Firely Auth User Management
When using the SQL Server user store, you can manage the users therein with a command line utility called the ‘Firely Auth Management app’. This can be used both interactively from the commandline and automated from a script or devops pipeline.
Executable
Please contact us if you would like to receive the executable, either via mail at server@fire.ly or via the Support Desk in Jira. You can invoke the executable with:
./Firely.IdentityServer.ManagementApp.exe
Commands and parameters
For brevity here is a full list of the available commands and their parameters.
The parameter –connectionString or -cs is used multiple times. Use the same connectionstring as in SQL Server user store.
You can set the connectionstring in an environment variable FIRELY_IDENTITY_SERVER_USERS_CONNECTION_STRING
so it doesn’t need repeating.
The parameter –passwordHashIterations or -hi is also used multiple times. Use the same passwordHashIterations as in Firely Auth Settings.
You can set the passwordHashIterations in an environment variable FIRELY_IDENTITY_SERVER_USERS_PASSWORD_HASH_ITERATIONS
so it doesn’t need repeating.
./Firely.IdentityServer.ManagementApp.exe`
-?, -h, --help
: Show available commandsusers
: invoke user managementlist
: list all users-cs, --connectionString
-hi, --passwordHashIterations
create
: create a new user, specifying username and password-u, --username
: username-p, --password
: password - enclose in double quotes if it contains spaces.-cl`, --claim <name=value> [<name=value> ...]
: list of additional claims for this user, see ‘AdditionalClaims’ under User store-cs, --connectionString
-hi, --passwordHashIterations
delete
: delete a user so the user no longer has access-u, --username
: username-cs, --connectionString
-hi, --passwordHashIterations
Password requirements
The password for a new user must conform to all of these requirements:
at least 6 characters length
at least 1 lowercase character (a - z)
at least 1 non-alphanumeric characters
at least 1 uppercase character (A - Z)
Examples
For all examples you need to provide a connectionString. It is easiest to set this upfront in an environment variable:
$env:FIRELY_IDENTITY_SERVER_USERS_CONNECTION_STRING = "Server=localhost,1433;MultipleActiveResultSets=true;Database=firely_auth_store;User Id=<db_user>;Password=<db_user_password>;Encrypt=True"
List the users in the database
./Firely.IdentityServer.ManagementApp.exe users list
Create a new user in the database
./Firely.IdentityServer.ManagementApp.exe users create -u bob -p 1P@ssword -c patient=Patient/bob
Try to issue the same command again to see that a user with the same name is rejected.
Delete a user from the database
./Firely.IdentityServer.ManagementApp.exe users delete -u bob
Change a user’s password
There is no function to change a user’s password directly. Instead delete the user and recreate it with the new password and any claims.
Creating password-less users in the UI for SSO
For SSO implementations you need password-less users in order to authenticate with a remote service. These can be created with a few extra steps in the UI of Firely Auth.
First, it is necessary to log into Firely Auth as an administrator. For this, you can log in with the user FA_ADMIN
and a password that you can configure in several ways.
The password can be set with the environment variable
FIRELY_AUTH_ADMIN_PASSWORD
It can be specified in the appsettings:
"ADMIN_PASSWORD": "<admin password>",
It is also possible to set the admin password in the commandline during startup of Firely Auth:
dotnet Firely.Auth.Core.dll --ADMIN_PASSWORD=<admin password>
Next, you can navigate to the admin portal and create a password-less user there: