问题描述

我在docker中部署了wso2 IS 5.3.0.我将其设置为进行openid连接身份验证.我试图让kubernetes与它一起进行身份验证.但是事实证明idtoken中的iss字段有问题.解码后，令牌的有效负载部分如下所示:

I deployed wso2 IS 5.3.0 in docker. I set it up for openid connect authentication. I tried to have kubernetes to work with it for authentication. But it turns out to have problem with iss field in idtoken. The payload part of the token looks like below after decode:

{"exp":1487335376,"sub":"admin","azp":"Dibo_uMHzySCIxrf55uvMGWjGEUa","at_hash":"_8q5TmtJRsdEj4V_dL4-Zg","aud":["Dibo_uMHzySCIxrf55uvMGWjGEUa"],"iss":"https:\/\/localhost:9443\/oauth2\/token","iat":1487331776,"acr":"urn:mace:incommon:iap:silver"} 

通过openid connect规范，iss字段应为" https://192.168.1.123 :9443/oauth2/oidcdiscovery/".如何更改idtoken中default的iss值?

By openid connect spec, the iss field is expected to be "https://192.168.1.123:9443/oauth2/oidcdiscovery/" in my case. How can I do to change the iss value of default in idtoken?

谢谢

推荐答案

您需要在首次运行wso2 IS服务器之前进行设置.首先，如下所示在identity.xml中设置IDTokenIssuerID.然后运行IS服务器.设置将被提取.

You need to set things up before running the wso2 IS server of its first time.Set IDTokenIssuerID in identity.xml as below first. Then run IS server. The settings will be picked up.

<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/oidcdiscovery/</IDTokenIssuerID>

这篇关于如何更改openid连接idtoken的iss的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！