ARTIFACTORY: How to migrate ldap realm to saml realm to use the existing API key without user login?

David Shin
2022-09-01 12:16

When you need to migrate LDAP to SAML,  you may need to disable LDAP and enable SAML in Artifactory.
Normally, after LDAP is disabled and SAML is enabled in Artifactory, a user will need to login in to the Artifactory UI so that the user will continue to use the existing API Key
It is because the realm column will be updated with 'saml' during the login process.

Otherwise, a user should get the following error when they use the API key until they login into Artifactory.{
  "errors" : [ {
    "status" : 401,
    "message" : "Can't reauthenticate LDAP for user: 'xxxxx@xxxx.com': user is locked, disabled or does not exist in LDAP"
  } ]
]

It is generally not possible to have all the account owners login to the UI to resume using their API keys.
 

Solution

As an Artifactory administrator, you can update the realm value all at once by running the following SQL query in the DB.  Then users should continue to use their API key without logging into the UI.

e.g.
update access_users set realm='saml' where realm='ldap';