问题
Currently i am using wso2 api manager 1.9 store , we have a login page before accessing anything in store . it is working fine for now .
Now , there's a requirement that we have a web application on some other domain having the webservice as well to authorize the users , in wso2 api manager store when we login using admin/admin ,, instead of calling its login.jag(for the authorization in wso2 store) , it must be calling that webservice for the authorization and we can use the same credentials as we already using in that web application.
So for this , in login.js (which is called after clicking the login button in store) , i have changed some code like : ACTUAL CODE
loginbox.login = function (username, password, url,tenant) {
jagg.post("/site/blocks/user/login/ajax/login.jag", { action:"login", username:username, password:password,tenant:tenant },
function (result) {
if (result.error == false) {
if (redirectToHTTPS && redirectToHTTPS != "" && redirectToHTTPS != "{}" &&redirectToHTTPS != "null") {
window.location.href = redirectToHTTPS;
} else if(url){
window.location.href = url;
}else{
window.location.href='site/pages/list-apis.jag';
}
} else {
$('#loginErrorMsg').show();
$('#password').val('');
$('#loginErrorMsg div.theMsg').text(result.message).prepend('<strong>'+i18n.t("errorMsgs.login")+'</strong><br />');
}
}, "json");
CHANGED CODE
loginbox.login = function (username, password, url,tenant) {
$.post(authentication_url,function(result){
if(result.statusCode==200){
//will forward it to list-apis to display the apis
window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'
}
});
With this changed code , i am getting the expected response from the webservice which i am calling ,, but not able to keep them in session cookies ,,because before it was calling site/blocks/user/login/ajax/login.jag which will authorize the user and then check for csrf tokens and lot of other things .
Can anyone please let me know where i am missing OR where i need to change so that users from webservice can be authorised .??
Thanks
回答1:
You cannot pass username and password to /list-api . It does not handle those parameters and set them to session cookie.
window.location.href='site/pages/list-apis?username=test&password=test&tenant=tenant'
I think you might be able to implement something similar to SAML SSO implementation in the api manager. In SAML case, authentication response from the IDP is sent to api manager as a redirection. That request is handled by /store/jagg/jaggery_acs.jag file. Session is set in that location. You might be able to implement similar kind of thing to handle your redirection and set the session there. (I haven't try this)
来源:https://stackoverflow.com/questions/35980177/authorize-user-in-wso2-api-manager