问题
I use WSO2 5.0.0 as IdP and the user store is an Active Directory (AD). User and Roles are listed in WSO2 Management console and I'am also being able to login in WSO2 with User/PW stored in AD. Therefore everything works fine.
The only problem I have is that if I request roles of users (e.g. over RemoteUserStoreManagement- WebService with method getUserClaimValues) than I get the WSO2 roles and not the Active Directory Roles assigned to the users in the AD. Also only the WSO2- Roles are mapped to users in WSO2.
Actually I have only basic knowledge in AD (I haven't adjust the current connection between WSO2 and AD) - therefore I have no idea where I should have a look at in order to resolve this problem.
Has anybody a hint concerning this issue (user-mgt.xml or WSO2 console or ...) Thanks a lot for help!
回答1:
So, you need to retrieve the roles of the user? According what you have mentioned, Please do following to resolve this issue.
- Please add following attributes under user store manager configuration in user-mgt.xml file, if there are not with the configuration.
<Property name="BackLinksEnabled">true</Property>
<Property name="MemberOfAttribute">memberOf</Property>
Please restart the server and verify.
- Please enable the debug logs in the user kernel and verify where is the issue has been generated.
To enable logs,
Locate log4j.properties file which can be found at /repository/conf directory.
Add following entry in to the file
log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG
Restart the server and try to invoke the server. You would see LDAP related logs where it would help to identify the issue.
来源:https://stackoverflow.com/questions/26112719/wso2-active-directory-user-role-mapping