通过代码 WSO2 Identity Server 配置服务提供者 [英] Configure a service provider via code WSO2 Identity Server
问题描述
我正在尝试配置我的 WSO2 身份服务器以通过 .xml 文件设置服务提供商.以下是我正在采取的步骤:
I am trying to configure my WSO2 Identity Server to set up service providers via a .xml file. Here are the steps I am taking:
- 将服务提供者 .xml 文件粘贴到 $WSO2_HOME/repository/conf/identity/service-providers 文件夹中
- 在新的 WSO2 环境中运行 wso2server.sh 脚本(从不设置,带有空表的数据库)
我在第 1 步中创建的 .xml 文件是使用控制台中的导出"功能创建的,因此我非常确信它设置正确.以防万一,这是代码(出于隐私考虑删除了带有REMOVED"的行):
The .xml file I created in step 1 was created using the "export" feature from the console, so I am pretty confident it is set up correctly. Just in case, this is the code (lines with "REMOVED" were removed for privacy):
<?xml version="1.0" encoding="UTF-8"?><ServiceProvider>
<ApplicationName>__REMOVED__</ApplicationName>
<Description>__REMOVED__</Description>
<InboundAuthenticationConfig>
<InboundAuthenticationRequestConfigs>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>__REMOVED__</InboundAuthKey>
<InboundAuthType>passivests</InboundAuthType>
<InboundConfigType>standardAPP</InboundConfigType>
<Properties/>
</InboundAuthenticationRequestConfig>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>__REMOVED__</InboundAuthKey>
<InboundAuthType>openid</InboundAuthType>
<InboundConfigType>standardAPP</InboundConfigType>
<Properties/>
</InboundAuthenticationRequestConfig>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>__REMOVED__</InboundAuthKey>
<InboundAuthType>oauth2</InboundAuthType>
<InboundConfigType>standardAPP</InboundConfigType>
<inboundConfiguration><![CDATA[<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<oAuthAppDO>
<oauthConsumerKey>__REMOVED__</oauthConsumerKey>
<oauthConsumerSecret>__REMOVED__</oauthConsumerSecret>
<applicationName>__REMOVED__</applicationName>
<callbackUrl></callbackUrl>
<oauthVersion>OAuth-2.0</oauthVersion>
<grantTypes>client_credentials </grantTypes>
<scopeValidators/>
<pkceSupportPlain>true</pkceSupportPlain>
<pkceMandatory>false</pkceMandatory>
<userAccessTokenExpiryTime>3600</userAccessTokenExpiryTime>
<applicationAccessTokenExpiryTime>3600</applicationAccessTokenExpiryTime>
<refreshTokenExpiryTime>84600</refreshTokenExpiryTime>
<idTokenExpiryTime>3600</idTokenExpiryTime>
<audiences/>
<bypassClientCredentials>false</bypassClientCredentials>
<requestObjectSignatureValidationEnabled>false</requestObjectSignatureValidationEnabled>
<idTokenEncryptionEnabled>false</idTokenEncryptionEnabled>
<idTokenEncryptionAlgorithm>null</idTokenEncryptionAlgorithm>
<idTokenEncryptionMethod>null</idTokenEncryptionMethod>
<backChannelLogoutUrl></backChannelLogoutUrl>
<tokenType>JWT</tokenType>
</oAuthAppDO>
]]></inboundConfiguration>
<Properties/>
</InboundAuthenticationRequestConfig>
</InboundAuthenticationRequestConfigs>
</InboundAuthenticationConfig>
<LocalAndOutBoundAuthenticationConfig>
<AuthenticationSteps/>
<AuthenticationType>default</AuthenticationType>
<alwaysSendBackAuthenticatedListOfIdPs>false</alwaysSendBackAuthenticatedListOfIdPs>
<UseTenantDomainInUsername>false</UseTenantDomainInUsername>
<UseUserstoreDomainInRoles>true</UseUserstoreDomainInRoles>
<UseUserstoreDomainInUsername>false</UseUserstoreDomainInUsername>
<EnableAuthorization>false</EnableAuthorization>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs/>
<InboundProvisioningConfig>
<ProvisioningUserStore/>
<IsProvisioningEnabled>false</IsProvisioningEnabled>
<IsDumbModeEnabled>false</IsDumbModeEnabled>
</InboundProvisioningConfig>
<OutboundProvisioningConfig>
<ProvisioningIdentityProviders/>
</OutboundProvisioningConfig>
<ClaimConfig>
<RoleClaimURI/>
<LocalClaimDialect>false</LocalClaimDialect>
<IdpClaim/>
<ClaimMappings>
<ClaimMapping>
<LocalClaim>
<ClaimUri>http://wso2.org/claims/role</ClaimUri>
<claimId>0</claimId>
</LocalClaim>
<RemoteClaim>
<ClaimUri>roles</ClaimUri>
<claimId>0</claimId>
</RemoteClaim>
<RequestClaim>true</RequestClaim>
<MandatoryClaim>false</MandatoryClaim>
</ClaimMapping>
</ClaimMappings>
<AlwaysSendMappedLocalSubjectId>false</AlwaysSendMappedLocalSubjectId>
<SPClaimDialects/>
</ClaimConfig>
<PermissionAndRoleConfig>
<Permissions/>
<RoleMappings/>
<IdpRoles/>
</PermissionAndRoleConfig>
<IsSaaSApp>false</IsSaaSApp>
</ServiceProvider>
启动脚本完成后,在控制台看不到服务提供者:
After the startup script completes, I don't see the service provider in the console:
我注意到了一些奇怪的事情 - 如果我尝试使用控制台手动导入服务提供者,我会在 UI 读取中出现错误:
Something strange I noticed - If I try to import the service provider manually using the console, I get an error on the UI reading:
从文件中导入提供的服务提供者 serviceprovider@carbon.super 时出错
我的控制台输出说:
Caused by: org.wso2.carbon.identity.application.common.IdentityApplicationManagementException: Application with the same name loaded from the file system.
at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.doAddApplication(ApplicationManagementServiceImpl.java:1637)
at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.createApplicationWithTemplate(ApplicationManagementServiceImpl.java:169)
at org.wso2.carbon.identity.application.mgt.ApplicationManagementServiceImpl.importSPApplicationFromObject(ApplicationManagementServiceImpl.java:1025)
... 80 more
我找到了这个错误的源代码,它是 ApplicationManagementServiceImpl.java 文件
I found the source code this error is from and it is the ApplicationManagementServiceImpl.java file
if (ApplicationManagementServiceComponent.getFileBasedSPs().containsKey(applicationName)) {
throw new IdentityApplicationManagementException(
"Application with the same name loaded from the file system.");
}
调用ApplicationManagementServiceComponent.java.
private void buildFileBasedSPList() {
String spConfigDirPath = CarbonUtils.getCarbonConfigDirPath() + File.separator + "identity"
+ File.separator + "service-providers";
FileInputStream fileInputStream = null;
File spConfigDir = new File(spConfigDirPath);
OMElement documentElement;
if (spConfigDir.exists()) {
for (final File fileEntry : spConfigDir.listFiles()) {
try {
if (!fileEntry.isDirectory()) {
fileInputStream = new FileInputStream(new File(fileEntry.getAbsolutePath()));
documentElement = new StAXOMBuilder(fileInputStream).getDocumentElement();
ServiceProvider sp = ServiceProvider.build(documentElement);
if (sp != null) {
fileBasedSPs.put(sp.getApplicationName(), sp);
}
}
} catch (Exception e) {
log.error("Error while loading idp from file system.", e);
} finally {
if (fileInputStream != null) {
try {
fileInputStream.close();
} catch (IOException e) {
log.error("Error occurred while closing file input stream for file " + spConfigDirPath, e);
}
}
抛出错误是因为我的服务提供者目录有一个与服务提供者名称相同的文件,该文件试图通过控制台导入.但是,我的文件系统中的服务提供者首先没有被导入.
The error is thrown because my service provider directory has a file with the same service provider name that is trying to be imported through the console. However, the service provider in my file system wasn't imported in the first place.
所以我在配置服务器时未能导入服务提供程序阻止了我以后通过控制台导入文件.
So my failure to import the service provider when the server gets configured prevents me from importing the files through the console later.
感谢任何帮助.
推荐答案
部署为 $WSO2_HOME/repository/conf/identity/service-providers 文件夹的服务提供者在 UI 中将不可见.但它将在系统中处于活动状态.目前不支持部署文件中的 InboundAuthenticationConfig.但是,您可以在 $WSO2_HOME/repository/conf/identity/sso-idp-config.xml 文件中设置 SAML 配置.
The service providers deployed as the file $WSO2_HOME/repository/conf/identity/service-providers folder will not be visible in the UI. But it will be active in the system. Currently the InboundAuthenticationConfig in the deployed file is not supported. But, you can have the SAML configurations in the $WSO2_HOME/repository/conf/identity/sso-idp-config.xml file.
<SSOIdentityProviderConfig>
<ServiceProviders>
.......
.......
<ServiceProvider>
<Issuer>_InboundAuthKey_</Issuer>
<AssertionConsumerServiceURLs>
<AssertionConsumerServiceURL>_url_</AssertionConsumerServiceURL>
</AssertionConsumerServiceURLs>
......
......
</ServiceProvider>
</ServiceProviders>
</SSOIdentityProviderConfig>
这里的 InboundAuthKey 是 saml InboundAuthenticationRequestConfig
Here the InboundAuthKey is the value of for saml InboundAuthenticationRequestConfig
这篇关于通过代码 WSO2 Identity Server 配置服务提供者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
