[英]Configuring WSO2 Identity Server as Key Manager with API Manager
I'm looking for some guidance about two specific WSO2 products, API Manager and Identity Server and for the best solution to solve the problem I'm going to explain below. 我正在寻找有关两种特定WSO2产品(API管理器和Identity Server)的指南,以及解决以下问题的最佳解决方案。
In my company, we are using ADFS 3.0 for Single Sign On support in our applications. 在我的公司中,我们将ADFS 3.0用于我们应用程序中的Single Sign On支持。 However we are now building applications that will require OpenID Connect Specification (SPA's+Rest API's) and ADFS does not support this out of the box so we've decided to use WSO2 products for that purpose. 但是,我们现在正在构建需要OpenID Connect规范(SPA的+ Rest API的)的应用程序,而ADFS不支持此功能,因此我们决定为此目的使用WSO2产品。
I already managed to install WSO2 Identity Server 5.0.0 SP1 and configured ADFS as a federated Identity Provider (the new applications will still have to authenticate users using ADFS). 我已经设法安装了WSO2 Identity Server 5.0.0 SP1,并将ADFS配置为联合身份提供程序(新应用程序仍然必须使用ADFS来验证用户身份)。 I also installed WSO2 API Manager 1.9.1 and configured it to use WSO2 Identity Server as the Key Manager ( Configuration tutorial ). 我还安装了WSO2 API Manager 1.9.1,并将其配置为使用WSO2 Identity Server作为密钥管理器(“ 配置”教程 )。
Now the problem: 现在的问题是:
Using WSO2 Identity Server 5.0.0 SP1 I couldn't get the Logout feature to work due to the issue reported here . 使用WSO2 Identity Server 5.0.0 SP1,由于此处报告的问题,我无法使注销功能正常工作。 It seems that this issue has been solved in version 5.1.0M4 so I tried to install version 5.1.0-alpha and managed to make the logout to work with ADFS (I tested it by enabling SSO for the carbon administration). 看来此问题已在5.1.0M4版本中解决,所以我尝试安装5.1.0-alpha版本并设法使注销与ADFS一起使用(我通过启用SSO进行碳管理对它进行了测试)。 However, now I'm not able to install the Key Manager feature through the carbon repositories due to incompatibilities. 但是,由于不兼容,现在我无法通过碳库安装密钥管理器功能。
As a result, with the first combination (wso2is 5.0.0 SP1/wso2am 1.9.1) I had the logout issue with ADFS and with the second combination (wso2is 5.1.0-alpha/wso2am 1.9.1), I'm not able to install the Key Manager feature in Identity Server. 结果,在第一个组合(wso2is 5.0.0 SP1 / wso2am 1.9.1)下,我遇到了ADFS的注销问题,而在第二个组合(wso2is 5.1.0-alpha / wso2am 1.9.1)下,我不是能够在Identity Server中安装密钥管理器功能。
Is there any way to apply a patch to solve the logout issue in the first combination? 有什么方法可以应用补丁来解决第一个组合中的注销问题? Is there a way to install the key manager feature on WSO2IS 5.1.0-alpha? 有没有办法在WSO2IS 5.1.0-alpha上安装密钥管理器功能? Or can someone point me to another solution to solve this issue? 还是有人可以向我指出解决此问题的另一种解决方案?
The issue you pointed above, marked as it type as "Patch". 您在上面指出的问题 ,标记为“ Patch”。 Usually that means WSO2 have fixed this issue for a earlier version and provided a patch to its customer. 通常,这意味着WSO2已解决了较早版本的问题,并为其客户提供了补丁。 Easiest thing would be, if you are already a customer of WSO2 ask for the patch directly from their support. 最简单的情况是,如果您已经是WSO2的客户,则直接从他们的支持下索取补丁。
If you are not a paid customer of WSO2 you are in bit of a trouble. 如果您不是WSO2的付费客户,那您一定会遇到麻烦。 As per this question, the source of the Service Pack also not available in public. 根据这个问题,该Service Pack的来源也不公开。
But luckily in your case, the component which need to have this fix not a core component. 但是幸运的是,需要修复的组件不是核心组件。 So you wouldn't be in trouble if you change the authenticator code bit. 因此,如果更改身份验证器代码位,就不会有麻烦。 But the warning is, it would lose any fixes done for org.wso2.carbon.identity.application.authenticator.samlsso_4.2.1.jar
in the service pack. 但是警告是,它将丢失该Service Pack中对org.wso2.carbon.identity.application.authenticator.samlsso_4.2.1.jar
所做的任何修复。
Anyway, these are the steps you should follow. 无论如何,这些是您应该遵循的步骤。
<IS_HOME>/repository/components/patches/
folder. 在<IS_HOME>/repository/components/patches/
文件夹中创建一个名为“ patch9000”的文件夹。 org.wso2.carbon.identity.application.authenticator.samlsso-4.2.1.jar
) in step 4 from the target
folder to the <IS_HOME>/repository/components/patches/patch9000
folder. 将步骤4中的构建jar( org.wso2.carbon.identity.application.authenticator.samlsso-4.2.1.jar
)从target
文件夹复制到<IS_HOME>/repository/components/patches/patch9000
文件夹。 org.wso2.carbon.server.extensions.PatchInstaller - Patch changes detected
如果您已完成所有操作,则在服务器启动时它将输出org.wso2.carbon.server.extensions.PatchInstaller - Patch changes detected
类的日志org.wso2.carbon.server.extensions.PatchInstaller - Patch changes detected
Now retry the your flow and it would work as expected. 现在,重试您的流程,它将按预期工作。
If you too lazy to do all above, you can wait until Identity Server Service Pack 2, which will have your fix. 如果您懒于执行上述所有操作,则可以等到Identity Server Service Pack 2修复为止。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.