我在docker容器(https://hub.docker.com/r/fiware/idm/)中使用了fiware-idm图像,我正在尝试访问SCIM API。有用户“idm”(默认用户),他是提供者并拥有所有权限。但是,当我尝试获取所有用户时:
private String getAccessToken() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
String accessToken = (String) session.getAttribute("access_token");
return accessToken;
}
public void getUsers() throws IOException {
String accessToken = getAccessToken();
Client client = ClientBuilder.newClient();
Response response = client.target("http://192.168.99.100:5000/v3/projects")
.request(MediaType.TEXT_PLAIN_TYPE)
.header("X-Auth-token", accessToken)
.get();
setResultUsersList("-- status: " + response.getStatus() + " <br>"
+ "-- headers: " + response.getHeaders() + " <br>"
+ "-- body: " + response.readEntity(String.class) + " <br>"
+ "-- token: " + accessToken);
}
我收到错误消息: {“error”:{“message”:“您提出的请求需要身份验证。”,“代码”:401,“标题”:“未经授权”}}
但是身份验证可以运行并获得用户信息:
public void authenticateUser() throws OAuthSystemException, IOException {
HttpServletResponse httpServletResponse = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
OAuthClientRequest codeRequest = OAuthClientRequest
.authorizationLocation("http://192.168.99.100:8000/oauth2/authorize")
.setParameter("response_type", "code")
.setClientId(CLIENT_ID)
.setRedirectURI("http://localhost:8080/Example-Application-Security-UI/auth")
.buildQueryMessage();
httpServletResponse.sendRedirect(codeRequest.getLocationUri());
}
public void requestUserInfo() {
HttpServletRequest httpServletRequest = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpSession session = httpServletRequest.getSession();
accessToken = (String) session.getAttribute("access_token");
String strJson = callWebservice("http://192.168.99.100:8000/user?access_token=" + accessToken);
JSONObject jsonObject = new JSONObject(strJson);
resultUserInfo = jsonObject.toString();
}
答案 0 :(得分:0)
向Keystone发出请求时所需的X-Auth-Token
标头需要 Keystone令牌作为值,而不是您当前提供的OAuth2访问令牌。
您可以通过POST
请求获取Keystone令牌到身份验证终端。由于Keystone中支持的身份验证方法之一是OAuth2,您甚至可以使用从OAuth2身份验证中获取的访问令牌来获取Keystone令牌:
POST /v3/auth/tokens
body:
"auth": {
"identity": {
"methods": [
"oauth2"
],
"oauth2": {
'access_token_id': access_token
}
}
}
您现在可以使用Keystone令牌对SCIM API(或经过身份验证的用户具有权限的任何API端点)执行请求。
希望这对你有所帮助!
请注意,获取用户信息的请求可以正常运行,因为它正在Horizon中的端点执行,而不是Keystone端点。