java - wso2 身份服务器 oauth userinfo 无角色

Question

我安装了 WSO2 Identity 服务器，并且编写了一些 java 代码来使用 oauth 2 获取用户信息。为此，我使用 OLTU。我已正确连接，并在协商 access_code 后，我请求 userinfo 端点，如下所示:

https://<serverIP>:9443/oauth2/userinfo?schema=openid

我以 JSON 格式正确获取用户信息:

{"email":"xxxx@xxx.aa","name":"xxx","family_name":"xx","preferred_username":"xxx","given_name":"xx"}

我发现没有返回任何角色信息。我创建了一些自定义角色并分配了用户。他们没有分配任何权限。

我需要在服务器中配置任何内容吗？必须以其他方式提出请求吗？我做错了什么？

Answer 1

There are two ways to add this claim mapping. It's depends on your requirement.
To get this done has to add a role claim mapping under "http://wso2.org/oidc/claim" claim dialect. This can be done in following ways
Case 1 : For fresh WSO2IS before first startup
Go to <IS_HOME>/repository/conf/claim-config.xml file<br/>Add following configuration under <Dialect dialectURI="http://wso2.org/oidc/claim"><br/>                    <Claim>                                <ClaimURI>Roles</ClaimURI>                                <DisplayName>Roles</DisplayName>                                <AttributeID>role</AttributeID>                                <Description>role of the user</Description>                                <DisplayOrder>10</DisplayOrder>                                <SupportedByDefault />                    </Claim>Case 2: For already running server.Login to the Identity server management console as admin user.Click the Configure button to access the Configure menuClick on http://wso2.org/oidc/claim Dialect.Click on "Add New Claim Mapping" and set the above details.(There you will get an error which is known issues. But that value will store. Then again edit it and set Mapped Attribute again)
Then restart the server. Now you can get user info with roles