[英]Account Locked attribute not getting added in response for scim2 GET Users API in wso2
I am trying retrieve the user list which have locked accounts in WSO2 IS 5.9 version.我正在尝试检索在 WSO2 IS 5.9 版本中锁定帐户的用户列表。 I tried after adding account lock attribute to below claims:在将帐户锁定属性添加到以下声明后,我尝试了:
http://schemas.xmlsoap.org/ws/2005/05/identity http://schemas.xmlsoap.org/ws/2005/05/identity
urn:ietf:params:scim:schemas:core:2.0瓮:ietf:参数:scim:架构:核心:2.0
urn:ietf:params:scim:schemas:core:2.0:User urn:ietf:params:scim:schemas:core:2.0:User
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
I have followed below URL as well to add the custom claim: https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/我也按照下面的 URL 以及添加自定义声明: https://is.docs.wso2.com/en/5.9.0/developextending-im2
{ "attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock",
"attributeName":"accountLock",
"dataType":"boolean",
"multiValued":"false",
"description":"Account lock",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"multiValuedAttributeChildName":"null",
"canonicalValues":[],
"referenceTypes":[]
}
But still i am not able to get the accountLock attribute in response to GET Users API of scim2.但我仍然无法获得 accountLock 属性以响应 scim2 的 GET Users API。
Response回复
"totalResults": 10, "startIndex": 1, "itemsPerPage": 10, "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "Resources": [ { "emails": [ "divya@abc.com" ], "meta": { "created": "2020-06-25T07:49:35.465Z", "lastModified": "2020-06-25T11:20:13.482Z", "resourceType": "User" }, "name": { "givenName": "guest", "familyName": "guest" }, "groups": [ { "display": "Application/sp1" }, { "display": "Application/sp2" }, { "display": "Application/Read" } ], "id": "9ffbed2e-3703-470c-a2c8-e738f4c09709", "userName": "guest12" } ]}```
The following reasons may cause to accoutLock attribute does not appear in SCIM2 GET user response.以下原因可能会导致 accoutLock 属性未出现在 SCIM2 GET 用户响应中。
You might missed to add the new attribute ( "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock") as a sub attribute of urn:ietf:params:scim:schemas:extension:enterprise:2.0:User object.您可能错过了添加新属性 ("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock")作为 urn:ietf:params:scim:schemas:extension:enterprise 的子属性: 2.0:用户 object。 (Point 3 in https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#extending-the-scim-20-api . "subAttributes":" accoutLock verifyEmail askPassword employeeNumber costCenter organization division department manager") ( https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#extending-the-scim-20-api中的第 3 点。“subAttributes”:“ accoutLock verifyEmail问密码员工人数成本中心组织部部门经理")
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "attributeName":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "dataType":"complex", "multiValued":"false", "description":"Enterprise User", "required":"false", "caseExact":"false", "mutability":"readWrite", "returned":"default", "uniqueness":"none", "subAttributes":"accoutLock verifyEmail askPassword employeeNumber costCenter organization division department manager", "canonicalValues":[], "referenceTypes":["external"] }``` "attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "attributeName":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "dataType ":"complex", "multiValued":"false", "description":"Enterprise User", "required":"false", "caseExact":"false", "mutability":"readWrite", "returned" :"default", "uniqueness":"none", "subAttributes":"accoutLock verifyEmail askPassword employeeNumber costCenter 组织部门部门经理", "canonicalValues":[], "referenceTypes":["external"] }```
The mapped attribute of the added custom claim ( https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#add-the-custom-claim ) should be an existing attribute in LDAP schema if you are using the default LDAP userstore.添加的自定义声明( https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#add-the-custom-claim )的映射属性应该是现有的如果您使用默认的 LDAP 用户存储,则在 LDAP 架构中的属性。 (However, if you have done this mistake you won't be able to update/add claim value. It gives One or more attributes you are trying to add/update are not supported by underlying LDAP for user:
error) (但是,如果您犯了这个错误,您将无法更新/添加声明值。它会为用户提供One or more attributes you are trying to add/update are not supported by underlying LDAP for user:
错误)
The response of SCIM2 GET users doesn't contain the attributes which don't have a value. SCIM2 GET 用户的响应不包含没有值的属性。 Thus, set true/false to the claim value.因此,将 true/false 设置为声明值。
Moreover, it is enough to add the new attribute to urn:ietf:params:scim:schemas:extension:enterprise:2.0:User claim dialect.此外,将新属性添加到 urn:ietf:params:scim:schemas:extension:enterprise:2.0:User claim dialect 就足够了。 Follow steps in https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/按照https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/中的步骤操作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.