WSO2-为用户获取活动会话 [英] WSO2 - Get active sessions for user

查看:95
本文介绍了WSO2-为用户获取活动会话的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们正在使用WSO2进行身份验证(SAML/SSO).

We are using WSO2 for authentication (SAML/SSO).

我不知道如何判断用户是否已经登录(以防止并发登录).其他SO问题表明,使用WSO2 IS Analytics和不使用WSO2 IS Analytics都可以知道.我希望也不必运行WSO2 IS Analytics(这被暗指到

I don't know how to tell if a user is already logged in (in order to prevent concurrent logins). Other SO questions have indicated this is possible to know both with WSO2 IS Analytics and without. I would prefer to not have to run WSO2 IS Analytics as well (this is alluded to here, but never clarified. Further, I can see the IDN_AUTH_SESSION_STORE table being populated and referred to during login, but that is using SESSION_ID (which is passed by the commonAuth cookie).

所以我正在寻找这个问题的直接答案:在Auth流程中,我们如何确定给定的用户是否已经登录?

So I'm looking for a direct answer to this question: during the Auth flow, how can we tell if the given user is already logged in?

推荐答案

在不使用分析功能的情况下,在WSO2 Identity Server中不支持查询用户登录的用户会话.让我解释一下原因.

Without using the analytics, querying logged in user sessions by a user is not supported out of the box in WSO2 Identity Server. Let me explain why.

当用户通过WSO2 Identity Server进行身份验证时,将创建一个会话.这些会话根据WSO2实现中的commonAuthId cookie存储为会话上下文对象.这些会话对象中包含有关已登录用户的信息.因此,如果要获取特定用户的会话,则必须查询所有活动的会话,并逐一匹配用户以遍历所有活动的会话.

When a user authenticates with the WSO2 Identity Server, a session is created. These sessions are stored as session context objects, against the commonAuthId cookie in WSO2 implementation. Information about the logged in user is inside these session objects. Therefore if we want to get the session for a particular user, we have to query all active sessions and go through all of them one by one matching the user.

作为替代方案,您可以编写一个自定义数据发布器模块,该模块将针对每个用户的会话数据持久化,然后可以使用这些数据来防止并发登录.我有一个博客帖子就是为此确切用例编写的.

As an alternative, you can write a custom data publisher module which persists session data against each user and then you can use these data to prevent concurrent logins. I have a blog post written for this exact use case.

希望这会有所帮助.

这篇关于WSO2-为用户获取活动会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆