Forms Considerations with SAML Identity Conversion

replied on July 13, 2022 • Show version history

Not SAML, but I did a conversion of 100 Laserfiche Users to Windows AD Users earlier this year, while on version 10.2, and wrote a bunch of scripts to update users, profiles, roles, fields on forms in progress, etc. from the old username to the new one. Editing the LFForms database is a very high-risk activity, and I would recommend running in a test environment before using in a production environment, but I can share the scripts if that may be helpful to you. The script involves manually listing the old and new username as variables and then updates the fields. I did this so I could coordinate with each employee individually - I would ask if they'd read the instructions I'd sent out a week prior, tell them to log out of all LF systems, and then convert them, and then ask them to log in using the new credentials. Whole conversion of the 100 users took me half a week.

0 0

View 1 previous reply

replied on July 13, 2022 • Show version history

As I mentioned, I was on version 10.2 when I did this. As far as I know, none of these database tables or fields were updated until version 11 Update 2 (at that point, the user_id field was changed to user_group_id or something like that), but I'm not 100% positive that no other changes were made.

Here's the queries I ran. Please proceed carefully.

--Creating Variables for Retrieving Username, ID, and SID
DECLARE @OldUserName VARCHAR(100), @OldUserID INT, @OldUserSID VARCHAR(100), @OldUserDisplayName VARCHAR(100), @OldUserEmail VARCHAR(100)
DECLARE @NewUserName VARCHAR(100), @NewUserID INT, @NewUserSID VARCHAR(100), @NewUserDisplayName VARCHAR(100), @NewUserEmail VARCHAR(100)
SET @OldUserName = 'Matthew'        --Manually entry the value here for the old username.
SET @NewUserName = 'DOMAIN\matthew'   --Manually entry the value here for the new username.

--Retrieving Details of Old User
SELECT
  @OldUserID = [user_id],
  @OldUserSID = [sid],
  @OldUserDisplayName = [displayname],
  @OldUserEmail = [email]
FROM [LFForms].[dbo].[cf_users]
WHERE [username] = @OldUserName;

--Retrieving Details of New User
SELECT
  @NewUserID = [user_id],
  @NewUserSID = [sid],
  @NewUserDisplayName = [displayname],
  @NewUserEmail = [email]
FROM [LFForms].[dbo].[cf_users]
WHERE [username] = @NewUserName;

--Displaying Details of Old and New User
SELECT
  @OldUserName AS old_username,
  @OldUserID AS old_user_id,
  @OldUserSID AS old_user_sid,
  @OldUserDisplayName AS old_displayname,
  @OldUserEmail AS old_email;
SELECT
  @NewUserName AS new_username,
  @NewUserID AS new_user_id,
  @NewUserSID AS new_user_sid,
  @NewUserDisplayName AS new_displayname,
  @NewUserEmail AS new_email;

--If the new userid has never been used, it's profile doesn't exist yet, in which case
--it needs to be added to the database.
INSERT INTO [LFForms].[dbo].[cf_user_profile] ([user_id],[sid])
SELECT
  u.[user_id], 
  u.[sid]
FROM [LFForms].[dbo].[cf_users] AS u
LEFT JOIN [LFForms].[dbo].[cf_user_profile] AS p ON p.user_id = u.user_id
WHERE u.[user_id] = @NewUserID
  AND p.sid IS NULL;

--Update the new user profile to copy all the values from the old user profile.
--This ensures that things like signature, favorite forms, column selections will remain for the user through the switch.
UPDATE [LFForms].[dbo].[cf_user_profile]
SET [fav_bp_list] = (SELECT [fav_bp_list] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [my_task_col_width] = (SELECT [my_task_col_width] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [my_history_col_width] = (SELECT [my_history_col_width] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [show_pm_palette] = (SELECT [show_pm_palette] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [tz_setting] = (SELECT [tz_setting] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [fav_view_list] = (SELECT [fav_view_list] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [home_page] = (SELECT [home_page] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [my_task_hash] = (SELECT [my_task_hash] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [my_instance_hash] = (SELECT [my_instance_hash] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [manage_hash] = (SELECT [manage_hash] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [my_task_groupby] = (SELECT [my_task_groupby] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [manage_sortby] = (SELECT [manage_sortby] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [signature_type] = (SELECT [signature_type] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [type_name] = (SELECT [type_name] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [type_font] = (SELECT [type_font] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [data_url] = (SELECT [data_url] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [thumbnail_data_url] = (SELECT [thumbnail_data_url] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [notification_options] = (SELECT [notification_options] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [process_metrics_info] = (SELECT [process_metrics_info] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [inbox_settings_json] = (SELECT [inbox_settings_json] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [approval_settings_json] = (SELECT [approval_settings_json] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID),
    [mobile_inbox_settings] = (SELECT [mobile_inbox_settings] FROM [LFForms].[dbo].[cf_user_profile] WHERE [user_id] = @OldUserID)
WHERE [user_id] = @NewUserID;

--Update User Snapshots to list the new user details for all Snapshots.
--This will ensure the forms assigned to the old user, and all form history showing the old user,
--will automatically be switched to the new user.
UPDATE [LFForms].[dbo].[cf_user_snapshot]
SET [user_id] = @NewUserID,
    [username] = @NewUserName,
    [email] = @NewUserEmail,
    [displayname] = @NewUserDisplayName,
    [sid] = @NewUserSID
FROM [LFForms].[dbo].[cf_user_snapshot]
WHERE [sid] = @OldUserSID;

--Update Any Other User Snapshots for the new user, to ensure none are missing email or displayname.
UPDATE [LFForms].[dbo].[cf_user_snapshot]
SET [email] = @NewUserEmail,
    [displayname] = @NewUserDisplayName
FROM [LFForms].[dbo].[cf_user_snapshot]
WHERE [user_id] = @NewUserID
  AND ([email] IS NULL OR [displayname] IS NULL OR [email] = '' OR [displayname] = '');

--Update Business Process roles from the old user to the new user.
--These are the access rights to edit or start particular processes.
UPDATE [LFForms].[dbo].[cf_users_in_role]
SET [user_id] = @NewUserID
WHERE [user_id] = @OldUserID;

--Update User Dashboards from the old user to the new user.
--These are part of the reports functionality.
UPDATE [LFForms].[dbo].[dashboards_by_user]
SET [user_id] = @NewUserID
WHERE [user_id] = @OldUserID;

--Update Team Memberships
UPDATE [LFForms].[dbo].[team_members]
SET [user_id] = @NewUserID
WHERE [user_id] = @OldUserID;

--Update permissions granted to reports to move them from the old user to the new user.
UPDATE [LFForms].[dbo].[cf_view_security]
SET [user_group_id] = @NewUserID
WHERE [user_group_id] = @OldUserID;

--Update permissions granted to dashboards to move them from the old user to the new user.
UPDATE [LFForms].[dbo].[dashboard_security]
SET [user_group_id] = @NewUserID
WHERE [user_group_id] = @OldUserID;

--Update fields on in-progress instances where username is a field value.
UPDATE [LFForms].[dbo].[cf_bp_data]
SET [value] = @NewUserName
FROM [LFForms].[dbo].[cf_bp_main_instances] AS i
JOIN [LFForms].[dbo].[cf_bp_worker_instances] AS wi ON wi.[bp_instance_id] = i.[bp_instance_id]
JOIN [LFForms].[dbo].[cf_bp_worker_instance_history] AS history ON wi.[instance_id] = history.[instance_id]
JOIN [LFForms].[dbo].[cf_bp_steps] AS step ON wi.[current_step_id] = step.[step_id] AND wi.[current_process_id] = step.[process_id]
JOIN [LFForms].[dbo].[cf_bp_data] AS d ON d.[submission_id] = history.[submission_id]
JOIN [LFForms].[dbo].[members] AS m ON m.[id] = d.[member_path]
WHERE i.[status] = 1
  AND history.[submission_id] IS NOT NULL
  AND d.[value] = @OldUserName
  AND d.[member_path] NOT LIKE '%.%'

--Report Business Process steps that reference the old username.
SELECT 
  bp.[name] AS process_name,
  step.[step_type],
  step.[name] AS step_name,
  'This business process step has a hard-coded reference to the old username, which needs to be updated manually.' AS instructions
FROM [LFForms].[dbo].[cf_bp_steps] AS step
LEFT JOIN [LFForms].[dbo].[cf_bp_processes] AS bpp ON bpp.[process_id] = step.[process_id]
LEFT JOIN [LFForms].[dbo].[cf_business_processes] AS bp ON bp.[bp_id] = bpp.[bp_id]
WHERE [definition_json] LIKE CONCAT('%"', @OldUserName, '"%')
  AND step.[is_deleted] = 0
  AND bp.[is_deleted] = 0;

This was also after I'd run the Synchonization in Forms so that both the old user and new users already existed in the LFForms database.

2 0

replied on July 20, 2022

Thanks Matthew!

0 0

replied on November 19, 2024

This is amazing - thank you!

0 0

Question

Question

Forms Considerations with SAML Identity Conversion

Replies

Sign in to reply to this post.