堆栈内存溢出
  简体   繁体   English

WSO2 Identity Server SCIM 2用户删除

[英]WSO2 Identity Server SCIM 2 User deletion

 原文  2019-03-06 10:22:25       ldap/ wso2/ wso2is/ wso2carbon/ scim2

问题描述

i'm getting strange behaviours with user deletion in wso2 IS 5.7. 我在wso2 IS 5.7中通过删除用户得到了奇怪的行为。 I have deployed a tenant A with a secondary LDAP user store while primary user store is on Postgres. 当主要用户存储区位于Postgres上时,我已经用辅助LDAP用户存储区部署了一个租户A。

So I have 2 domain for new users: 所以我有2个新用户域:

  1. Domain A (primary user store) 域A(主要用户存储)
  2. Domain B (LDAP secondary user store) 域B(LDAP辅助用户存储)

and 4 possible domains for new roles: 和4个可能的新角色域:

  1. Primary
  2. Internal 内部
  3. Application 应用
  4. domain D (from the ldap domain) D (来自ldap域)

Case 1) Any user deletion through scim2 API invoked with the admin of the tenant works. 情况1)任何通过租户的admin调用的scim2 API进行的用户删除。 HTTP 204 is returned. 返回HTTP 204。 User is deleted 用户被删除

Case 2) User A created in LDAP with a Role R . 情况2)在角色R中在LDAP中创建的用户A。 Both have LDAP domain D . 两者都有LDAP域D。 When I try to delete a user in the LDAP through scim2 API, 403 Forbidden is returned. 当我尝试通过scim2 API删除LDAP中的用户时,返回403 Forbidden。 User is not deleted. 用户未删除。

Case 3) User B created on primary user-store with a Role R2 created with the domain Internal or Primary. 情况3)在主要用户存储上创建的用户B ,其角色R2是使用内部域或主要域创建的。 HTTP/1.1 500 Internal Server Error is returned.. User is deleted. HTTP/1.1 500 Internal Server Error返回。用户已删除。

I have no meaningful logs in wso2 console. 我在wso2控制台中没有有意义的日志。

Catalina logs: 127.0.0.1 - - [06/Mar/2019:11:15:25 +0100] "DELETE /t/tenant.com/scim2/Users/6c133a5e-ba74-4021-8f5f-8e1bf62af506 HTTP/1.1" 500 146 "-" "curl/7.29.0" 卡塔琳娜州日志: 127.0.0.1 - - [06/Mar/2019:11:15:25 +0100] "DELETE /t/tenant.com/scim2/Users/6c133a5e-ba74-4021-8f5f-8e1bf62af506 HTTP/1.1" 500 146 "-" "curl/7.29.0"

Any idea? 任何想法? Thanks for your help. 谢谢你的帮助。

1 个解决方案

解决方案1
 0  2019-03-07 17:40:08

the user did not have the permission to manage consent (delete in this case). 用户无权管理同意书(在这种情况下为删除)。 After I gave the user that make the API call the right permissions (consent management), it worked. 当我给使API调用正确权限的用户(同意管理)后,它就起作用了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用scim端点在wso2身份服务器中创建ldap用户? - How to create a ldap user in wso2 identity server by using scim endpoints? 具有OpenLDAP和SSL的WSO2身份服务器 - WSO2 Identity Server with OpenLDAP and SSL 浏览wso2身份服务器的内部ldap - browsing internal ldap of wso2 identity server wso2身份服务器ldap浏览 - wso2 identity server ldap browsing 将WSO2 Identity Server与OpenLDAP一起使用 - Using WSO2 Identity Server with OpenLDAP 使用SCIM在wso2 IS中为ldap创建组/角色 - Create group/role in wso2 IS with SCIM to ldap Wso2 Scim Api无法获取组 - Wso2 Scim Api cant fetch groups 如何配置 WSO2 身份服务器以添加来自第二个用户存储的声明 - How to configure WSO2 Identity Server to add claim from second user store WSO2 Identity Server-将公司LDAP添加为辅助用户存储-字段布局映射? - WSO2 Identity Server - Adding a Corporate LDAP as Secondary User Store - Field Layout Mapping? Wso2 Scim扩展数据类型错误 - Wso2 Scim extentinon datatype error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM