我正在尝试使用WSO2 v5.3.0在SCIM协议下执行用户配置。当我添加用户并删除它们时,每个工作正常:
创建用户:
>> curl -v -k --user user:passwd --data "{"schemas":[],"name":{"familyName":"somefamily","givenName":"somename"},"userName":"somename@mail.com","password":"abc123","emails":[{"primary":true,"value":"fulano.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}" --header "Content-Type:application/json" https://wso2-server/wso2/scim/Users
服务器成功发送json回复:
<< {"emails":[{"type":"home","value":"fulano.com"},{"type":"work","value":"hasini_work.com"}],"meta":{"created":"2017-09-27T19:46:59","location":"https://wso2-server/wso2/scim/Users/8459be3e-1950-4c0d-8833-9d789dc2eabb","lastModified":"2017-09-27T19:46:59"},"schemas":["urn:scim:schemas:core:1.0"],"name":{"familyName":"somefamily","givenName":"somename"},"id":"8459be3e-1950-4c0d-8833-9d789dc2eabb","userName":"PRIMARY/somename@mail.com"}
当我尝试更新现有用户的信息时出现问题:
>> curl -v -k --user user:passwd -X PUT --data "{"schemas":[],"name":{"familyName":"somefamily","givenName":"somename"},"userName":"somename@mail.com","password":"abc123bca","emails":[{"primary":true,"value":"somename@fulano.com","type":"home"},{"value":"hasini_work.com","type":"work"}]}" --header "Content-Type:application/json" https://wso2-server/wso2/scim/Users/8459be3e-1950-4c0d-8833-9d789dc2eabb
服务器抱怨:
<< {"Errors":[{"code":"500","description":"Error while updating attributes of user: somename@mail.com"}]}
请注意,如果我使用OAuth进行身份验证,
首先获取身份验证令牌,
>> curl -v -X POST -H "Authorization: Basic XXXXKEYXXXXXX" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=client_credentials" https://wso2-server/oauth2/token
<< {"access_token":"xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx","token_type":"Bearer","expires_in":1147}
>> curl -v -k -X PUT -d '{"schemas":[],"userName":"somename@mail.com","mail":"somename@fulano.com", "password": "2345acdr"}' --header "Authorization: Bearer xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" --header "Content-Type:application/json" https://wso2-server/wso2/scim/Users/8459be3e-1950-4c0d-8833-9d789dc2eabb
服务器再次使用状态500和java异常转储进行投诉:
<< <html><head><title>Apache Tomcat/7.0.73 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - org.apache.cxf.interceptor.Fault</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>org.apache.cxf.interceptor.Fault</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>java.lang.RuntimeException: org.apache.cxf.interceptor.Fault
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:116)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:336)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPut(AbstractHTTPServlet.java:226)
javax.servlet.http.HttpServlet.service(HttpServlet.java:653)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
</pre></p><p><b>root cause</b> <pre>org.apache.cxf.interceptor.Fault
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:170)
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:136)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPut(AbstractHTTPServlet.java:226)
javax.servlet.http.HttpServlet.service(HttpServlet.java:653)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
</pre></p><p><b>root cause</b> <pre>java.lang.NullPointerException
org.wso2.carbon.identity.core.util.IdentityUtil.extractDomainFromName(IdentityUtil.java:588)
org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.getAuthorizedDomainUser(SCIMUserManager.java:1666)
org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.getUser(SCIMUserManager.java:224)
org.wso2.carbon.identity.scim.provider.impl.SCIMUserManager.updateUser(SCIMUserManager.java:395)
org.wso2.charon.core.protocol.endpoints.UserResourceEndpoint.updateWithPUT(UserResourceEndpoint.java:522)
org.wso2.carbon.identity.scim.provider.resources.UserResource.updateUser(UserResource.java:261)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPut(AbstractHTTPServlet.java:226)
javax.servlet.http.HttpServlet.service(HttpServlet.java:653)
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
但是,可以通过DELETE请求成功删除用户
>> curl -v -k --user user:passwd -X DELETE https://wso2-server/wso2/scim/Users/8459be3e-1950-4c0d-8833-9d789dc2eabb -H "Accept: application/json"
所以我的问题是:这个奇怪的行为是由于配置错误引起的,或者是WSO2-IS中的错误?
答案 0 :(得分:0)
两件事:
尝试在没有密码字段的情况下更新用户。我记得这是SCIM API在pevious版本中的局限性。此特定操作(更新密码)应通过特定的SOAP调用完成:https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs#ManagingUsersandRoleswithAPIs-updateCredential()
对于SCIM API上的OAuth,您是否将其设置为入站配置的服务提供商? :https://docs.wso2.com/display/IS530/Setting+Up+Service+Provider+for+Inbound+Provisioning
杰夫