访问SCIM API-Keyrock Fiware
[英]Access SCIM API - Keyrock Fiware
问题描述
I am using a fiware-idm image in a docker container ( https://hub.docker.com/r/fiware/idm/ ) and I'm trying access the SCIM API. 
我在Docker容器( https://hub.docker.com/r/fiware/idm/ )中使用了fiware-idm映像,并且尝试访问SCIM API。 There is user "idm" (default user), he's provider and has all permissions. 有一个用户“ idm”(默认用户),他是提供者,并且具有所有权限。 But when I try get all users: 但是当我尝试获得所有用户时:
private String getAccessToken() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
String accessToken = (String) session.getAttribute("access_token");
return accessToken;
}
public void getUsers() throws IOException {
String accessToken = getAccessToken();
Client client = ClientBuilder.newClient();
Response response = client.target("http://192.168.99.100:5000/v3/projects")
.request(MediaType.TEXT_PLAIN_TYPE)
.header("X-Auth-token", accessToken)
.get();
setResultUsersList("-- status: " + response.getStatus() + " <br>"
+ "-- headers: " + response.getHeaders() + " <br>"
+ "-- body: " + response.readEntity(String.class) + " <br>"
+ "-- token: " + accessToken);
}
I receive an error msg: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} 我收到一个错误消息:{“错误”:{“消息”:“您发出的请求需要验证。”,“代码”:401,“标题”:“未经授权”}}
But the authentication works and get the user infos too: 但是身份验证有效,并且也可以获取用户信息:
public void authenticateUser() throws OAuthSystemException, IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
OAuthClientRequest codeRequest = OAuthClientRequest
.authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
.setParameter("response_type", "code")
.setClientId(CLIENT_ID)
.setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
.buildQueryMessage();
httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}
public void requestUserInfo() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
accessToken = (String) session.getAttribute("access_token");
String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
JSONObject jsonObject = new JSONObject(strJson);
resultUserInfo = jsonObject.toString();
}
1 个解决方案
解决方案1
0 已采纳 2016-10-19 09:23:11
The X-Auth-Token header needed when making requests to Keystone requires a Keystone token as value, instead of the OAuth2 access token that you are currently providing. 向Keystone发出请求时所需的X-Auth-Token标头要求使用Keystone令牌作为值,而不是您当前提供的OAuth2访问令牌。
You can obtain a Keystone token by means of a POST request to the authentication endpoint. 您可以通过对身份验证端点的POST请求来获取Keystone令牌。 Since one of the supported authentication methods in Keystone is OAuth2, you can even use the access token you obtained from the OAuth2 authentication to obtain a Keystone token: 由于Keystone支持的一种身份验证方法是OAuth2,因此您甚至可以使用从OAuth2身份验证获得的访问令牌来获取Keystone令牌:
POST /v3/auth/tokens
body:
"auth": {
"identity": {
"methods": [
"oauth2"
],
"oauth2": {
'access_token_id': access_token
}
}
}
You may now use the Keystone token to perform requests to the SCIM API (or to any API endpoint to which the authenticated user has permissions). 现在,您可以使用Keystone令牌执行对SCIM API(或对经过身份验证的用户具有权限的任何API端点)的请求。
Hope this helps for you! 希望这对您有所帮助!
Please note that the request to obtain the user information works since it is being performed to an endpoint in Horizon, rather than to a Keystone endpoint.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.