wso2身份服务器oauth userinfo没有角色

Question

我安装了WSO2 Identiy服务器，并且编写了一些Java代码以使用oauth 2获取用户信息。为此，我正在使用OLTU。 我已正确连接，并且在协商了access_code之后，我要求使用userinfo端点，如下所示：

https://<serverIP>:9443/oauth2/userinfo?schema=openid

我可以JSON格式正确获取用户信息：

{"email":"xxxx@xxx.aa","name":"xxx","family_name":"xx","preferred_username":"xxx","given_name":"xx"}

我发现没有角色信息被返回。 我创建了一些自定义角色并分配了用户。 他们没有分配任何许可。

我必须在服务器中配置任何内容吗？ 该请求必须以其他方式提出吗？ 我究竟做错了什么？

Answer 1

There are two ways to add this claim mapping. It's depends on your requirement.


To get this done has to add a role claim mapping under "http://wso2.org/oidc/claim" claim dialect. This can be done in following ways

Case 1 : For fresh WSO2IS before first startup

Go to <IS_HOME>/repository/conf/claim-config.xml file<br/>
Add following configuration under <Dialect dialectURI"http://wso2.org/oidc/claim"><br/>
                    <Claim>
                                <ClaimURI>Roles</ClaimURI>
                                <DisplayName>Roles</DisplayName>
                                <AttributeID>role</AttributeID>
                                <Description>role of the user</Description>
                                <DisplayOrder>10</DisplayOrder>
                                <SupportedByDefault />
                    </Claim>
Case 2: For already running server.
Login to the Identity server management console as admin user.
Click the Configure button to access the Configure menu
Click on http://wso2.org/oidc/claim Dialect.
Click on "Add New Claim Mapping" and set the above details.
(There you will get an error which is known issues. But that value will store. Then again edit it and set Mapped Attribute again)

Then restart the server. Now you can get user info with roles