我已将WSO2 API Manager 2.0.0配置为将内部用户存储设为主用户,将LDAP设置为辅助用户存储。我可以使用LDAP用户登录Carbon,Publisher和Store UI。我的目标是允许LDAP用户使用Publisher REST API,我所遵循的步骤如下;
创建服务提供商
curl -X POST -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{ "clientName": "rest_api_publisher", "tokenScope": "Production", "owner": "admin", "grantType": "password refresh_token", "saasApp": true }' "http://localhost:9763/client-registration/v0.10/register"
响应
{
"jsonString": "{\"username\":\"admin\",\"redirect_uris\":null,\"client_name\":\"admin_rest_api_publisher\",\"grant_types\":\"urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm refresh_token client_credentials password\"}",
"appOwner": null,
"clientName": null,
"callBackURL": null,
"isSaasApplication": true,
"clientId": "N2GP9igHPkEcotmyE6ccyPLBeh0a",
"clientSecret": "qHO0ZFsaGDGGEaHO_4PXgKOXVWYa"
}
获取管理员用户的访问令牌
curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=admin&password=admin&scope=apim:api_view%20apim:api_publish%20apim:api_create"
响应
{
"scope": "apim:api_create apim:api_publish apim:api_view",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "787b34a2-55eb-3baa-b83a-7041959781ce",
"access_token": "2b7ad48c-67d8-3ebc-acd8-1d02aca85fdd"
}
正如您在本案中所看到的,范围包含我所要求的所有范围。有了这个令牌,我可以查询并添加新API并发布它们。我遇到的问题是,当我对LDAP用户执行相同操作时,范围是默认的。
(P.S。:我的二级域名是mzaferyahsi.com)
获取ldap用户的访问令牌
curl -X POST -H "Authorization: Basic TjJHUDlpZ0hQa0Vjb3RteUU2Y2N5UExCZWgwYTpxSE8wWkZzYUdER0dFYUhPXzRQWGdLT1hWV1lh" -H "Cache-Control: no-cache" "https://localhost:8243/token?grant_type=password&username=mzaferyahsi.com/<<username>>&password=<<password>>&scope=apim:api_view%20apim:api_publish%20apim:api_create"
响应
{
"scope": "default",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "2a519b92-2fe8-3b85-8da8-6ea8b2eceb6e",
"access_token": "874aac4f-c441-3927-bd1b-cce859e58988"
}
有人遇到过这个问题吗?任何解决方案都表示赞赏。