检查 Python 应用程序和 SDK
在此解决方案部分中,您可以:
-
检查 Python Web 应用程序的行为和代码
-
检查与Python Web应用程序启动Oracle Identity Cloud Service的成功登录尝试和失败登录尝试相关联的诊断数据
检查 Python 应用程序的行为
Python Web 应用程序的行为遵循授权代码授权类型定义的三路验证流。
要使用 Web 浏览器验证应用程序和Oracle Identity Cloud Service执行的所有请求、响应和重定向,请启用浏览器的开发人员 模式。此解决方案使用 Google Chrome。
- 运行 Python Web 应用程序。
- 打开 Google Chrome Web 浏览器,访问
http://localhost:8080
URL,然后单击登录。 - 按F12,选择网络 选项卡,然后选中保留日志 复选框。选中此复选框可查看应用程序与Oracle Identity Cloud Service之间的所有通信。
- In the Login page, click the Oracle red icon, which appears to the right of or You can log in with.
检查 Python 应用程序的代码
在您登录到Oracle Identity Cloud Service并重定向到 Python Web 应用程序的回调 URL 之后,Python Web 应用程序将在命令行窗口中显示信息。
[Date] "GET / HTTP/1.1" 200 2520 [Date] "GET /login/ HTTP/1.1" 200 3489 [Date] "GET /auth/ HTTP/1.1" 302 0 [Date] "GET /callback?code=[value has been omitted for readability]&state=1234 HTTP/1.1" 301 0 [Date] "GET /callback/?code=[value has been omitted for readability]&state=1234 HTTP/1.1" 200 2690
检查诊断数据
当 Python Web 应用程序尝试登录Oracle Identity Cloud Service时,成功尝试和未成功尝试都会注册到Oracle Identity Cloud Service诊断日志文件中。
- 登录到Oracle Identity Cloud Service。
- 在Identity Cloud Service控制台中,展开导航提取器,单击设置,然后单击诊断。
- 选择作为诊断类型的活动视图,然后单击保存。
- 从Oracle Identity Cloud Service注销。
Oracle Identity Cloud Service捕获下一15分钟的诊断数据。
- 完成此解决方案的“运行 Python 应用程序”主题中的步骤,以显示 Python Web 应用程序的登录 页。
- 单击显示在右侧的Oracle红色图标,或者您可以用来登录。
- 要使登录失败,请在Oracle Identity Cloud Service登录 页上输入不正确的用户名或口令。
- 要成功登录,请输入正确的用户名和口令。
- 使用 Python Web 应用程序从Oracle Identity Cloud Service中注销。
- 登录到Oracle Identity Cloud Service。
- 在Identity Cloud Service控制台中,展开导航提取器,单击报告,然后单击诊断数据。
- 选择15-Minute时间范围、活动视图 日志类型、CSV 报告格式,然后单击下载报告。
诊断日志文件包括与Oracle Identity Cloud Service登录尝试相似的以下信息。
Message: ID Token will be signed with User Tenant:idcs-abcd1234 Resource Tenant:idcs-abcd1234, clientId=123456789abcdefghij Component: OAuth Timestamp: [Date] Actor ID: your.email@domain.com --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"request":{"tenant":"idcs-abcd1234","grant types":"authorization_code","scopes":["urn:opc:idm:t.user.me"]},"user":{"id":"111111","name":"your.email@domain.com","tenant":"idcs-abcd1234","auth-type":"PASSWORD"},"client":{"id":"123456789abcdefghij","name":"Sample App","tenant":"idcs-abcd1234","auth-type":"PASSWORD"},"environment":{"isCSR":"false","onBehalfOfUser":"false"},"response":{"result":"ALLOWED","scopes":["urn:opc:idm:t.user.me"],"custom-claims":{"clientAppRoles":["Authenticated Client","Me"],"userAppRoles":["Authenticated","Global Viewer","Identity Domain Administrator"],"user_isAdmin":"true"}}} Component: Authorization/getAllowedScopes Timestamp: [Date] Actor ID: your.email@domain.com --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"Message":"SSO SignOn Policy evaluation result for user : 11111 is : effect:ALLOW,authenticationFactor:IDP,allowUserToSkip2FAEnrolment:false,2FAFrequency:SESSION,reAuthenticate:false,trustedDevice2FAFrequency: Component: Timestamp: Actor ID: --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluatePolicy] Evaluating Default Sign-On Policy Component: PolicyEngine Timestamp: [Date] Actor ID: uiSignin --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluateRule] Evaluating MFA rule Component: PolicyEngine Timestamp: [Date] Actor ID: uiSignin --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluatePolicy] Evaluating Default Authentication Target App Policy Component: PolicyEngine Timestamp: [Date] Actor ID: idcssso --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"password":"********","authFactor":"USERNAME_PASSWORD","device":"{\"currentTime\":\"[date]",\"screenWidth\":1920,\"screenHeight\":1080,\"screenColorDepth\":24,\"screenPixelDepth\":24,\"windowPixelRatio\":1,\"language\":\"en\",\"userAgent\":\"Mozilla\/5.0 (Windows NT 10.0 Component: Timestamp: Actor ID: --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"Message":"No session found so need to collect credentials","Redirecting to Login URL: ":https://idcs-abcd1234.identity.oraclecloud.com/ui/v1/signin} Component: SSO Timestamp: [Date] Actor ID: Unauthenticated --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluatePolicy] Evaluating Default Identity Provider Policy Component: PolicyEngine Timestamp: [Date] Actor ID: Unauthenticated --------------------------------------------------------------- Message: Authorization Request, received parameters: scope[urn:opc:idm:t.user.me openid] response_type[code] state[1234] redirect_uri[http://localhost:8000/callback] client_id[123456789abcdefghij] Component: OAuth Timestamp: [Date] Actor ID: Unauthenticated
最近的日志显示在文件顶部。