WSO2 IS：如何允许对OIDC的匿名请求.known / openid-configuration

Question

WSO2 IS：如何允许对OIDC的匿名请求.known / openid-configuration

Jef*_*RDO 5 identity wso2 server

通常，对于OIDC发现，.well-known URI可以被请求为匿名。WSO2 5.3.0 doc中的示例指出，必须为请求提供管理员级别的凭据：

https://docs.wso2.com/display/IS530/OpenID+Connect+Discovery

curl -v -k --user admin：admin https _：_ /// localhost：9443 / oauth2 / oidcdiscovery /。众所周知/ openid配置

（下划线不是拼写错误，而是绕过了网址计数限制）

我可以确认导致curl -v -k https _：_ /// localhost：9443 / oauth2 / oidcdiscovery / .well-known / openid-configuration返回未授权的401。

（下划线不是拼写错误，而是绕过了网址计数限制）

我尝试使用“ SYSTEM / wso2.anonymous.role允许读取”在/ _system / config / oidc注册表中配置权限，但仍然得到401。将“ SYSTEM / wso2.anonymous.role的权限分配给允许授权”返回200，但正文为空。

关于如何解决OIDC发现（获取OIDC配置）而无需提供任何凭据的任何建议（匿名）？

谢谢

JF

Answer 1

Jef*_*RDO 6

经过多次试验，可以通过注释{WSO2_base_path} /repository/conf/identity/identity.xml中的.well-know行来提供匿名访问：

 <ResourceAccessControl>
    <Resource context="(.*)/api/identity/user/(.*)" secured="true" http-method="all"/>
    <Resource context="(.*)/api/identity/recovery/(.*)" secured="true" http-method="all"/>
    <!--<Resource context="(.*)/.well-known(.*)" secured="true" http-method="all"/>-->
    <Resource context="(.*)/identity/register(.*)" secured="true" http-method="all">
        <Permissions>/permission/admin/manage/identity/applicationmgt/delete</Permissions>
    </Resource>
    <Resource context="(.*)/identity/connect/register(.*)" secured="true" http-method="all">
        <Permissions>/permission/admin/manage/identity/applicationmgt/create</Permissions>
    </Resource>
    <Resource context="(.*)/oauth2/introspect(.*)" secured="true" http-method="all">
        <Permissions>/permission/admin/manage/identity/applicationmgt/view</Permissions>
    </Resource>
    <Resource context="(.*)/api/identity/entitlement/(.*)" secured="true" http-method="all">
        <Permissions>/permission/admin/manage/identity/pep</Permissions>
    </Resource>
</ResourceAccessControl>

Run Code Online (Sandbox Code Playgroud)

归档时间：	8 年，9 月前
查看次数：	1002 次
最近记录：	8 年，9 月前