文章/答案/技术大牛

发布

问SCIM2在WSO2is中找不到
EN

Stack Overflow用户

提问于 2020-04-05 10:34:58

回答 2查看 401关注 0票数 1

我使用WSO2is 5.9，并在deployment.toml中启用了scim工具，如下所示：

[user_store]:
     scim_enabled=true

我尝试使用以下命令创建一个用户：

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim@KM.COM","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://myidentity.com/scim2/Users

我的部分产出：

* upload completely sent off: 224 out of 224 bytes
< HTTP/1.1 401

如果我通过GET向scim2提出请求，我就会得到这样的消息：

No service was found.

使用curl的另一个错误是：

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"Can not obtain carbon realm service..","status":"500"}* Closing connection 0

在WSO2日志中，我有：

ERROR {org.wso2.carbon.identity.scim2.provider.resources.AbstractResource} - Server error while handling the request. org.wso2.charon3.core.exceptions.CharonException
    at org.wso2.carbon.identity.scim2.common.impl.IdentitySCIMManager.getUserManager(IdentitySCIMManager.java:124)
    at org.wso2.carbon.identity.scim2.provider.resources.GroupResource.processRequest(GroupResource.java:439)
    at org.wso2.carbon.identity.scim2.provider.resources.GroupResource.getGroup(GroupResource.java:305)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:179)
    at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:193)
    at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:103)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
    at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
    at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
    at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
    at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:267)
    at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
    at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
    at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:216)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:301)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:225)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
    at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:276)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:126)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
    at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:92)
    at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:93)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:49)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:146)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.wso2.carbon.tomcat.ext.valves.RequestCorrelationIdValve.invoke(RequestCorrelationIdValve.java:116)
    at org.wso2.carbon.tomcat.ext.valves.RequestEncodingValve.invoke(RequestEncodingValve.java:49)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1587)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)

URL https://myidentity.com/scim/Users可以创建用户，但我不能向新用户添加自定义声明。

wso2-identity-server

wso2

回答 2

Stack Overflow用户

回答已采纳

发布于 2020-04-07 07:22:48

由于您使用的是https://myidentity.com/scim2/Users端点，因此我们假定您试图在超级租户中创建用户。

由于您使用电子邮件作为用户名，管理用户名也应该是电子邮件用户名。如果试图在超级租户中创建用户，请使用以下命令。

 curl -v -k --user admin@gmail.com:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim.jackson@gmail.com","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}'
--header "Content-Type:application/json" https://localhost:9443/scim2/Users

您得到401个未自动生成的错误，因为您没有为超级管理用户使用电子邮件用户名。

如果您试图在承租者中创建一个用户，则管理用户名应该与相应的租户附加电子邮件用户名。而且scim端点也应该是特定于租户的。

给出了当租户是abc.com时的一个例子。

curl -v -k --user admin@gmail.com@abc.com:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim@gmail.com","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}'
--header "Content-Type:application/json" https://localhost:9443/t/abc.com/scim2/Users

您可以参考scim文档以获得进一步的参考：https://is.docs.wso2.com/en/5.9.0/develop/using-the-scim-2.0-rest-apis/

票数 2

Stack Overflow用户

发布于 2020-04-06 03:29:20

您似乎已经将用户名使用为"kim@KM.COM“，其中包含'@‘字符，身份服务器将其解释为电子邮件地址。如果您需要使用电子邮件地址作为用户名，则需要在Identity Server中启用电子邮件地址作为用户名。请参考1来配置它，并使用上面的curl命令以kim@KM.COM作为用户名来创建用户。如果您不需要使用电子邮件地址作为用户名，请尝试使用curl命令。

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

票数 2

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/61041253

复制

相似问题

问SCIM2在WSO2is中找不到
EN

回答 2

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问SCIM2在WSO2is中找不到EN

回答 2

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问SCIM2在WSO2is中找不到
EN