查看 Python 應用程式和 SDK
在解決方案的這個部分中,您可以:
-
檢查 Python Web 應用程式的行為和程式碼
-
檢查與 Python Web 應用程式起始至 Oracle Identity Cloud Service 的成功和失敗登入嘗試關聯的診斷資料
檢查 Python 應用程式的行為
Python Web 應用程式的行為遵循授權碼授權類型所定義的三方認證流程。
若要驗證應用程式和 Oracle Identity Cloud Service 使用 Web 瀏覽器執行的所有要求、回應和重新導向,請為您的瀏覽器啟用開發人員模式。此解決方案使用 Google Chrome。
- 執行 Python Web 應用程式。
- 開啟 Google Chrome Web 瀏覽器,存取
http://localhost:8080
URL,然後按一下登入。 - 按 F12 ,選取 [ 網路 ] 頁籤,然後選取 [ 保留日誌 ] 核取方塊。選取此核取方塊即可查看應用程式與 Oracle Identity Cloud Service 之間的所有通訊。
- 在登入頁面中,按一下 Oracle 紅色圖示。
查看應用程式和 SDK 日誌
應用程式會將資訊記錄到指令行視窗。您也可以啟用 SDK 日誌。
依照預設,範例應用程式會在命令行視窗中記錄認證流程的資訊。
Starting development server at http://127.0.0.1:8000/
----------------------------------------
[21/Dec/2018 16:00:42] "GET /login/ HTTP/1.1" 200 2772
...
----------------- def auth(request) ---------------
config.json file = {'logoutSufix': '/oauth2/v1/userlogout', 'ClientSecret': 'abcde-12345-zyxvu-98765-qwerty', 'AudienceServiceUrl': 'https://idcs-abcd1234.identity.domain.com', 'BaseUrl': 'https://idcs-abcd1234.identity.domain.com', 'ClientId': '123456789abcdefghij, 'ConsoleLog': 'True', 'LogLevel': 'INFO', 'scope': 'urn:opc:idm:t.user.me openid', 'redirectURL': 'http://localhost:8000/callback', 'TokenIssuer': 'https://identity.domain.com/'}
[21/Dec/2018 16:00:48] "GET /auth/ HTTP/1.1" 302 0
[21/Dec/2018 16:01:08] "GET /callback?code=[value has been omitted for readability]&state=1234 HTTP/1.1" 301 0
----------------- def callback(request) ------------------
access_token = [value has been omitted for readability]
請依照下列步驟開啟 Oracle Identity Cloud Service 的 Python SDK 登入,並檢查您在開發期間發現的任何問題。
- 開啟
config.json
檔案,並將LogLevel
的值取代為DEBUG
。 - 儲存檔案並重新啟動 Python 伺服器
檢查診斷資料
當 Python Web 應用程式嘗試登入 Oracle Identity Cloud Service 時,成功和失敗的嘗試都會在 Oracle Identity Cloud Service 的診斷日誌檔中註冊。
- 登入 Oracle Identity Cloud Service 主控台。
- 在主控台中,依序展開導覽側邊功能表和設定值,然後按一下診斷。
- 選取活動檢視作為診斷類型,然後按一下儲存。
- 登出 Oracle Identity Cloud Service 。
Oracle Identity Cloud Service 會擷取接下來 15 分鐘的診斷資料。
- 完成此解決方案之「執行 Python 應用程式」主題中的步驟,以顯示 Python Web 應用程式的登入頁面。
- 按一下 Oracle 紅色圖示。
- 若要嘗試登入失敗,請在 Oracle Identity Cloud Service 的登入頁面中輸入不正確的使用者名稱或密碼。
- 若要成功登入,請輸入正確的使用者名稱和密碼。
- 使用 Python Web 應用程式登出 Oracle Identity Cloud Service 。
- 登入 Oracle Identity Cloud Service 主控台。
- 在主控台中,展開導覽側邊功能表,按一下報表,然後按一下診斷資料。
- 選取 15 分鐘時間範圍、活動檢視日誌類型、 CSV 報告格式,然後按一下下載報表。
診斷日誌檔包含與下列有關 Oracle Identity Cloud Service 登入嘗試的資訊類似。
Message: ID Token will be signed with User Tenant:idcs-abcd1234 Resource Tenant:idcs-abcd1234, clientId=123456789abcdefghij Component: OAuth Timestamp: [Date] Actor ID: your.email@domain.com --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"request":{"tenant":"idcs-abcd1234","grant types":"authorization_code","scopes":["urn:opc:idm:t.user.me"]},"user":{"id":"111111","name":"your.email@domain.com","tenant":"idcs-abcd1234","auth-type":"PASSWORD"},"client":{"id":"123456789abcdefghij","name":"Sample App","tenant":"idcs-abcd1234","auth-type":"PASSWORD"},"environment":{"isCSR":"false","onBehalfOfUser":"false"},"response":{"result":"ALLOWED","scopes":["urn:opc:idm:t.user.me"],"custom-claims":{"clientAppRoles":["Authenticated Client","Me"],"userAppRoles":["Authenticated","Global Viewer","Identity Domain Administrator"],"user_isAdmin":"true"}}} Component: Authorization/getAllowedScopes Timestamp: [Date] Actor ID: your.email@domain.com --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"Message":"SSO SignOn Policy evaluation result for user : 11111 is : effect:ALLOW,authenticationFactor:IDP,allowUserToSkip2FAEnrolment:false,2FAFrequency:SESSION,reAuthenticate:false,trustedDevice2FAFrequency: Component: Timestamp: Actor ID: --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluatePolicy] Evaluating Default Sign-On Policy Component: PolicyEngine Timestamp: [Date] Actor ID: uiSignin --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluateRule] Evaluating MFA rule Component: PolicyEngine Timestamp: [Date] Actor ID: uiSignin --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluatePolicy] Evaluating Default Authentication Target App Policy Component: PolicyEngine Timestamp: [Date] Actor ID: idcssso --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"password":"********","authFactor":"USERNAME_PASSWORD","device":"{\"currentTime\":\"[date]",\"screenWidth\":1920,\"screenHeight\":1080,\"screenColorDepth\":24,\"screenPixelDepth\":24,\"windowPixelRatio\":1,\"language\":\"en\",\"userAgent\":\"Mozilla\/5.0 (Windows NT 10.0 Component: Timestamp: Actor ID: --------------------------------------------------------------- ... --------------------------------------------------------------- Message: {"Message":"No session found so need to collect credentials","Redirecting to Login URL: ":https://idcs-abcd1234.identity.oraclecloud.com/ui/v1/signin} Component: SSO Timestamp: [Date] Actor ID: Unauthenticated --------------------------------------------------------------- ... --------------------------------------------------------------- Message: [PolicyEngineUtil.evaluatePolicy] Evaluating Default Identity Provider Policy Component: PolicyEngine Timestamp: [Date] Actor ID: Unauthenticated --------------------------------------------------------------- Message: Authorization Request, received parameters: scope[urn:opc:idm:t.user.me openid] response_type[code] state[1234] redirect_uri[http://localhost:8000/callback] client_id[123456789abcdefghij] Component: OAuth Timestamp: [Date] Actor ID: Unauthenticated
最近的日誌會顯示在檔案頂端。