访问SCIM API - Keyrock Fiware

时间:2016-10-10 16:28:51

标签: fiware keystone scim

我在docker容器(https://hub.docker.com/r/fiware/idm/)中使用了fiware-idm图像,我正在尝试访问SCIM API。有用户“idm”(默认用户),他是提供者并拥有所有权限。但是,当我尝试获取所有用户时:

private String getAccessToken() {
    HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    HttpSession session = httpServletRequest.getSession();
    String accessToken = (String) session.getAttribute("access_token");
    return accessToken;
}

public void getUsers() throws IOException {
    String accessToken = getAccessToken(); 

    Client client = ClientBuilder.newClient();
    Response response = client.target("http://192.168.99.100:5000/v3/projects")
      .request(MediaType.TEXT_PLAIN_TYPE)
      .header("X-Auth-token", accessToken)
      .get();

    setResultUsersList("-- status: " + response.getStatus() + " <br>" 
            + "-- headers: " + response.getHeaders() + " <br>"
            + "-- body: " + response.readEntity(String.class) + " <br>"
            + "-- token: " + accessToken);
}

我收到错误消息: {“error”:{“message”:“您提出的请求需要身份验证。”,“代码”:401,“标题”:“未经授权”}}

但是身份验证可以运行并获得用户信息:

public void authenticateUser() throws OAuthSystemException, IOException {
    HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();

    OAuthClientRequest codeRequest = OAuthClientRequest
            .authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
            .setParameter("response_type", "code")
            .setClientId(CLIENT_ID)
            .setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
            .buildQueryMessage();

    httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}

public void requestUserInfo() {
    HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
    HttpSession session = httpServletRequest.getSession();
    accessToken = (String) session.getAttribute("access_token");

    String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
    JSONObject jsonObject = new JSONObject(strJson);
    resultUserInfo = jsonObject.toString();
}

1 个答案:

答案 0 :(得分:0)

向Keystone发出请求时所需的X-Auth-Token标头需要 Keystone令牌作为值,而不是您当前提供的OAuth2访问令牌。

您可以通过POST请求获取Keystone令牌到身份验证终端。由于Keystone中支持的身份验证方法之一是OAuth2,您甚至可以使用从OAuth2身份验证中获取的访问令牌来获取Keystone令牌:

POST  /v3/auth/tokens
body:

 "auth": {
        "identity": {  
            "methods": [
                "oauth2"
            ],
            "oauth2": {
                'access_token_id': access_token
            }
        }
    }

您现在可以使用Keystone令牌对SCIM API(或经过身份验证的用户具有权限的任何API端点)执行请求。

希望这对你有所帮助!

  

请注意,获取用户信息的请求可以正常运行,因为它正在Horizo​​n中的端点执行,而不是Keystone端点。