问题
I want to add SecondaryJDBCUserStore for JDBC[MySQL],added successfully, but i am getting issue with login,roles and permission
I am running WSO2 IS KM and WSO2 AM on diffrent VM. I have removed embedded LDAP and implemented AD[LDAP] as primary user store and it is working perfect with all roles and permission as expected. Recently I have added SecondaryJDBCUserStore for JDBC[MySQL] but i am getting issue with roles and permission.Below are the steps:
- Added SecondaryJDBCUserStore from CARBON UI - Success
- SecondaryJDBCUserStore visibility in User Store List- Success
- Added Users to SecondaryJDBCUserStore- Success
- Added Roles to SecondaryJDBCUserStore-
Failed [Sometimes not getting the domain of SecondaryJDBCUserStore while adding Roles/ Somehow if roles are added for SecondaryJDBCUserStore, it is not visible in CARBON UI after clicking on Roles.]
- Assigned Subscribe Permission to User Of SecondaryJDBCUserStore- Falied[
Getting Error as User is not permitted to Store, HTTP 403] User is not permitted to Store,HTTP 403
回答1:
According to what you have stated above there are several things that can happen.
Are you adding users and roles from the same node that you have added the secondary userstore? For example if you have added the secondary user store in you Identity server node are you adding the users and roles in that node it self? If not try doing that.
There is a possibility of a connectivity issue for the JDBC userstore (since you have mentioned sometimes domain is not showing) You can try adding a LDAP as a secondary userstore and see if it is working as expected. By this we are trying to bring everything in the same environment to see if there is a connectivity issue
If there any error logs printed in the wso2carbon.log file either when adding the userstore or when adding users/roles, you can try checking those logs to give more context to the issue.
来源:https://stackoverflow.com/questions/56679528/login-role-permission-issue-with-secondary-jdbc-user-store-in-wso2-identity-serv