在 wso2 api 管理器中授权用户 [英] authorize user in wso2 api manager

问题描述

目前我正在使用 wso2 api manager 1.9 商店，在访问商店中的任何内容之前我们有一个登录页面.它现在工作正常.

Currently i am using wso2 api manager 1.9 store , we have a login page before accessing anything in store . it is working fine for now .

现在，我们需要在其他域上有一个 web 应用程序，该应用程序也有 webservice 来授权用户，当我们使用 admin/admin 登录时，在 wso2 api 管理器存储中，而不是调用它的 login.jag(对于 wso2 商店中的授权)，它必须调用该 Web 服务进行授权，我们可以使用与该 Web 应用程序中已经使用的凭据相同的凭据.

Now , there's a requirement that we have a web application on some other domain having the webservice as well to authorize the users , in wso2 api manager store when we login using admin/admin ,, instead of calling its login.jag(for the authorization in wso2 store) , it must be calling that webservice for the authorization and we can use the same credentials as we already using in that web application.

为此，在 login.js(单击商店中的登录按钮后调用)中，我更改了一些代码，例如:实际代码

So for this , in login.js (which is called after clicking the login button in store) , i have changed some code like : ACTUAL CODE

 loginbox.login = function (username, password, url,tenant) {

    jagg.post("/site/blocks/user/login/ajax/login.jag", { action:"login", username:username, password:password,tenant:tenant },
                     function (result) {
                         if (result.error == false) {
                             if (redirectToHTTPS && redirectToHTTPS != "" && redirectToHTTPS != "{}" &&redirectToHTTPS != "null") {
                                 window.location.href = redirectToHTTPS;
                             } else if(url){
                                 window.location.href = url;
                             }else{
                                 window.location.href='site/pages/list-apis.jag';
                             }
                         } else {
                             $('#loginErrorMsg').show();
                             $('#password').val('');
                             $('#loginErrorMsg div.theMsg').text(result.message).prepend('<strong>'+i18n.t("errorMsgs.login")+'</strong><br />');
                         }
                     }, "json");

更改代码

    loginbox.login = function (username, password, url,tenant) {
                $.post(authentication_url,function(result){
                if(result.statusCode==200){
                      //will forward it to list-apis to display the apis
    window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'
                }

});

使用此更改后的代码，我从我正在调用的网络服务中获得了预期的响应，但无法将它们保存在会话 cookie 中，因为在它调用 site/blocks/user/login/ajax/login 之前.jag 将授权用户，然后检查 csrf 令牌和许多其他内容.

With this changed code , i am getting the expected response from the webservice which i am calling ,, but not able to keep them in session cookies ,,because before it was calling site/blocks/user/login/ajax/login.jag which will authorize the user and then check for csrf tokens and lot of other things .

任何人都可以让我知道我遗漏的地方或我需要更改的地方，以便可以授权来自网络服务的用户.??

Can anyone please let me know where i am missing OR where i need to change so that users from webservice can be authorised .??

谢谢

推荐答案

您不能将用户名和密码传递给/list-api .它不处理这些参数并将它们设置为会话 cookie.

You cannot pass username and password to /list-api . It does not handle those parameters and set them to session cookie.

window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'

我认为您可以实现类似于 SAML SSO 实现.在 SAML 情况下，来自 IDP 的身份验证响应作为重定向发送到 api 管理器.该请求由/store/jagg/jaggery_acs.jag 文件处理.会话设置在该位置.您也许能够实现类似的事情来处理您的重定向并在那里设置会话.(这个我没试过)

I think you might be able to implement something similar to SAML SSO implementation in the api manager. In SAML case, authentication response from the IDP is sent to api manager as a redirection. That request is handled by /store/jagg/jaggery_acs.jag file. Session is set in that location. You might be able to implement similar kind of thing to handle your redirection and set the session there. (I haven't try this)

这篇关于在 wso2 api 管理器中授权用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！