的oauth2 - WSO2 API Manager和Identity Server集成 [英] oAuth2 - WSO2 API Manager and Identity Server Integration
问题描述
我想实现基于OAuth2用户在其由WSO2身份服务器(Auth服务器)和API管理器生成的标记被用作网关(资源服务器)的架构。
I would like to implement an architecture based on oAuth2 in which the token is generated by the WSO2 identity server (Auth Server) and the API manager is used as the Gateway (resource server).
我的理解有必要修改 Identity_Server /库/ conf目录/ carbon.xml ,并设置值false元素< HideAdminServiceWSDLs>假< / HideAdminServiceWSDLs> ,以便能够通过身份暴露服务器验证令牌的管理服务。此外,我认为这是必要的配置APIManager.xml配置API管理器来查看使用由服务器身份暴露的服务令牌验证。
I understood it's necessary to change the Identity_Server/repository/conf/carbon.xml and set the value false for the element <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs> in order to enable the admin Service of token validation exposed by the Identity Server. Also I think it's necessary to configure the APIManager.xml to configure the API manager to check the token validation using a service exposed by the identity server.
但遗憾的是具体的资料不提供 https://开头的文档.wso2.org /显示/ AM140 /配置+ API-manager.xm 。有人可以帮助我了解如何实现自己的目标?
But unfortunately the specific documentation is not available at https://docs.wso2.org/display/AM140/Configuring+api-manager.xm. Can someone help me understand how to achieve my goal ?
推荐答案
如果它是正确的假设,你想要的是,确保与OAuth的一个暴露的REST API,使用WSO2的话,那么下面的链接[1]会帮你
If it's correct to assume what you want is to, secure a exposed rest API with OAuth, using WSO2 IS, then the following link [1] will help you.
不过,由于您使用的是WSO2 API经理,如果没有其他的限制,你可以简单地实现从API经理本身这个令牌生成功能。有通过API-M曝光的OathTokenEndPoint。您可以拨打这个端点客户端密钥和密码获得令牌。[2]
But since you are using WSO2 API manager, if there is no other restriction you can simply achieve this token generation functionality from API-manager itself. There is an OathTokenEndPoint exposed by API-M. You can call this endpoint with client-key and secret to get a token.[2]
[1] - http://movingaheadblog.blogspot.com/2014/02/securing-your-web-service-with-oauth2.html
[2] - <一href=\"https://docs.wso2.org/display/IS410/OAuth+2.0+Grant+Types+with+WSO2+API+Manager+Authorization+$c$c\" rel=\"nofollow\">https://docs.wso2.org/display/IS410/OAuth+2.0+Grant+Types+with+WSO2+API+Manager+Authorization+$c$c
这篇关于的oauth2 - WSO2 API Manager和Identity Server集成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
