多租户中的Identity Server服务

Question

I'm a bit confused on how to access the soap services in Identity Server, for tenant-specific data.

It seems some services like the STS and EntitlementService need to be accessed by including the tenant domain in the URL and can be called with the super-tenant admin credentials, ie:

https://localhost:9443/services/t/{tenant-domain}/services/EntitlementService.EntitlementServiceHttpsSoap12Endpoint

Whereas some services return the same data regardless of the URL, but return tenant-specific data only when accessed using the tenant-admin credentials, ie:

https://localhost:9443/services/UserProfileMgtService.UserProfileMgtServiceHttpsSoap12Endpoint

Using this url alone, https://localhost:9443/t/{tenant-domain}/services/UserProfileMgtService.UserProfileMgtServiceHttpsSoap12Endpoint does not scope to the tenant. This one requires the tenant-admin credentials, and does not seem to take the URL into account.

Is my understanding correct, and what is the intended way of accessing these services in multi-tenant mode?

Thanks

Answer 1

There are admin services (UserProfileMgtService) and hosted services (wso2carbon-sts) in carbon product.

Those admin services are tenant aware and you need to authenticate using tenant user credentials. (EntitlementService also and admin service which works with tenant user credentials without tenant details in URL)

Hosted services may have different configurations relevant to each tenants and u need to access via tenant details in URI