我使用WSO2 APIM (API Manager)
版本1.9.1
发布了JWT断言概念。我找到了一些有用的链接,如下所示:
我创建了自己的SP(服务提供)并在声明配置和入站身份验证配置下创建了一些自定义声明,OAuth/OpenID Connect Configuration
根据链接:
curl -k -d "grant_type=password&username=admin&password=admin&scope=openid" -H "Authorization: Basic M1J6RFNrRFI5ZmQ5czRqY296R2xfVjh0QU5JYTpXeElqSkFJd0dqRWVYOHdHZGFfcGM1Wl94RjRh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
它给了我们
{"scope":"openid","token_type":"Bearer","expires_in":3600,
"refresh_token":"65af3dbea3294b1524832d3869361e3e",
"id_token":"eyJhbGciOiJSUzI1NiJ9.eyJhdXRoX3RpbWUiOjE0MzA0NTY4MzM5OTgsImV4cCI6MTQzMDQ2MDQzNDAxNCwic3ViIjoiYWRtaW5AY2FyYm9uLnN1cGVyIiwiYXpwIjoiM1J6RFNrRFI5ZmQ5czRqY296R2xfVjh0QU5JYSIsImF0X2hhc2giOiJNV013WXpreVl6UmxPVGhsTkRNM01XTTVNVFEyTTJWbE0yWXlNamcwWXc9PSIsImF1ZCI6WyIzUnpEU2tEUjlmZDlzNGpjb3pHbF9WOHRBTklhIl0sImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyZW5kcG9pbnRzXC90b2tlbiIsImlhdCI6MTQzMDQ1NjgzNDAxNH0.Fc4DO8A22euo04vnBoE87RVBtDQ-73Z2hNZ8_WpeKslkumhEuUVcf6y03D5HZBlGDUi8zC1SUHewg4WEE8HvI6wA59wp8BErK6pY3Zb02pWbJsPh7VBHwky2g5PtvKSsGiy0rd2tuehY-_dAy7LBKNSUOhkmGdLXkSSThuIQxKOHDAJKHCY4I_36B9OH1scs34EG9MKG4vSNdfdcf4mSg0KUD98Jdw_NS-T4pRZK_sCeT-1BBodYEabEVREHxfcDr7BGYugMiiWThVUzd4WIHD83bVwxXP17POzuo6dS_l78pBWZtBBMPKXqhd9VMNZpc-sR07DS7KkHoV6Fp3l0oA",
"access_token":"1c0c92c4e98e4371c91463ee3f2284c"}
但是,当我们打电话给关注时,我们只获取默认用户架构详细信息,但它未在输出中显示我们的自定义声明。
curl -k -v -H "Authorization: Bearer 1c0c92c4e98e4371c91463ee3f2284c" https://localhost:9443/oauth2/userinfo?schema=openid
{
"phone_number":"54326643565",
"email":"mkyong@yahoo.com",
"family_name":"Yong",
"country":"Japan"
}
为什么它没有提供配置SP的任何其他自定义声明?有什么帮助吗?
{
"iss":"wso2.org/products/am",
"exp":1391029971429,
"http://wso2.org/claims/subscriber":"admin",
"http://wso2.org/claims/applicationid":"1",
"http://wso2.org/claims/applicationname":"DefaultApplication",
"http://wso2.org/claims/applicationtier":"Unlimited",
"http://wso2.org/claims/apicontext":"/pizzashack/menu",
"http://wso2.org/claims/version":"1.0.0",
"http://wso2.org/claims/tier":"Bronze",
"http://wso2.org/claims/keytype":"PRODUCTION",
"http://wso2.org/claims/usertype":"APPLICATION",
"http://wso2.org/claims/enduser":"admin",
"http://wso2.org/claims/enduserTenantId":"-1234"
}
答案 0 :(得分:0)
在订阅应用程序后,API商店基本上会在api manger中自动注册OAuth订阅。因此,无需为OAuth订阅配置服务提供商。
默认情况下,api-manager.xml中未启用自定义声明配置。因此,您必须将配置参数添加到API身份验证处理程序。
要配置自定义方言,请将以下内容复制到<APIConsumerAuthentication>
标记下的&lt; APIM_HOME&gt; /repository/conf/api-manager.xml文件中。
<SecurityContextHeader>X-JWT-Assertion</SecurityContextHeader>
<ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass>
<ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>
<SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm>
<EnableTokenGeneration>true</EnableTokenGeneration>
<TokenGeneratorImpl>org.wso2.carbon.apimgt.impl.token.JWTGenerator</TokenGeneratorImpl>
配置自定义方言后添加新的声明映射。添加自定义声明映射时,选择“默认支持”(默认支持= true)。完成后,请转到Home&gt;配置&gt;用户和角色&gt;用户。选择用户并更新用户配置文件中显示的新添加的字段。您可以在JWT中看到用户详细信息。
推荐 - https://docs.wso2.com/display/AM190/Passing+Enduser+Attributes+to+the+Backend+Using+JWT
https://docs.wso2.com/display/IS500/Adding+New+Claim+Mapping