未添加帐户锁定属性以响应 wso2 中的 scim2 GET 用户 API
Account Locked attribute not getting added in response for scim2 GET Users API in wso2
我正在尝试检索在 WSO2 IS 5.9 版本中已锁定帐户的用户列表。
我在向以下声明添加帐户锁定属性后尝试:
-
urn:ietf:params:scim:schemas:core:2.0
urn:ietf:params:scim:schemas:core:2.0:User
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
我也按照以下 URL 添加了自定义声明:
https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/
{ "attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock",
"attributeName":"accountLock",
"dataType":"boolean",
"multiValued":"false",
"description":"Account lock",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"multiValuedAttributeChildName":"null",
"canonicalValues":[],
"referenceTypes":[]
}
但我仍然无法获取 accountLock 属性以响应 scim2 的 GET Users API。
回应
"totalResults": 10,
"startIndex": 1,
"itemsPerPage": 10,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"emails": [
"divya@abc.com"
],
"meta": {
"created": "2020-06-25T07:49:35.465Z",
"lastModified": "2020-06-25T11:20:13.482Z",
"resourceType": "User"
},
"name": {
"givenName": "guest",
"familyName": "guest"
},
"groups": [
{
"display": "Application/sp1"
},
{
"display": "Application/sp2"
},
{
"display": "Application/Read"
}
],
"id": "9ffbed2e-3703-470c-a2c8-e738f4c09709",
"userName": "guest12"
}
]}```
以下原因可能导致accoutLock属性没有出现在SCIM2 GET用户响应中。
您可能错过了添加新属性(“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock”)作为 [= 的子属性 39=].0:用户对象。 (https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#extending-the-scim-20-api 中的第 3 点。
"subAttributes":accoutLock verifyEmail askPassword employeeNumber costCenter organization division department manager")
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"attributeName":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"dataType":"complex",
"multiValued":"false",
"description":"Enterprise User",
"required":"false",
"caseExact":"false",
"mutability":"readWrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"accoutLock verifyEmail askPassword employeeNumber costCenter organization division department manager",
"canonicalValues":[],
"referenceTypes":["external"]
}```
如果您使用默认的 LDAP 用户存储,添加的自定义声明 (https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#add-the-custom-claim) 的映射属性应该是 LDAP 架构中的现有属性。 (但是,如果您犯了这个错误,您将无法 update/add 声明价值。它会出现 One or more attributes you are trying to add/update are not supported by underlying LDAP for user: 错误)
SCIM2 GET 用户的响应不包含没有值的属性。因此,将 true/false 设置为声明值。
此外,将新属性添加到urn:ietf:params:scim:schemas:extension:enterprise:2.0:用户声明方言就足够了。按照 https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/
中的步骤操作
我正在尝试检索在 WSO2 IS 5.9 版本中已锁定帐户的用户列表。 我在向以下声明添加帐户锁定属性后尝试:
urn:ietf:params:scim:schemas:core:2.0
urn:ietf:params:scim:schemas:core:2.0:User
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
我也按照以下 URL 添加了自定义声明: https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/
{ "attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock",
"attributeName":"accountLock",
"dataType":"boolean",
"multiValued":"false",
"description":"Account lock",
"required":"false",
"caseExact":"false",
"mutability":"readwrite",
"returned":"default",
"uniqueness":"none",
"subAttributes":"null",
"multiValuedAttributeChildName":"null",
"canonicalValues":[],
"referenceTypes":[]
}
但我仍然无法获取 accountLock 属性以响应 scim2 的 GET Users API。
回应
"totalResults": 10,
"startIndex": 1,
"itemsPerPage": 10,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"emails": [
"divya@abc.com"
],
"meta": {
"created": "2020-06-25T07:49:35.465Z",
"lastModified": "2020-06-25T11:20:13.482Z",
"resourceType": "User"
},
"name": {
"givenName": "guest",
"familyName": "guest"
},
"groups": [
{
"display": "Application/sp1"
},
{
"display": "Application/sp2"
},
{
"display": "Application/Read"
}
],
"id": "9ffbed2e-3703-470c-a2c8-e738f4c09709",
"userName": "guest12"
}
]}```
以下原因可能导致accoutLock属性没有出现在SCIM2 GET用户响应中。
您可能错过了添加新属性(“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:accountLock”)作为 [= 的子属性 39=].0:用户对象。 (https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#extending-the-scim-20-api 中的第 3 点。 "subAttributes":accoutLock verifyEmail askPassword employeeNumber costCenter organization division department manager")
"attributeURI":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "attributeName":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", "dataType":"complex", "multiValued":"false", "description":"Enterprise User", "required":"false", "caseExact":"false", "mutability":"readWrite", "returned":"default", "uniqueness":"none", "subAttributes":"accoutLock verifyEmail askPassword employeeNumber costCenter organization division department manager", "canonicalValues":[], "referenceTypes":["external"] }```
如果您使用默认的 LDAP 用户存储,添加的自定义声明 (https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/#add-the-custom-claim) 的映射属性应该是 LDAP 架构中的现有属性。 (但是,如果您犯了这个错误,您将无法 update/add 声明价值。它会出现
One or more attributes you are trying to add/update are not supported by underlying LDAP for user:错误)SCIM2 GET 用户的响应不包含没有值的属性。因此,将 true/false 设置为声明值。
此外,将新属性添加到urn:ietf:params:scim:schemas:extension:enterprise:2.0:用户声明方言就足够了。按照 https://is.docs.wso2.com/en/5.9.0/develop/extending-scim2-user-schemas/
中的步骤操作