Wednesday, September 18, 2019

More on JumpCloud and with API examples

Integration into a cloud IAM-aaS  from OneLogin and JumpCloud is easy and fun here's some more working  examples for JumpCloud.

In jumpcloud we need to create a api-key , this api key will be  call up the correct api-version.

A api key looks similar to the following this 2a8a2f959020db33d068b79d78b05463b0ddb755

You can create for each administrator by click his name and generating a key;



We can pass json formatted data to JumpCloud API



{
"username":"jdoe",
"email":"jdoe@example.com",
"firstname":"juan",
"lastname":"doe",
        "password":"text1234"
}






A system entry for creating user is structured like the following ;


curl -H "x-api-key: c3f8dd2695e3eecb5c486d438b5113c721683c3c"  --data-binary  "@/JumpcloudCreate" -H "Content-Type: application/json" -H "Accept: application/json"  "https://console.jumpcloud.com/api/systemusers"


or



 curl -X POST  -H "x-api-key: c3f8dd2695e3eecb5c486d438b5113c721683c3c"  -d '{  "email":"jode@null.com","firstname":"jode","lastname":"last","username":"user1" }'      
  -H "Content-Type: application/json"  "https://console.jumpcloud.com/api/systemusers"





if you try to recreate the same user you will get a friendly error

curl -X POST  -H "x-api-key: c3f8dd2695e3eecb5c486d438b5113c721683c3c"  -d '{  "email":"jode@null.com","firstname":"jode","lastname":"last","username":"user1" }'      
 -H "Content-Type: application/json"  "https://console.jumpcloud.com/api/systemusers"

user1 has already been registered


You can retrieve users details and pass query string values


ken$ curl -H "Accept: application/xml"  -H "x-api-key: c3f8dd2695e3eecb5c486d438b5113c721683c3c" "https://console.jumpcloud.com/api/systemusers?fields=username&fields=email"
{"totalCount":5,"results":[{"username":"ldap","email":"ldap@socpuppets.com","_id":"5af0e038bf0eb553c7fb03fa"},{"username":"NGFW","email":"ngfw@null.com","_id":"5b7c56122b08836127e3a492"},{"username":"user11","email":"user11@null.com","_id":"5b7c56599e583e1899296370"},{"username":"ssn","email":"ssn@null.com","_id":"5bbe8313457a9c62030e16cd"},{"username":"smcldap","email":"kfelix@socpuppets.com","_id":"5d67537a65a85751406a8698"}]}supports- 

You can lock a user accounts by passing a boolean value of 1  and calling up that user by it's id

curl -X PUT -d '{ "account_locked":"1" }' -H "Content-Type: application/json"  -H "Accept: application/json"   -H "x-api-key: c3f8dd2695e3eecb5c486d438b5113c721683c3c" "https://console.jumpcloud.com/api/systemusers/5b7c56122b08836127e3a492 








 You can get creative and set random password at the time of account creation using perl or python

ken$ cat pass.py

import string

 from random import *

      chars = string.ascii_letters + string.punctuation  + string.digits


      passwd =  "".join(choice(chars) for A in range(randint(10, 14)))


print passwd


example of above script a password structure;


sh-3.2$ python pypass
oQL?HXq4.$


In order to delete a user, again a very similar operation to OneLogin,  and where you use a http.request.method DELETE and the id;

 curl -X DELETE -H "Content-Type: application/json"  -H "x-api-key: c3f8dd2695e3eecb5c486d438b5113c721683c3c"   -H "Accept: application/json"  "https://console.jumpcloud.com/api/systemusers/5d815b250bc54b194afeb1e0"




Notice the custom X header  x-api-key always has the API key in all the above examples.











NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)