发表新帖
发表新帖

WSO2 Identity Server - How to assign an existing role to a WSO2 IS user?

前端 未结
关注
2 1914
日久生厌
日久生厌 2021-01-15 17:50

I am using WSO2 Identity Server 4.1.0. My requirement is to assign an existing role to a user created in the WSO2 default identity store. I have tried the following:

相关标签:
2条回答
  • 暗喜
    2021-01-15 18:32

    Use PATCH operation:

    Nodejs Sample code for SCIM2 (WSO2 Identity server 5.6):

    //roleId is GUID generated after creating group. 
// token is the bearer token generated via client credential or password credential

function assignRoleToUser(token, user, roleId) {
var groupId = roleId;
var rp = require('request-promise');
var options = {
    uri: <identity_provider_hostname:port/scim2/Groups> + '/' + groupId,
    method: 'PATCH',
    json: true,
    headers: {
        'Content-Type': 'application/json',
        'Authorization': token
    },
    body:
    {
        schemas: ['urn:ietf:params:scim:api:messages:2.0:PatchOp'],
        Operations: [
            {
                op: 'add',
                value: {
                    members: [
                        {
                            display: user.userName,
                            value: user.id
                        }
                    ]

                }
            }]
    }
};
return rp(options);

    }

    Only drawback of this API is that, it returns array containing all members of that group after success. Not optimized if group has thousands or millions of users.

    0 讨论(0)
  • 情歌与酒
    2021-01-15 18:46

    I assume you have the SCIM Id for the role and it is 'c83dc72c-15c2-40f2-bffffd-4acb086b9e17'. And user store is configured properly so the user and role is in the same user store.

    If the above conditions are true, you can do the following to achieve the task.

    1. Create the user with curl command (here you are using SCIM)
    2. Update the group with the PUT method with the user's SCIM ID.

    For example,

    curl -v -k --user admin:admin -X PUT -d "{"displayName": 'Engineer' ,"members": [{"value":"334d988a-5e68-4594-8b96-356adeec29f1","display": "venura"}, {"value":"p09okhyt-5e68-4594-8mkj-356ade12we34","display": "testUser"}]}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Groups/c83dc72c-15c2-40f2-bffffd-4acb086b9e17

    For more details please check the below link [1] in order to get a clear idea on how you can use PUT to update the role/ group.

    [1] http://hasini-gunasinghe.blogspot.com/2012/11/wso2-identity-server-as-scim-service.html

    0 讨论(0)
 看不清?
提交回复
热议问题