如何将WSO2 API管理器(AM)1.10.0与PingFederate SAML 2.0集成在一起? [英] How to integrate WSO2 API Manager (AM) 1.10.0 with PingFederate SAML 2.0?
问题描述
如何将WSO2 am 1.10.0与PingFederate SAML 2.0集成在一起?有指示吗?
How to integrate WSO2 am 1.10.0 with PingFederate SAML 2.0? Any instructions?
在WSO2网站上,我仅看到有关如何在WSO2产品中设置SSO的文档:
From WSO2 web site, I only saw docs on how to set up SSO among WSO2 products: https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 . But I did not see documentation on how to enable WSO2 AM 1.10.0 with external identity providers such as PingFederate via SAML2.
感谢您的帮助.
***更新:
我按照此处的说明 https://docs .wso2.com/display/AM1100/Configuring + Single + Sign-on + with + SAML2 -仅假设WSO2 IS为PingIdentity.对于大多数而言,它是有效的,但是在订阅API时我无法生成密钥.即使我已登录应用程序和订阅并可以从/store UI创建应用程序,它也会显示无效的凭据".
I followed the instructions here https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2 - just assuming WSO2 IS as PingIdentity. For the mojority part it's working, but I cannot generate keys when subscribing to an API. It says "invalid credentials" even if I have logged into applications and subscriptions and can create applications from /store UI.
推荐答案
我可以确认无需在图片中添加单独的wso2 IS服务器即可完成此操作.我通过以下方式解决了几个问题(无法生成密钥,无法发布API等):我要解决的问题是:1)在api-manager.xml中的ApiKeyValidaor中添加管理员用户,也可以通过管理控制台添加到管理员用户中user-mgt.xml; 2)在api-manager.xml中:
I can confirm that this can be done without adding a separate wso2 IS server into the picture. I fixed several issues (Cannot generate keys, cannot publish APIs, etc..) by: What I did to fix the issue was to 1) add admin user inside ApiKeyValidaor in api-manager.xml also into admin user via management console and into user-mgt.xml; 2) Inside api-manager.xml:
更改以下内容:
https://$ {carbon.local.ip}:$ {mgt.transport.https.port} $ {carbon.context}/services/
https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/
至: https://[FQDN_OF_HOST }:$ {mgt.transport.https.port} $ {carbon.上下文}/services/
to: https://[FQDN_OF_HOST}:${mgt.transport.https.port}${carbon.context}/services/
原因是我的服务器证书仅记录了域名,而不记录IP地址.
Reason is my server certificate only recorded the domain name, not ip address.
The solution was also mentioned here: wso2 am 1.10.0 API Store: "Error occurred while executing the action generateApplicationKey" with " Invalid credentials provided."
这篇关于如何将WSO2 API管理器(AM)1.10.0与PingFederate SAML 2.0集成在一起?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!