without alias in url. 

DuoKristina
Cisco Employee
Cisco Employee

Sorry, I meant to link to https://github.com/duosecurity/duo_client_java.

It might help to compare your Java code to our Java client and examples, particularly around creating the request with params and authorization/encoding.

Duo, not DUO.

Thanks @DuoKristina . Let me check this once.

Quick Links