WSO2 是自定义身份验证器 [英] WSO2 IS custom authenticator

问题描述

我们使用的是 WSO2 IS v5.4.1

We are using WSO2 IS v5.4.1

我们希望根据外部用户数据存储对用户进行身份验证.所需的步骤:

We want to authenticate users based on external user data store. The desired steps:

1. 用户使用用户名和密码通过 Oauth 登录 WSO2 IS
2. 登录请求被转发到外部服务，该服务通过给定的用户名和密码对用户进行身份验证，而无需通过 WSO2 IS 默认用户存储进行身份验证.
3. 该服务向 WSO2 返回某种所需的响应，并根据此响应执行某种业务逻辑.

我看到有 2 个选项可以实现此目的:

I saw that there are 2 options to achieve this:

1. 实现自定义本地身份验证器
2. 实现自定义联合身份验证器

正确的做法是什么?

谢谢，

推荐答案

根据定义，

1. 本地身份验证器将使用本地用户存储对用户进行身份验证.大概使用用户名和密码.您可以使用内置登录页面来询问用户的凭据并根据本地用户存储对其进行验证.

1. Local authenticators are to authenticate the user with a local user store. Presumably using username and password. You can use inbuilt login page to ask user's credentials and validate it against the local user stores.

联合身份验证器将向第 3 方身份提供者进行身份验证.像谷歌或脸书.在这种情况下，您不会直接询问用户的凭据，而是将用户重定向到第 3 方登录页面，在认证后第 3 方 IDP 将发送结果.

Federated authenticators are to authenticate with 3rd party identity providers. Like Google or Facebook. In this case you won't ask user's credentials directly instead you'll redirect the user to 3rd party login page and after authentication 3rd party IDP will send the result.

通过了解您提供的事实，您似乎需要一个本地身份验证器，您可以在其中直接询问用户的凭据并根据用户存储进行身份验证.

By understanding the facts that you have provided, it seems you need a local authenticator where you can ask the user's credentials directly from them and authenticate against the user store.

PS:如果您可以直接与用户存储通信(不使用任何 API)并且它是 OOTB 支持的用户存储(LDAP 或 JDBC)，您可以直接将其插入为辅助用户存储(甚至作为主要用户存储)用户存储)并在不使用任何自定义的情况下对其进行身份验证.

PS: If you can directly communicate with the user store (Without using any API) and it's a OOTB supported user store (LDAP or JDBC), you can directly plug in that as a secondary user store (Or even as the primary user store) and authenticate against it without using any customization.

这篇关于WSO2 是自定义身份验证器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！