WSO2 Identity Server - How to assign an existing r

2019-02-20 04:35发布

站内问答 / 前沿技术
380 2 4

I am using WSO2 Identity Server 4.1.0. My requirement is to assign an existing role to a user created in the WSO2 default identity store. I have tried the following:

  1. Create a user with a role assigned to him:

    curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"FN_atest2","givenName":"LN_atest2"},"userName":"atest2","password":"perf","groups":[{"value":"c83dc72c-15c2-40f2-bddd-4acb086b9e17","display":"Employee"}]}" --header "Content-Type:application/json" `https://localhost:9443/wso2/scim/Users`

  2. Update the user after it is created:

    curl -v -k --user admin:admin -X PUT --data "{"schemas":[],"name":{"familyName":"FN_atest2","givenName":"LN_atest2"},"userName":"atest2","password":"perf","groups":[{"value":"c83dc72c-15c2-40f2-bddd-4acb086b9e17","display":"FleetPlanner"}]}" --header "Content-Type:application/json" `https://localhost:9443/wso2/scim/Users/17ebb35d-62af-4cd3-b440-21bcf80714fc`

Neither one of the above assigns the user to the "FleetPlanner" role. How do I assign an existing role to a newly created or an existing WSO2 IS user?

2条回答
Animai°情兽
2楼-- · 2019-02-20 04:54

Use PATCH operation:

Nodejs Sample code for SCIM2 (WSO2 Identity server 5.6):

//roleId is GUID generated after creating group. 
// token is the bearer token generated via client credential or password credential

function assignRoleToUser(token, user, roleId) {
var groupId = roleId;
var rp = require('request-promise');
var options = {
    uri: <identity_provider_hostname:port/scim2/Groups> + '/' + groupId,
    method: 'PATCH',
    json: true,
    headers: {
        'Content-Type': 'application/json',
        'Authorization': token
    },
    body:
    {
        schemas: ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
        Operations: [
            {
                op: 'add',
                value: {
                    members: [
                        {
                            display: user.userName,
                            value: user.id
                        }
                    ]

                }
            }]
    }
};
return rp(options);

}

Only drawback of this API is that, it returns array containing all members of that group after success. Not optimized if group has thousands or millions of users.

查看更多
0人赞 添加讨论(0) 举报
Summer. ? 凉城
3楼-- · 2019-02-20 05:04

I assume you have the SCIM Id for the role and it is 'c83dc72c-15c2-40f2-bffffd-4acb086b9e17'. And user store is configured properly so the user and role is in the same user store.

If the above conditions are true, you can do the following to achieve the task.

  1. Create the user with curl command (here you are using SCIM)
  2. Update the group with the PUT method with the user's SCIM ID.

For example,

curl -v -k --user admin:admin -X PUT -d "{"displayName": 'Engineer' ,"members": [{"value":"334d988a-5e68-4594-8b96-356adeec29f1","display": "venura"}, {"value":"p09okhyt-5e68-4594-8mkj-356ade12we34","display": "testUser"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/c83dc72c-15c2-40f2-bffffd-4acb086b9e17

For more details please check the below link [1] in order to get a clear idea on how you can use PUT to update the role/ group.

[1] http://hasini-gunasinghe.blogspot.com/2012/11/wso2-identity-server-as-scim-service.html

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)