尝试将WSO2 AM(3.1.0)配置为仅使用SAML SSO进行身份验证/授权。作为SAML IdP,我们使用Azure AD。
虽然正在努力配置发布者或商店(Dev Portal)以使用SAML SSO(https://apim.docs.wso2.com/en/latest/install-and-setup/setup/sso/okta-as-an-external-idp-using-saml/),但基本的主用户存储仍是用于管理控制台的LDAP(带有开始tls)。我们的目标是摆脱LDAP连接。
当我们配置管理控制台以使用SAML SSO(https://is.docs.wso2.com/en/5.9.0/learn/configuring-saml2-single-sign-on-across-different-wso2-products/)时,我们可以登录到管理控制台。
问题:当管理控制台配置为使用SAML SSO时,那么当开发门户中的用户尝试创建应用程序凭据时,我们将收到以下错误消息
Caused by: org.apache.axis2.AxisFault: Access Denied. Please login first.
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531) ~[axis2_1.6.1.wso2v41.jar:?]
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:382) ~[axis2_1.6.1.wso2v41.jar:?]
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:457) ~[axis2_1.6.1.wso2v41.jar:?]
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) ~[axis2_1.6.1.wso2v41.jar:?]
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) ~[axis2_1.6.1.wso2v41.jar:?]
at org.wso2.carbon.apimgt.keymgt.stub.subscriber.APIKeyMgtSubscriberServiceStub.createOAuthApplicationByApplicationInfo(APIKeyMgtSubscriberServiceStub.java:1348) ~[org.wso2.carbon.apimgt.keymgt.stub_6.6.163.jar:?]
at org.wso2.carbon.apimgt.keymgt.client.SubscriberKeyMgtClient.createOAuthApplicationbyApplicationInfo(SubscriberKeyMgtClient.java:64) ~[org.wso2.carbon.apimgt.keymgt.client_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.createOAuthApplicationbyApplicationInfo_aroundBody42(AMDefaultKeyManagerImpl.java:720) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.createOAuthApplicationbyApplicationInfo(AMDefaultKeyManagerImpl.java:715) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.createApplication_aroundBody0(AMDefaultKeyManagerImpl.java:125) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.createApplication(AMDefaultKeyManagerImpl.java:91) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication_aroundBody8(AbstractApplicationRegistrationWorkflowExecutor.java:145) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:123) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication_aroundBody6(AbstractApplicationRegistrationWorkflowExecutor.java:119) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:116) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete_aroundBody2(ApplicationRegistrationSimpleWorkflowExecutor.java:78) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:66) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute_aroundBody0(ApplicationRegistrationSimpleWorkflowExecutor.java:54) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:47) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration_aroundBody144(APIConsumerImpl.java:3876) ~[org.wso2.carbon.apimgt.impl_6.6.163.jar:?]
首先,我假设问题出在管理服务的不同身份验证器上,但是用户可以创建和发布API,并在开发门户中创建应用程序。生成应用程序凭证时发生异常。
有什么想法吗?
答案 0 :(得分:0)
您有多个关键经理吗?如果是,请确保已在LB级别启用粘性。