将WSO2 API Manager与Identity Server和SEPARATE Identity Server Key Manager结合使用
[英]Using WSO2 API Manager with Identity Server and SEPARATE Identity Server Key Manager
问题描述
We're in the process of configuring our suite of WSO2 products in a development environment and we're having a hard time wrapping our heads around IS Key Manager. 
我们正在开发环境中配置我们的WSO2产品套件,而我们正艰难地围绕IS密钥管理器进行工作。
What we're going for is an Identity Server (already configured) with an OAuth Service Provider that an external web page can log into. 我们要寻找的是具有外部网页可以登录的OAuth服务提供商的Identity Server(已配置)。 This is already complete, we can get our token through IS just fine. 这已经完成,我们可以通过IS获得令牌。
We now want to take the same token, and pass it to API Manager, and have API Manager understand the token, and the roles within, and approve or deny the API request. 现在,我们希望使用相同的令牌,并将其传递给API Manager,并让API Manager了解令牌,令牌中的角色以及批准或拒绝API请求。
Further in, we want to pass the token to Enterprise Integrator (which API Manager calls) and get info from the token (user info, claims) within a sequence. 更进一步,我们希望将令牌传递给Enterprise Integrator(API管理器调用),并按顺序从令牌中获取信息(用户信息,声明)。
IS is configured and working in it's isolated way (tokens generated from it aren't being accepted by APIM). IS已配置并以隔离的方式工作(APIM不接受由此生成的令牌)。 APIM is configured in that it is pointing to an EI API. APIM配置为指向EI API。
EI is only configured in that it has an API with sequences that do stuff. EI的配置仅是因为它具有一个具有执行填充序列的API。
I've read through these: https://docs.wso2.com/display/AM260/Key+Concepts#KeyConcepts-KeyManager https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+as+a+Key+Manager 我已阅读以下内容: https : //docs.wso2.com/display/AM260/Key+Concepts#KeyConcepts-KeyManager https://docs.wso2.com/display/AM210/Configuring+WSO2+Identity+Server+为+ A +键+经理
They suggest a separate Key Manager that all can speak to. 他们建议一个可以与所有人交谈的独立密钥管理器。 Makes sense. 说得通。 But the Key Manager when downloaded is an APIM instance? 但是下载时的密钥管理器是APIM实例吗? And looking deeper into the documentation it seems like this Key Manager is meant to REPLACE the traditional Identity Server, which doesn't support our use case (we need a separate Identity Server that can federate freely with others). 并且对文档进行更深入的研究,似乎该密钥管理器旨在代替传统的Identity Server,后者不支持我们的用例(我们需要单独的Identity Server,可以与其他人自由联合)。
I assume I'm not understanding something about the Key Manager configuration properly. 我认为我对密钥管理器配置不了解正确。
In short: IS needs to have an OAuth service provider to login to. 简而言之:IS需要具有OAuth服务提供商才能登录。 Once the token is generated there, it will be sent to an APIM endpoint. 在那里生成令牌后,它将被发送到APIM端点。 APIM should understand the roles, and authorize it through. APIM应该了解角色并进行授权。 EI should then receive the token from APIM and then also understand the roles and authorize it through. EI然后应从APIM接收令牌,然后还应了解角色并对其进行授权。
How can I accomplish this? 我该怎么做?
1 个解决方案
解决方案1
1 已采纳 2019-07-12 11:27:23
I would assume you got to the page where "API Manager" download page. 我假设您进入了“ API Manager”下载页面所在的页面。 Then you got the download pack named "wso2am-2.6.0.zip"? 然后,您获得了名为“ wso2am-2.6.0.zip”的下载包?
There is a link on the same download page under "Other Resources" -> "Identity Server as a Key Manager Pack". 在同一下载页面的“其他资源”->“身份服务器作为密钥管理器包”下有一个链接。 You can get the "wso2is-km-5.7.0.zip". 您可以获取“ wso2is-km-5.7.0.zip”。
This is almost same as "wso2is-5.7.0.zip", except very few config modification. 这与“ wso2is-5.7.0.zip”几乎相同,除了很少的配置修改。 You could use almost all the IS features in the same way. 您可以以相同的方式使用几乎所有的IS功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.