WSO2 身份服务器:编辑位于/repository/conf/identity/service-providers 文件夹中的服务提供者 [英] WSO2 Identity Server: Edit a service provider that was in the /repository/conf/identity/service-providers folder

问题描述

我在

控制台输出:

Caused by: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException:从文件系统加载的同名应用程序.

所以看起来 WSO2 服务器正在识别和加载新的服务提供者(即使在第一次启动之后)，但我无法对他们进行身份验证.尝试针对新服务提供商进行身份验证时的示例响应:

<代码>{"error_description": "无法为 client_id: test 找到有效的 OAuth 客户端",错误":invalid_client"}

解决方案

如果我在控制台中看不到服务提供者，我该如何编辑或删除它?WSO2 提供的一劳永逸"服务提供商设置背后的原因是什么?

本文档 表示您可以重新启动 WSO2 身份服务器以将基于文件的服务提供者和身份提供者配置(放置在 /repository/conf/identity/ 中的配置)应用到系统.

我假设您与以下关于声明配置.

<块引用>

/repository/conf/claim-config.xml 中配置的声明文件仅在您第一次启动产品时应用，或任何新创建的租户.第一次启动时，声称方言和声明将从文件中加载并保存在数据库.不会选择文件的任何连续更新并且声明方言和声明将从数据库中加载.

<块引用>

{"error_description": "无法为 client_id: test 找到有效的 OAuth 客户端","error": "invalid_client" }

这已在您的上一个问题中回答.invalid_client是因为你在sp配置文件中设置了一个client id，但是身份服务器不支持通过这个文件配置InboundAuthenticationConfig.

<块引用>

目前，不支持部署文件中的 InboundAuthenticationConfig.但是，您可以在WSO2_HOME/repository/conf/identity/sso-idp-config.xml 文件.

因此，您可以为此目的使用 SOAP 管理服务.

I have asked a similar question in a previous post, but I think this deserves it's own post.

In WSO2 Identity Server, I understand that service providers can be configured (on first startup only) if they are placed in the folder /repository/conf/identity/service-providers. I also understand that they are not visible through the management console ui if they are configured on first startup.

How do you edit them though? Let's say I want to want to edit the claims of an existing service provider? Change the allowed OAuth grant types? Even delete the service provider?

If I can't see the service provider in the console, how can I edit or delete it?

A follow-up but related question: What's the reasoning behind the "one and done" service provider setup that WSO2 provides? I expect to be adding service providers through the lifetime of my WSO2 implementation and it would be much easier if I could just place a file in a folder (the repository/conf/identity/service-providers folder that only works on first startup) and restart my server instead of going into the UI and performing multiple clicks to configure the service provider manually or upload it manually via file.

EDIT: @sajith pointed out that you should be able to configure service providers even after the server has started up once based on information in this article: https://docs.wso2.com/display/IS570/Configuring+a+SP+and+IdP+Using+Configuration+Files. However, I have not seen it work successfully. I know that something is happening because if I try to upload a service provider through the console (with a file upload) I get an error:

Console output:

Caused by: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Application with the same name loaded from the file system.

So it looks like the WSO2 server is recognizing and loading the new service providers (even after the first startup) but I can't authenticate against them. Example response when attempting to authenticate against a new service provider:

{
    "error_description": "A valid OAuth client could not be found for client_id: test",
    "error": "invalid_client"
}

解决方案

If I can't see the service provider in the console, how can I edit or delete it? What's the reasoning behind the "one and done" service provider setup that WSO2 provides?

This document says you can restart the WSO2 Identity Server to apply the file-based service-provider and identity­-provider configurations (configs which are placed inside <IS_HOME>/repository/conf/identity/) to the system.

I assume you have mixed with the following note regarding claim configurations.

The claims configured in /repository/conf/claim-config.xml file get applied only when you start the product for the first time, or for any newly created tenants. With the first startup, claim dialects and claims will be loaded from the file and persisted in the database. Any consecutive updates to the file will not be picked up and claim dialects and claims will be loaded from the database.

Edit:

{ "error_description": "A valid OAuth client could not be found for client_id: test", "error": "invalid_client" }

This is already answered in your previous question. invalid_client comes because you are setting a client id in the sp config file, but the identity server does not support to configure InboundAuthenticationConfig through this file.

Currently, the InboundAuthenticationConfig in the deployed file is not supported. But, you can have the SAML configurations in the WSO2_HOME/repository/conf/identity/sso-idp-config.xml file.

Therefore, you may use SOAP admin services for that purpose.

这篇关于WSO2 身份服务器:编辑位于/repository/conf/identity/service-providers 文件夹中的服务提供者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！