1. 首页
  2. 问答
  3. WSO2 API管理器2.0.0 - LDAP和发布服务器API令牌问题

WSO2 API管理器2.0.0 - LDAP和发布服务器API令牌问题

2017-02-05 56 views
1

我已经配置WSO2 API Manager 2.0.0,将内部用户存储作为主服务器,LDAP作为辅助用户存储。我可以通过LDAP用户登录到Carbon,Publisher和Store UI。我的目标是允许LDAP用户使用Publisher REST API,并且我遵循的步骤如下所示;WSO2 API管理器2.0.0 - LDAP和发布服务器API令牌问题

  1. 创建服务提供商

    curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "clientName": "rest_api_publisher", "tokenScope": "Production", "owner": "admin", "grantType": "password refresh_token", "saasApp": true }' "http://localhost:9763/client-registration/v0.10/register"

    响应

     { 
      "jsonString": "{\"username\":\"admin\",\"redirect_uris\":null,\"client_name\":\"admin_rest_api_publisher\",\"grant_types\":\"urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm refresh_token client_credentials password\"}", 
      "appOwner": null, 
      "clientName": null, 
      "callBackURL": null, 
      "isSaasApplication": true, 
      "clientId": "N2GP9igHPkEcotmyE6ccyPLBeh0a", 
      "clientSecret": "qHO0ZFsaGDGGEaHO_4PXgKOXVWYa" 
     }

  2. 获得访问令牌管理员用户

    curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=admin&password=admin&scope=apim:api_view%20apim:api_publish%20apim:api_create"

    响应

     { 
      "scope": "apim:api_create apim:api_publish apim:api_view", 
      "token_type": "Bearer", 
      "expires_in": 3600, 
      "refresh_token": "787b34a2-55eb-3baa-b83a-7041959781ce", 
      "access_token": "2b7ad48c-67d8-3ebc-acd8-1d02aca85fdd" 
     }

正如你在这种情况下看,范围包含了所有我所要求的范围。有了这个令牌,我可以查询和添加新的API并发布它们。我遇到的问题是,当我对LDAP用户执行相同操作时,范围是默认值。

(PS:我的二级域名是mzaferyahsi.com)

  • 获取访问令牌针对LDAP用户

    curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=mzaferyahsi.com/<<username>>&password=<<password>>&scope=apim:api_view%20apim:api_publish%20apim:api_create"

    响应

     { 
      "scope": "default", 
      "token_type": "Bearer", 
      "expires_in": 3600, 
      "refresh_token": "2a519b92-2fe8-3b85-8da8-6ea8b2eceb6e", 
      "access_token": "874aac4f-c441-3927-bd1b-cce859e58988" 
     }

    • 有没有人遇到过这个问题?任何解决方案赞赏

    来源

    2017-02-05 mzaferyahsi

    回答

    0

    您必须在tenant-conf.json file中设置所需的角色范围映射。用户也应该具有必需的角色。该文件是here

    来源

    2017-02-06 05:50:12 Bee

    +0

    感谢您的快速响应! – mzaferyahsi

    相关问题

     相关问题