I have WSO2 API Manager federated setup with Azure AD
. I can use the implicit
and code
grant type to generate the access tokens.
Now I want to use the WSO2 API Manager scope
functionality to limit the access
on certain API resources
. I have created the role
in API manager and added the scope
on API publisher
for the API resource. But when I generate the access token using scope
value, it doesn't return the token with correct scope
. But if I assign the local user
to that role and generate the access token it works fine.
I wonder if WSO2 API manager support scope
management for Federated
users.
Any help would be appreciated.
By defaut roles are checked against the userstore managers, therefore if federated users are not findable in a local userstore manager, it is difficult to assign roles to them.
You have several options:
if you are using SAML, you can specify -DcheckRolesFromSamlAssertion=true
it was quite tricky to find this one
create a secondary local (eg jdbc) userstore and setup the outbound provisioning for federated users. This way all federated users and their roles will be mirrored in a local userstore and their roles will be findable by the scope provider
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.