0

我按照本指南http://docs.cloudfoundry.org/adminguide/uaa-user-management.html创建另一个用户,但在步骤 7 中意外将默认管理员的范围更新为“现有权限 scim.write”。之后,当我尝试使用 './uaac client update admin --authorities' 命令更新范围时,出现以下错误: 

error response:  
{  
  "error": "access_denied",  
  "error_description": "Invalid token does not contain resource id (clients)"  
}

有谁知道如何恢复默认管理员的范围?谢谢!

4

2 回答 2

1

来自 Pivotal 的高级现场工程师。

您可以通过使用 OpsMgr 或部署清单中的凭据连接到 postgres UAAdb 来恢复管理员帐户的组成员身份。以下是您可以与所需组一起使用的示例脚本。不要担心重复行,因为 PK 约束会阻止它们。更新组后,使用 BOSH 滚动重启您的 UAA 服务器。这需要清除 UAA 的内存缓存......不幸的是,没有更优雅的方法。希望这可以帮助。

--client.write
insert into group_membership values ((select id from groups where displayname='clients.write'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--clients.admin
insert into group_membership values ((select id from groups where displayname='clients.admin'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--scim.read
insert into group_membership values ((select id from groups where displayname='scim.read'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--scim.write
insert into group_membership values ((select id from groups where displayname='scim.write'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--password.write
insert into group_membership values ((select id from groups where displayname='password.write'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--clients.read
insert into group_membership values ((select id from groups where displayname='clients.read'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');

--uaa.admin
insert into group_membership values ((select id from groups where displayname='uaa.admin'), (select id from users where username='admin'), 'USER', 'MEMBER', '2015-01-05', 'uaa');
于 2015-01-06T14:17:33.620 回答
0

OP 必须更改了管理员客户端的权限,而不是管理员用户的范围。这将是要运行的语句:

update oauth_client_details set authorities = 'uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin' where client_id = 'admin'
于 2015-11-25T12:30:06.960 回答