[英]wso2 indentity server 5.10.1 - role-based adaptive user authentication var hasRole is always false
We use WSO2 5.10.1 for SSO and I am trying to get adaptive MFA working but having some trouble.我们将 WSO2 5.10.1 用于 SSO,我正在尝试让自适应 MFA 工作,但遇到了一些问题。 The IP-based adaptive authentication template works, but for some reason, the role-based template does not.基于 IP 的自适应身份验证模板有效,但由于某种原因,基于角色的模板不起作用。 For some reason, the variable hasRole
always returns false
, even though my test user is a member of the internal role called staff2
.出于某种原因,变量hasRole
总是返回false
,即使我的测试用户是名为staff2
的内部角色的成员。 staff2 is an internal role containing only the test user. staff2 是一个仅包含测试用户的内部角色。
The wso2carbon.log
with the info is below.带有信息的wso2carbon.log
如下。 I also included the script I am using, which is the default role-based template PLUS a few modifications I made to get a little more information in the log.我还包括了我正在使用的脚本,它是默认的基于角色的模板,加上我为在日志中获得更多信息而进行的一些修改。
Log:日志:
TID: [-1234] [] [2021-02-02 10:14:34,684] [badcbf3d-288c-4d3a-8abc-372763d87e0b] INFO {org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsLogger} - Working so far
TID: [-1234] [] [2021-02-02 10:14:34,684] [badcbf3d-288c-4d3a-8abc-372763d87e0b] INFO {org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsLogger} - false string info
TID: [-1234] [] [2021-02-02 10:14:34,684] [badcbf3d-288c-4d3a-8abc-372763d87e0b] INFO {org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsLogger} - <testuser> Has one of Roles: [staff2]
My Code:我的代码:
// Role-Based from Template...
// This script will step up authentication for any user belonging
// to one of the given roles
// If the user has any of the below roles, authentication will be stepped up
var rolesToStepUp = ['staff2'];
var onLoginRequest = function(context) {
executeStep(1, {
onSuccess: function (context) {
// Extracting authenticated subject from the first step
var user = context.currentKnownSubject;
// Checking if the user is assigned to one of the given roles
var hasRole = hasAnyOfTheRoles(user, rolesToStepUp);
Log.info('Working so far');
Log.info(hasRole + ' string info');
if (5 > 1) {
Log.info(user.username + ' Has one of Roles: ' + rolesToStepUp.toString());
executeStep(2);
}
}
});
};
// End of Role-Based.......
Change your rolesToStepUp
variable as follows and try out.如下更改您的rolesToStepUp
变量并尝试。
var rolesToStepUp = ['Internal/staff2'];
If you use the variable as var rolesToStepUp = ['staff2'];
如果将变量用作var rolesToStepUp = ['staff2'];
, it checks whether the user has a role named 'staff2' in the PRIMARY userstore. ,它会检查用户是否在 PRIMARY 用户存储中具有名为“staff2”的角色。 For example, if you create a Role by selection domain- PRIMARY and role name- staff2, the user who gets assigned to that role will be able to go through 2 steps according to your script.例如,如果您通过选择域-PRIMARY 和角色名称-staff2 创建角色,则分配给该角色的用户将能够根据您的脚本通过 2 个步骤来 go。
If you want to use a role other than a role attached to PRIMARY userstore, you need to define the domain in the var rolesToStepUp
array.如果要使用附加到 PRIMARY 用户存储的角色以外的角色,则需要在var rolesToStepUp
数组中定义域。 Since you have created an internal role, var rolesToStepUp
should be defined as var rolesToStepUp = ['Internal/staff2'];
由于您已创建内部角色, var rolesToStepUp
应定义为var rolesToStepUp = ['Internal/staff2'];
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.