Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

session - WSO2 Identity Server authentication context API unauthorized

I have been attempting to limit active sessions on WSO2 IS 5.11.0. Every time I hit the session limit for a user, the handler is triggered successfully and I am redirected to the page that allows me to decide whether I want to deny the login or terminate the other sessions. The issue is that the call to get the active sessions always returns a 401. I have followed the flow through the code and see where the issue is:

In the AuthContextAPIClient, the only header set is UserName with a value of the admin username. The problem is when looking at the documentation for that endpoint it requires Basic auth. I am able to get the information I need from the same endpoint the client is calling with the following curl command:

curl https://HOST:9443/api/identity/auth/v1.1/context/XXX-XXX-XXX -H  "Authorization: Basic XXXXXXXX=="

which shows me that the API itself is working correctly.

How can I make the AuthContextAPIClient set the correct headers so that the call is authenticated?

Attempted solution:

I attempted a hacky solution by following step 6 here to set the header name to Authorization: Basic and the username to {admin username}:{admin password}. This threw an error because : is not allowed in the header name.

question from:https://stackoverflow.com/questions/65926597/wso2-identity-server-authentication-context-api-unauthorized

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...