我们正在使用UAA的Multitenancy功能给我们的客户。因此,我们需要为每个客户创建一个身份区来管理单个客户的信息。
然而,根据文档,我无法找到如何创建一个身份区。identity zone admin 范围内 zone.<zoneid>.admin 并获得此管理令牌。
Name Description
Authorization Access token with scim.write or uaa.admin scope required
X-Identity-Zone-Id May include this header to administer another zone if using zones.<zoneId>.admin or uaa.admin scope against the default UAA zone.
X-Identity-Zone-Subdomain If using a zones.<zoneId>.admin scope/token, indicates what Identity Zone this request goes to by supplying a subdomain.
有没有什么准则或指南可以供我们参考?
谢谢您
下面是步骤。
uaac target http://localhost:8080/uaa
uaac token client get admin -s adminsecret
这是为了确保它有正确的作用域,你只需要做一次。
uaac client update admin --authorities "uaa.admin,clients.read,clients.write,clients.secret,scim.read,scim.write,clients.admin,zones.write"
然后得到一个新的令牌,它将有刚才添加的作用域。
uaac token client get admin -s adminsecret
uaac -t curl -X POST -H "Content-Type:application/json" -H "Accept:application/json" --data '{ "id":"testzone1", "subdomain":"testzone1", "name":"The Twiglet Zone[testzone1]", "version":0, "description":"Like the Twilight Zone but tastier[testzone1]."}' /identity-zones
uaac -t curl -H "X-Identity-Zone-Id:testzone1" -X POST -H "Content-Type:application/json" -H"Accept:application/json" --data '{ "client_id" : "admin", "client_secret" : "adminsecret", "scope" : ["uaa.none"], "resource_ids" : ["none"], "authorities" : ["uaa.admin","clients.read","clients.write","clients.secret","scim.read","scim.write","clients.admin"], "authorized_grant_types" : ["client_credentials"]}' /oauth/clients
uaac target http://testzone1.localhost:8080/uaa
uaac token client get admin -s adminsecret
uaac token decode