为什么我不能使用辅助用户商店帐户的电子邮件地址登录wso2 api商店

时间:2017-10-20 11:20:10

标签: wso2-am

问题

我正在尝试使用辅助用户商店中的帐户登录我们的API商店,每次尝试都会导致以下错误

  

错误!登录失败。请重新检查用户名和密码,然后重试。

调试

似乎有效

我可以在主要商店开帐户,
用户名:fred@text.com
密码:密码

此用户可以毫无问题地登录。

辅助用户存储是指向Oracle数据库的JDBC连接,名为storeTwo。 我可以在碳管理界面中看到总共49,000的用户以及他们拥有的角色。 我已尽可能允许这些用户的一部分。

什么不起作用

当我从其中一个帐户尝试登录时,我收到上述错误。

我不知道这里的问题是什么。

对我来说,当我尝试登录时,wso2似乎没有检查二级商店。

其他信息

  • 服务器操作系统:Centos 6
  • wso2版本:2.1.0
  • wso2 info:wso2 API Manager的独立设置。

配置文件

storeTwo.xml 

  <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
    <Property name="url">jdbc:oracle:thin:@<IP>:<HOST></Property>
    <Property name="userName"><user></Property>
    <Property encrypted="true" name="password"><pasword></Property>
    <Property name="driverName">oracle.jdbc.driver.OracleDriver</Property>
    <Property name="Disabled">false</Property>
    <Property name="ReadOnly">true</Property>
    <Property name="ReadGroups">true</Property>
    <Property name="WriteGroups">true</Property>
    <Property name="UsernameJavaRegEx">^[\S]{5,30}$</Property>
    <Property name="UsernameJavaScriptRegEx">^[\S]{5,30}$</Property>
    <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
    <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
    <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
    <Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
    <Property name="RolenameJavaRegEx">^[\S]{5,30}$</Property>
    <Property name="RolenameJavaScriptRegEx">^[\S]{5,30}$</Property>
    <Property name="CaseInsensitiveUsername">true</Property>
    <Property name="SCIMEnabled">false</Property>
    <Property name="IsBulkImportSupported">false</Property>
    <Property name="PasswordDigest">MD5</Property>
    <Property name="MultiAttributeSeparator">,</Property>
    <Property name="StoreSaltedPassword">false</Property>
    <Property name="MaxUserNameListLength">100</Property>
    <Property name="MaxRoleNameListLength">100</Property>
    <Property name="UserRolesCacheEnabled">false</Property>
    <Property name="UserNameUniqueAcrossTenants">false</Property>
    <Property name="validationQuery"/>
    <Property name="validationInterval"/>

carbon.xml 

...
<LoginConfig>
  <UserIdLogin  primary="true">
    <ClaimUri></ClaimUri>
  </UserIdLogin>
  <EmailLogin  primary="true">
   <ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
  </EmailLogin>
</LoginConfig>
...

wso2carbon.log 

TID: [-1234] [] [2017-10-20 10:59:49,288]  WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  Failed Administrator login attempt 'temp@example.com[-1234]' at [2017-10-20 10:59:49,288+0100] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -  contentType from the OMOutputFormat =application/soap+xml {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -  contentType returned =application/soap+xml; charset=UTF-8; action="urn:loginResponse" {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -  start writeTo() {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -    preserve=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -    isOptimized=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -    isDoingSWA=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,289] DEBUG {org.apache.axis2.transport.TransportUtils} -  createSOAPEnvelope using Builder (class org.apache.axis2.builder.SOAPBuilder) selected from type (application/soap+xml) {org.apache.axis2.transport.TransportUtils}
TID: [-1234] [] [2017-10-20 10:59:49,289] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} -  end writeTo() {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,290] ERROR {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject} -  Login failed. Please recheck the username and password and try again. {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject}

1 个答案:

答案 0 :(得分:0)

通过设置可写的辅助用户存储,我已经找到了根本问题。当您选择MD5作为密码哈希算法时#39; WSO2似乎做了以下事情。

  

MD5(密码)-binary | base 64 = X03MO1qnZdYdgyfeuILPmQ ==

  

MD5(密码)= 5f4dcc3b5aa765d61d8327deb882cf99

这意味着当wso2检查上面提到的只读二级商店时,密码永远不会(很少)匹配。

1的最后一篇文章有​​一个例子(不是wso2) - 下面是在链接失败时测试终端所需的命令。

  

echo -n密码| openssl dgst -md5 -binary | base64
  echo -n密码| openssl dgst -md5

Example md5 calls

相关问题
最新问题