1

I am using WSO2 Identity Server 4.1.0. My requirement is to assign an existing role to a user created in the WSO2 default identity store. I have tried the following:

  1. Create a user with a role assigned to him:

    curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"FN_atest2","givenName":"LN_atest2"},"userName":"atest2","password":"perf","groups":[{"value":"c83dc72c-15c2-40f2-bddd-4acb086b9e17","display":"Employee"}]}" --header "Content-Type:application/json" `https://localhost:9443/wso2/scim/Users`

  2. Update the user after it is created:

    curl -v -k --user admin:admin -X PUT --data "{"schemas":[],"name":{"familyName":"FN_atest2","givenName":"LN_atest2"},"userName":"atest2","password":"perf","groups":[{"value":"c83dc72c-15c2-40f2-bddd-4acb086b9e17","display":"FleetPlanner"}]}" --header "Content-Type:application/json" `https://localhost:9443/wso2/scim/Users/17ebb35d-62af-4cd3-b440-21bcf80714fc`

Neither one of the above assigns the user to the "FleetPlanner" role. How do I assign an existing role to a newly created or an existing WSO2 IS user?

4

2 回答 2

2

我假设您有该角色的 SCIM Id,它是“c83dc72c-15c2-40f2-bddd-4acb086b9e17”。并且用户存储配置正确,因此用户和角色位于同一个用户存储中。

如果以上条件为真,则可以执行以下操作来完成任务。

  1. 使用 curl 命令创建用户(这里您使用的是 SCIM)
  2. 使用用户的 SCIM ID 使用 PUT 方法更新组。

例如,

curl -v -k --user admin:admin -X PUT -d "{"displayName": 'Engineer' ,"members": [{"value":"334d988a-5e68-4594-8b96-356adeec29f1","display": "venura"}, {"value":"p09okhyt-5e68-4594-8mkj-356ade12we34","display": "testUser"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/c83dc72c-15c2-40f2-bddd-4acb086b9e17

有关更多详细信息,请查看以下链接 [1],以便清楚了解如何使用 PUT 更新角色/组。

[1] http://hasini-gunasinghe.blogspot.com/2012/11/wso2-identity-server-as-scim-service.html

于 2013-11-05T09:40:35.643 回答
0

使用 PATCH 操作:

SCIM2 的 Nodejs 示例代码(WSO2 身份服务器 5.6):

//roleId is GUID generated after creating group. 
// token is the bearer token generated via client credential or password credential

function assignRoleToUser(token, user, roleId) {
var groupId = roleId;
var rp = require('request-promise');
var options = {
    uri: <identity_provider_hostname:port/scim2/Groups> + '/' + groupId,
    method: 'PATCH',
    json: true,
    headers: {
        'Content-Type': 'application/json',
        'Authorization': token
    },
    body:
    {
        schemas: ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
        Operations: [
            {
                op: 'add',
                value: {
                    members: [
                        {
                            display: user.userName,
                            value: user.id
                        }
                    ]

                }
            }]
    }
};
return rp(options);

}

此 API 的唯一缺点是,它在成功后返回包含该组所有成员的数组。如果组有数千或数百万用户,则未优化。

于 2018-09-25T01:48:32.103 回答