WSO2 APIM不提供用户架构的自定义声明

时间:2015-12-28 10:08:56

标签: wso2esb wso2is wso2-am

我使用WSO2 APIM (API Manager)版本1.9.1发布了JWT断言概念。我找到了一些有用的链接,如下所示:

  1. http://sanjeewamalalgoda.blogspot.in/2015/05/use-openid-with-oauth-20-in-wso2-api.html
  2. http://xacmlinfo.org/2015/03/09/openid-connect-support-with-resource-owner-password-grant-type/#comment-21792

    3. 我创建了自己的SP(服务提供)并在声明配置和入站身份验证配置下创建了一些自定义声明,OAuth/OpenID Connect Configuration

    根据链接:

    curl -k -d "grant_type=password&username=admin&password=admin&scope=openid" -H "Authorization: Basic M1J6RFNrRFI5ZmQ5czRqY296R2xfVjh0QU5JYTpXeElqSkFJd0dqRWVYOHdHZGFfcGM1Wl94RjRh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token

    它给了我们

    {"scope":"openid","token_type":"Bearer","expires_in":3600,
"refresh_token":"65af3dbea3294b1524832d3869361e3e",
"id_token":"eyJhbGciOiJSUzI1NiJ9.eyJhdXRoX3RpbWUiOjE0MzA0NTY4MzM5OTgsImV4cCI6MTQzMDQ2MDQzNDAxNCwic3ViIjoiYWRtaW5AY2FyYm9uLnN1cGVyIiwiYXpwIjoiM1J6RFNrRFI5ZmQ5czRqY296R2xfVjh0QU5JYSIsImF0X2hhc2giOiJNV013WXpreVl6UmxPVGhsTkRNM01XTTVNVFEyTTJWbE0yWXlNamcwWXc9PSIsImF1ZCI6WyIzUnpEU2tEUjlmZDlzNGpjb3pHbF9WOHRBTklhIl0sImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyZW5kcG9pbnRzXC90b2tlbiIsImlhdCI6MTQzMDQ1NjgzNDAxNH0.Fc4DO8A22euo04vnBoE87RVBtDQ-73Z2hNZ8_WpeKslkumhEuUVcf6y03D5HZBlGDUi8zC1SUHewg4WEE8HvI6wA59wp8BErK6pY3Zb02pWbJsPh7VBHwky2g5PtvKSsGiy0rd2tuehY-_dAy7LBKNSUOhkmGdLXkSSThuIQxKOHDAJKHCY4I_36B9OH1scs34EG9MKG4vSNdfdcf4mSg0KUD98Jdw_NS-T4pRZK_sCeT-1BBodYEabEVREHxfcDr7BGYugMiiWThVUzd4WIHD83bVwxXP17POzuo6dS_l78pBWZtBBMPKXqhd9VMNZpc-sR07DS7KkHoV6Fp3l0oA",
"access_token":"1c0c92c4e98e4371c91463ee3f2284c"}

    但是,当我们打电话给关注时,我们只获取默认用户架构详细信息,但它未在输出中显示我们的自定义声明。

    curl -k -v -H "Authorization: Bearer 1c0c92c4e98e4371c91463ee3f2284c" https://localhost:9443/oauth2/userinfo?schema=openid

{
 "phone_number":"54326643565",
 "email":"mkyong@yahoo.com",
 "family_name":"Yong",
 "country":"Japan"
}

    为什么它没有提供配置SP的任何其他自定义声明?有什么帮助吗?

    {
   "iss":"wso2.org/products/am",
   "exp":1391029971429,
   "http://wso2.org/claims/subscriber":"admin",
   "http://wso2.org/claims/applicationid":"1",
   "http://wso2.org/claims/applicationname":"DefaultApplication",
   "http://wso2.org/claims/applicationtier":"Unlimited",
   "http://wso2.org/claims/apicontext":"/pizzashack/menu",
   "http://wso2.org/claims/version":"1.0.0",
   "http://wso2.org/claims/tier":"Bronze",
   "http://wso2.org/claims/keytype":"PRODUCTION",
   "http://wso2.org/claims/usertype":"APPLICATION",
   "http://wso2.org/claims/enduser":"admin",
   "http://wso2.org/claims/enduserTenantId":"-1234"
}

1 个答案:

答案 0 :(得分:0)

在订阅应用程序后,API商店基本上会在api manger中自动注册OAuth订阅。因此,无需为OAuth订阅配置服务提供商。

默认情况下,api-manager.xml中未启用自定义声明配置。因此,您必须将配置参数添加到API身份验证处理程序。

要配置自定义方言,请将以下内容复制到<APIConsumerAuthentication>标记下的&lt; APIM_HOME&gt; /repository/conf/api-manager.xml文件中。

<SecurityContextHeader>X-JWT-Assertion</SecurityContextHeader>
<ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<EnableTokenGeneration>true</EnableTokenGeneration>
<TokenGeneratorImpl>org.wso2.carbon.apimgt.impl.token.JWTGenerator</TokenGeneratorImpl>

配置自定义方言后添加新的声明映射。添加自定义声明映射时,选择“默认支持”(默认支持= true)。完成后,请转到Home&gt;配置&gt;用户和角色&gt;用户。选择用户并更新用户配置文件中显示的新添加的字段。您可以在JWT中看到用户详细信息。

推荐 - https://docs.wso2.com/display/AM190/Passing+Enduser+Attributes+to+the+Backend+Using+JWT

https://docs.wso2.com/display/IS500/Adding+New+Claim+Mapping

相关问题
最新问题