WSO2 身份服务器密钥管理器中的辅助 JDBC 用户存储的登录/角色/权限问题 [英] login/Role/Permission Issue with Secondary JDBC User Store in WSO2 Identity Server Key Manager

问题描述

我想为 JDBC[MySQL] 添加 SecondaryJDBCUserStore，添加成功，但我遇到登录、角色和权限问题

我在不同的 VM 上运行 WSO2 IS KM 和 WSO2 AM.我已经删除了嵌入式 LDAP 并将 AD[LDAP] 实现为主要用户存储，并且它与预期的所有角色和权限完美配合.最近我为 JDBC[MySQL] 添加了 SecondaryJDBCUserStore，但我遇到了角色和权限问题.以下是步骤:

1. 从 CARBON UI 添加了 SecondaryJDBCUserStore - 成功
2. SecondaryJDBCUserStore 在用户存储列表中的可见性 - 成功
3. 将用户添加到 SecondaryJDBCUserStore- 成功
4. 将角色添加到 SecondaryJDBCUserStore-

<块引用>

失败【有时获取不到SecondaryJDBCUserStore的域在添加角色/不知何故添加角色时SecondaryJDBCUserStore，点击后在 CARBON UI 中不可见关于角色.]

5. 为SecondaryJDBCUserStore的用户分配订阅权限-失败[

<块引用>

当用户不允许存储时出现错误，HTTP 403] 用户不是允许存储，HTTP 403

解决方案

根据你上面所说的有几种情况可能发生.

1. 您是否从添加辅助用户存储的同一节点添加用户和角色?例如，如果您在身份服务器节点中添加了辅助用户存储，您是否在该节点中添加了它自己的用户和角色?如果不尝试这样做.

2. JDBC 用户存储可能存在连接问题(因为您有时提到域未显示)您可以尝试添加 LDAP 作为辅助用户存储，看看它是否按预期工作.通过这种方式，我们试图将所有东西都放在同一个环境中，看看是否存在连接问题

3. 如果在添加用户存储或添加用户/角色时 wso2carbon.log 文件中打印了任何错误日志，您可以尝试检查这些日志以提供有关问题的更多上下文.

I want to add SecondaryJDBCUserStore for JDBC[MySQL],added successfully, but i am getting issue with login,roles and permission

I am running WSO2 IS KM and WSO2 AM on diffrent VM. I have removed embedded LDAP and implemented AD[LDAP] as primary user store and it is working perfect with all roles and permission as expected. Recently I have added SecondaryJDBCUserStore for JDBC[MySQL] but i am getting issue with roles and permission.Below are the steps:

1. Added SecondaryJDBCUserStore from CARBON UI - Success
2. SecondaryJDBCUserStore visibility in User Store List- Success
3. Added Users to SecondaryJDBCUserStore- Success
4. Added Roles to SecondaryJDBCUserStore-

Failed [Sometimes not getting the domain of SecondaryJDBCUserStore while adding Roles/ Somehow if roles are added for SecondaryJDBCUserStore, it is not visible in CARBON UI after clicking on Roles.]

5. Assigned Subscribe Permission to User Of SecondaryJDBCUserStore- Falied[

Getting Error as User is not permitted to Store, HTTP 403] User is not permitted to Store,HTTP 403

解决方案

According to what you have stated above there are several things that can happen.

1. Are you adding users and roles from the same node that you have added the secondary userstore? For example if you have added the secondary user store in you Identity server node are you adding the users and roles in that node it self? If not try doing that.

2. There is a possibility of a connectivity issue for the JDBC userstore (since you have mentioned sometimes domain is not showing) You can try adding a LDAP as a secondary userstore and see if it is working as expected. By this we are trying to bring everything in the same environment to see if there is a connectivity issue

3. If there any error logs printed in the wso2carbon.log file either when adding the userstore or when adding users/roles, you can try checking those logs to give more context to the issue.

这篇关于WSO2 身份服务器密钥管理器中的辅助 JDBC 用户存储的登录/角色/权限问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！