首页 文章

WSO2 API Manager 2.0.0 - LDAP和发布程序API令牌问题

提问于
浏览
1

我已将WSO2 API Manager 2.0.0配置为将内部用户存储作为主用户,将LDAP作为辅助用户存储 . 我可以使用LDAP用户登录Carbon,Publisher和Store UI . 我的目标是允许LDAP用户使用Publisher REST API,我所遵循的步骤如下;

  • 创建服务提供商
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{    "clientName": "rest_api_publisher",    "tokenScope": "Production",    "owner": "admin",    "grantType": "password refresh_token",    "saasApp": true }' "http://localhost:9763/client-registration/v0.10/register"

响应

{
          "jsonString": "{\"username\":\"admin\",\"redirect_uris\":null,\"client_name\":\"admin_rest_api_publisher\",\"grant_types\":\"urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm refresh_token client_credentials password\"}",
          "appOwner": null,
          "clientName": null,
          "callBackURL": null,
          "isSaasApplication": true,
          "clientId": "N2GP9igHPkEcotmyE6ccyPLBeh0a",
          "clientSecret": "qHO0ZFsaGDGGEaHO_4PXgKOXVWYa"
        }
  • 获取管理员用户的访问令牌
curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=admin&password=admin&scope=apim:api_view%20apim:api_publish%20apim:api_create"

响应

{
          "scope": "apim:api_create apim:api_publish apim:api_view",
          "token_type": "Bearer",
          "expires_in": 3600,
          "refresh_token": "787b34a2-55eb-3baa-b83a-7041959781ce",
          "access_token": "2b7ad48c-67d8-3ebc-acd8-1d02aca85fdd"
        }

正如您在本案中所看到的,范围包含我请求的所有范围 . 有了这个令牌,我可以查询并添加新的API并发布它们 . 我遇到的问题是,当我对LDAP用户执行相同操作时,范围是默认的 .

(P.S . :我的二级域名是mzaferyahsi.com)

  • 获取ldap用户的访问令牌
curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=mzaferyahsi.com/<<username>>&password=<<password>>&scope=apim:api_view%20apim:api_publish%20apim:api_create"

响应

{
          "scope": "default",
          "token_type": "Bearer",
          "expires_in": 3600,
          "refresh_token": "2a519b92-2fe8-3b85-8da8-6ea8b2eceb6e",
          "access_token": "874aac4f-c441-3927-bd1b-cce859e58988"
        }

有人遇到过这个问题吗?任何解决方案赞赏

oauth ldap wso2 wso2-am wso2carbon

1 回答

  • 0

    您必须在 tenant-conf.json file 中设置所需的角色范围映射 . 用户还应该具有所需的角色 . 该文件是here .

    回复于

相关问题