[英]WSO2 API Manager Scopes for Federated Users
I have WSO2 API Manager federated setup with Azure AD
. 我有带有
Azure AD
WSO2 API Manager联合设置。 I can use the implicit
and code
grant type to generate the access tokens. 我可以使用
implicit
和code
授予类型来生成访问令牌。
Now I want to use the WSO2 API Manager scope
functionality to limit the access
on certain API resources
. 现在,我想使用WSO2 API Manager
scope
功能来limit the access
对某些API resources
limit the access
。 I have created the role
in API manager and added the scope
on API publisher
for the API resource. 我已经在API管理器中创建了
role
,并在API publisher
为API资源添加了scope
。 But when I generate the access token using scope
value, it doesn't return the token with correct scope
. 但是,当我使用
scope
值生成访问令牌时,它不会返回具有正确scope
的令牌。 But if I assign the local user
to that role and generate the access token it works fine. 但是,如果我将
local user
分配给该角色并生成访问令牌,则可以正常工作。
I wonder if WSO2 API manager support scope
management for Federated
users. 我想知道WSO2 API管理器是否支持
Federated
用户的scope
管理。
Any help would be appreciated. 任何帮助,将不胜感激。
By defaut roles are checked against the userstore managers, therefore if federated users are not findable in a local userstore manager, it is difficult to assign roles to them. 通过针对用户商店管理器检查默认角色,因此,如果在本地用户商店管理器中找不到联盟用户,则很难为其分配角色。
You have several options: 您有几种选择:
if you are using SAML, you can specify -DcheckRolesFromSamlAssertion=true
it was quite tricky to find this one 如果您使用的是SAML,则可以指定
-DcheckRolesFromSamlAssertion=true
这很难找到。
create a secondary local (eg jdbc) userstore and setup the outbound provisioning for federated users. 创建辅助本地(例如jdbc)用户存储,并为联合用户设置出站供应。 This way all federated users and their roles will be mirrored in a local userstore and their roles will be findable by the scope provider
这样,所有联盟用户及其角色将被镜像到本地用户存储中,并且作用域提供者可以找到其角色
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.