WSO2 API Manager Scopes for Federated Users
Question
I have WSO2 API Manager federated setup with Azure AD . I can use the implicit and code grant type to generate the access tokens.
Now I want to use the WSO2 API Manager scope functionality to limit the access on certain API resources . I have created the role in API manager and added the scope on API publisher for the API resource. But when I generate the access token using scope value, it doesn't return the token with correct scope . But if I assign the local user to that role and generate the access token it works fine.
I wonder if WSO2 API manager support scope management for Federated users.
Any help would be appreciated.
1 answers
solution1
2 2018-10-10 07:43:12
By defaut roles are checked against the userstore managers, therefore if federated users are not findable in a local userstore manager, it is difficult to assign roles to them.
You have several options:
if you are using SAML, you can specify
-DcheckRolesFromSamlAssertion=trueit was quite tricky to find this onecreate a secondary local (eg jdbc) userstore and setup the outbound provisioning for federated users. This way all federated users and their roles will be mirrored in a local userstore and their roles will be findable by the scope provider
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.