1
我已经配置WSO2 API Manager 2.0.0,将内部用户存储作为主服务器,LDAP作为辅助用户存储。我可以通过LDAP用户登录到Carbon,Publisher和Store UI。我的目标是允许LDAP用户使用Publisher REST API,并且我遵循的步骤如下所示;WSO2 API管理器2.0.0 - LDAP和发布服务器API令牌问题
创建服务提供商
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "clientName": "rest_api_publisher", "tokenScope": "Production", "owner": "admin", "grantType": "password refresh_token", "saasApp": true }' "http://localhost:9763/client-registration/v0.10/register"
响应
{ "jsonString": "{\"username\":\"admin\",\"redirect_uris\":null,\"client_name\":\"admin_rest_api_publisher\",\"grant_types\":\"urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm refresh_token client_credentials password\"}", "appOwner": null, "clientName": null, "callBackURL": null, "isSaasApplication": true, "clientId": "N2GP9igHPkEcotmyE6ccyPLBeh0a", "clientSecret": "qHO0ZFsaGDGGEaHO_4PXgKOXVWYa" }
获得访问令牌管理员用户
curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=admin&password=admin&scope=apim:api_view%20apim:api_publish%20apim:api_create"
响应
{ "scope": "apim:api_create apim:api_publish apim:api_view", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "787b34a2-55eb-3baa-b83a-7041959781ce", "access_token": "2b7ad48c-67d8-3ebc-acd8-1d02aca85fdd" }
正如你在这种情况下看,范围包含了所有我所要求的范围。有了这个令牌,我可以查询和添加新的API并发布它们。我遇到的问题是,当我对LDAP用户执行相同操作时,范围是默认值。
(PS:我的二级域名是mzaferyahsi.com)
获取访问令牌针对LDAP用户
curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=mzaferyahsi.com/<<username>>&password=<<password>>&scope=apim:api_view%20apim:api_publish%20apim:api_create"
响应
{ "scope": "default", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "2a519b92-2fe8-3b85-8da8-6ea8b2eceb6e", "access_token": "874aac4f-c441-3927-bd1b-cce859e58988" }
有没有人遇到过这个问题?任何解决方案赞赏
感谢您的快速响应! – mzaferyahsi