关于wso2is 5.4版和scim2组的问题 [英] Questions about wso2is version 5.4 and scim2 groups
问题描述
我在 5.4 版中使用 wso2is 和 ldap 只读用户存储.我启用了 scim2,并且可以按预期通过/scim2/Users 界面列出用户.当我尝试通过调用/scim2/groups 接口列出组时,只返回 2 个组:PRIMARY/admin 组 - 我猜这是一个内部组和另一个从 ldap 获得的组.如果我从管理控制台列出角色(组),则会列出更多从 LDAP 导入的角色,奇怪的是,与 Groups 命令列出的组对应的角色不可见.当我调用/Users 命令时,控制台消息会被记录:
I am using wso2is in version 5.4 with ldap readonly user store. I have scim2 enabled and I am able to list users via the /scim2/Users Interface as expected. When I try to list the groups by calling the /scim2/groups Interface, only 2 groups are returned: the PRIMARY/admin group - I guess this is an internal group and another group, which is obtained from ldap. If I list the roles (groups) from the admin console, much more roles are listed, which are imported from LDAP, oddly enough the role corresponding to the group listed by the Groups Command is not visible. When I call the /Users command, on the console messages are logged:
[2018-02-06 12:49:02,798] DEBUG {org.wso2.carbon.identity.scim2.common.group.SCIMGroupHandler} - The group MID.Portal.Consulting is not a SCIM group. Skipping..
这条消息是什么意思?
另一个问题:wso2 文档 指出从 5.4.0 开始,SCIM2.0 支持 OOTB 和 WSO2 IS."在 identity.xml 文件中有 EventListener-Entries
Another question: The wso2 documentation states "From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS." Have the EventListener-Entries in the identity.xml File
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
orderId="90" enable="false"/>
<!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener"
orderId="93" enable="true"/>
有什么意义吗?
推荐答案
Identity Server 有 2 个单独的 SCIM 1.1 和 2.0 实现.在 IS 5.4.0 之前,只有 SCIM 1.1 实现与产品一起打包 OOTB.SCIM 2.0 实现可在 connector store 中下载并安装到 Identity Server.从 IS 5.4.0 开始,1.1 和 2.0 实现都可以在产品中使用.
Identity Server has 2 seperate implementations for SCIM 1.1 and 2.0. Prior to IS 5.4.0, only the SCIM 1.1 implementation is packed OOTB with the product. SCIM 2.0 implementation is available in connector store to download and install to Identity Server. From IS 5.4.0 onward, both 1.1 and 2.0 implementations are OOTB available in the product.
未在只读用户存储中显示组的问题实际上是 Identity Server 中的一个限制.从用户存储中仅读取组名和成员.组 ID 和与组相关的所有其他元数据都在 Identity Server 数据库中维护.仅当从 Identity Server 创建组时,才会生成组的 ID.因此,由于此限制,SCIM 组操作将无法在只读用户存储中正常工作.
The issue with not showing the groups in your read-only userstore, is actually a limitation in the Identity Server. Only the group name and the members are read from userstore. Group Id and all the other metadata related to the group are maintained inside the Identity Server database. Id for the group is generated only when the group is created from the Identity Server. So SCIM group operations will not work properly with read-only userstores because of this limitation.
由于您的用户存储是只读的,因此更改 EventListener 不会有太大区别.但最好做适当的配置.如果userstore是可读写的,你一定要做这个配置.
As your user store is readonly, there wouldn't be much of a difference in changing the EventListener. But its better to do the proper config. If there userstore is read-write, you have to definitely do this config.
这篇关于关于wso2is 5.4版和scim2组的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
