为什么我不能使用辅助用户商店帐户的电子邮件地址登录到 wso2 api 商店
Why can i not login to the wso2 api store using the email address of a secondary user store account
问题
我正在尝试使用来自辅助用户商店的帐户登录我们的 API 商店,每次尝试都会导致以下错误
Error! Login failed. Please recheck the username and password and try again.
调试
什么似乎有效
我可以在一级店开户,
用户名:fred@text.com
密码:密码
该用户可以正常登录。
辅助用户存储是一个指向我们的 Oracle 数据库的 JDBC 连接,称为 storeTwo。
我可以在碳管理界面中看到总共 49,000 个用户,以及他们拥有的角色。
我已向这些用户中的一部分授予所有可能的权限。
什么不起作用
当我使用这些帐户之一尝试登录时,出现上述错误。
我不知道这里的问题是什么。
对我来说,当我尝试登录时,wso2 似乎没有检查二级存储。
其他信息
- 服务器OS:Centos 6
- wso2版本:2.1.0
- wso2 信息:wso2 的独立设置 API 管理器。
配置文件
storeTwo.xml
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="url">jdbc:oracle:thin:@<IP>:<HOST></Property>
<Property name="userName"><user></Property>
<Property encrypted="true" name="password"><pasword></Property>
<Property name="driverName">oracle.jdbc.driver.OracleDriver</Property>
<Property name="Disabled">false</Property>
<Property name="ReadOnly">true</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="UsernameJavaRegEx">^[\S]{5,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RolenameJavaRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="PasswordDigest">MD5</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="StoreSaltedPassword">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">false</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="validationQuery"/>
<Property name="validationInterval"/>
carbon.xml
...
<LoginConfig>
<UserIdLogin primary="true">
<ClaimUri></ClaimUri>
</UserIdLogin>
<EmailLogin primary="true">
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
</EmailLogin>
</LoginConfig>
...
wso2carbon.log
TID: [-1234] [] [2017-10-20 10:59:49,288] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'temp@example.com[-1234]' at [2017-10-20 10:59:49,288+0100] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - contentType from the OMOutputFormat =application/soap+xml {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - contentType returned =application/soap+xml; charset=UTF-8; action="urn:loginResponse" {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - start writeTo() {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - preserve=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - isOptimized=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - isDoingSWA=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,289] DEBUG {org.apache.axis2.transport.TransportUtils} - createSOAPEnvelope using Builder (class org.apache.axis2.builder.SOAPBuilder) selected from type (application/soap+xml) {org.apache.axis2.transport.TransportUtils}
TID: [-1234] [] [2017-10-20 10:59:49,289] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - end writeTo() {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,290] ERROR {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject} - Login failed. Please recheck the username and password and try again. {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject}
通过设置可写的辅助用户存储,我发现了问题的根源。当您为 'Password Hashing Algorithm' 选择 MD5 时,WSO2 似乎会执行以下操作。
MD5(password) -binary | base 64 = X03MO1qnZdYdgyfeuILPmQ==
而
MD5(password) = 5f4dcc3b5aa765d61d8327deb882cf99
这意味着当 wso2 检查上面提到的只读二级存储时,密码将永远(很少)匹配。
1 的最后一个 post 有一个例子(不适用于 wso2)- 下面是在 link 失败时需要在终端上测试的命令。
echo -n password | openssl dgst -md5 -binary | base64
echo -n password | openssl dgst -md5
问题
我正在尝试使用来自辅助用户商店的帐户登录我们的 API 商店,每次尝试都会导致以下错误
Error! Login failed. Please recheck the username and password and try again.
调试
什么似乎有效
我可以在一级店开户,
用户名:fred@text.com
密码:密码
该用户可以正常登录。
辅助用户存储是一个指向我们的 Oracle 数据库的 JDBC 连接,称为 storeTwo。 我可以在碳管理界面中看到总共 49,000 个用户,以及他们拥有的角色。 我已向这些用户中的一部分授予所有可能的权限。
什么不起作用
当我使用这些帐户之一尝试登录时,出现上述错误。
我不知道这里的问题是什么。
对我来说,当我尝试登录时,wso2 似乎没有检查二级存储。
其他信息
- 服务器OS:Centos 6
- wso2版本:2.1.0
- wso2 信息:wso2 的独立设置 API 管理器。
配置文件
storeTwo.xml
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="url">jdbc:oracle:thin:@<IP>:<HOST></Property>
<Property name="userName"><user></Property>
<Property encrypted="true" name="password"><pasword></Property>
<Property name="driverName">oracle.jdbc.driver.OracleDriver</Property>
<Property name="Disabled">false</Property>
<Property name="ReadOnly">true</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="UsernameJavaRegEx">^[\S]{5,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RolenameJavaRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="PasswordDigest">MD5</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="StoreSaltedPassword">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">false</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="validationQuery"/>
<Property name="validationInterval"/>
carbon.xml
...
<LoginConfig>
<UserIdLogin primary="true">
<ClaimUri></ClaimUri>
</UserIdLogin>
<EmailLogin primary="true">
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
</EmailLogin>
</LoginConfig>
...
wso2carbon.log
TID: [-1234] [] [2017-10-20 10:59:49,288] WARN {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed Administrator login attempt 'temp@example.com[-1234]' at [2017-10-20 10:59:49,288+0100] {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - contentType from the OMOutputFormat =application/soap+xml {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - contentType returned =application/soap+xml; charset=UTF-8; action="urn:loginResponse" {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - start writeTo() {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - preserve=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - isOptimized=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,288] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - isDoingSWA=false {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,289] DEBUG {org.apache.axis2.transport.TransportUtils} - createSOAPEnvelope using Builder (class org.apache.axis2.builder.SOAPBuilder) selected from type (application/soap+xml) {org.apache.axis2.transport.TransportUtils}
TID: [-1234] [] [2017-10-20 10:59:49,289] DEBUG {org.apache.axis2.transport.http.SOAPMessageFormatter} - end writeTo() {org.apache.axis2.transport.http.SOAPMessageFormatter}
TID: [-1234] [] [2017-10-20 10:59:49,290] ERROR {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject} - Login failed. Please recheck the username and password and try again. {org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject}
通过设置可写的辅助用户存储,我发现了问题的根源。当您为 'Password Hashing Algorithm' 选择 MD5 时,WSO2 似乎会执行以下操作。
MD5(password) -binary | base 64 = X03MO1qnZdYdgyfeuILPmQ==
而
MD5(password) = 5f4dcc3b5aa765d61d8327deb882cf99
这意味着当 wso2 检查上面提到的只读二级存储时,密码将永远(很少)匹配。
1 的最后一个 post 有一个例子(不适用于 wso2)- 下面是在 link 失败时需要在终端上测试的命令。
echo -n password | openssl dgst -md5 -binary | base64
echo -n password | openssl dgst -md5