I have been attempting to limit active sessions on WSO2 IS 5.11.0. Every time I hit the session limit for a user, the handler is triggered successfully and I am redirected to the page that allows me to decide whether I want to deny the login or terminate the other sessions. The issue is that the call to get the active sessions always returns a 401. I have followed the flow through the code and see where the issue is:
In the AuthContextAPIClient, the only header set is UserName
with a value of the admin username. The problem is when looking at the documentation for that endpoint it requires Basic auth. I am able to get the information I need from the same endpoint the client is calling with the following curl command:
curl https://HOST:9443/api/identity/auth/v1.1/context/XXX-XXX-XXX -H "Authorization: Basic XXXXXXXX=="
which shows me that the API itself is working correctly.
How can I make the AuthContextAPIClient set the correct headers so that the call is authenticated?
Attempted solution:
I attempted a hacky solution by following step 6 here to set the header name to Authorization: Basic
and the username to {admin username}:{admin password}
. This threw an error because :
is not allowed in the header name.
question from:
https://stackoverflow.com/questions/65926597/wso2-identity-server-authentication-context-api-unauthorized 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…