如何将WSO2 API管理器(AM)1.10.0与PingFederate SAML 2.0集成在一起?

编程入门行业动态更新时间:2024-10-28 10:24:43

本文介绍了如何将WSO2 API管理器(AM)1.10.0与PingFederate SAML 2.0集成在一起?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

如何将WSO2 am 1.10.0与PingFederate SAML 2.0集成在一起?有指示吗?

How to integrate WSO2 am 1.10.0 with PingFederate SAML 2.0? Any instructions?

在WSO2网站上，我仅看到有关如何在WSO2产品中设置SSO的文档: docs.wso2/display/AM1100/Configuring+Single+Sign-on+with+SAML2 .但是我没有看到有关如何通过SAML2与外部身份提供程序(例如PingFederate)启用WSO2 AM 1.10.0的文档.

From WSO2 web site, I only saw docs on how to set up SSO among WSO2 products: docs.wso2/display/AM1100/Configuring+Single+Sign-on+with+SAML2 . But I did not see documentation on how to enable WSO2 AM 1.10.0 with external identity providers such as PingFederate via SAML2.

感谢您的帮助.

***更新:

我按照此处的说明 docs .wso2/display/AM1100/Configuring + Single + Sign-on + with + SAML2 -仅假设WSO2 IS为PingIdentity.对于大多数而言，它是有效的，但是在订阅API时我无法生成密钥.即使我已登录应用程序和订阅并可以从/store UI创建应用程序，它也会显示无效的凭据".

I followed the instructions here docs.wso2/display/AM1100/Configuring+Single+Sign-on+with+SAML2 - just assuming WSO2 IS as PingIdentity. For the mojority part it's working, but I cannot generate keys when subscribing to an API. It says "invalid credentials" even if I have logged into applications and subscriptions and can create applications from /store UI.

推荐答案

我可以确认无需在图片中添加单独的wso2 IS服务器即可完成此操作.我通过以下方式解决了几个问题(无法生成密钥，无法发布API等):我要解决的问题是:1)在api-manager.xml中的ApiKeyValidaor中添加管理员用户，也可以通过管理控制台添加到管理员用户中user-mgt.xml; 2)在api-manager.xml中:

I can confirm that this can be done without adding a separate wso2 IS server into the picture. I fixed several issues (Cannot generate keys, cannot publish APIs, etc..) by: What I did to fix the issue was to 1) add admin user inside ApiKeyValidaor in api-manager.xml also into admin user via management console and into user-mgt.xml; 2) Inside api-manager.xml:

更改以下内容:

$ {carbon.local.ip}:$ {mgt.transport.https.port} $ {carbon.context}/services/

${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/

至: [FQDN_OF_HOST }:$ {mgt.transport.https.port} $ {carbon.上下文}/services/

to: [FQDN_OF_HOST}:${mgt.transport.https.port}${carbon.context}/services/

原因是我的服务器证书仅记录了域名，而不记录IP地址.

Reason is my server certificate only recorded the domain name, not ip address.

这里也提到了解决方案:

The solution was also mentioned here: wso2 am 1.10.0 API Store: "Error occurred while executing the action generateApplicationKey" with " Invalid credentials provided."