我正在尝试将Keycloak与Apache Superset集成在一起,以在我的内部应用程序中启用SSO。我的服务器在AWS上运行。我有一个超集实例,一个keycloak实例和一个在我的超集实例前端启用ssl的Nginx。我也有一个从certbot生成的证书,并且有一个注册域,它以https连接到我的nginx。然后,nginx将其路由到超集。我正在运行超集作为gunicorn实例。无论我进行什么更改,我都反复遇到SSL_CERTIFICATE_VERIFY失败的情况。
输入https www域后,我能够成功启动keycloak登录页面。输入我的凭据后,它必须将其重定向回超集,这是当我收到ssl验证错误时。我的超集运行为http而不是https。我通过nginx处理https / http桥。
当我在我的superset_config中禁用OIDC并将其更改为AuthDB时,我能够通过nginx或使用loadbalancer的注册域成功启动和登录,甚至可以直接指向运行我的超集的服务器实例。仅当我尝试与keycloak集成时,才会发生此问题。我不确定这是否是keycloak重定向问题,python版本问题或其他问题。我已经在superset_config.py上尝试了所有可能的配置,但没有一个起作用。
我的superset_config.py
ssl._create_default_https_context = ssl._create_unverified_context
ENABLE_PROXY_FIX = True
AUTH_TYPE = AUTH_OID
ssl.CERT_NONE
ssl.ssl_verify=False
Traceback (most recent call last):
File "/home/ubuntu/venv/lib/python3.6/site-packages/flask/app.py", line
1982, in wsgi_app
response = self.full_dispatch_request()
File "/home/ubuntu/venv/lib/python3.6/site-packages/flask/app.py", line
1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/home/ubuntu/venv/lib/python3.6/site-packages/flask/app.py", line
1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/home/ubuntu/venv/lib/python3.6/site-packages/flask/_compat.py",
line 33, in reraise
raise value
File "/home/ubuntu/venv/lib/python3.6/site-packages/flask/app.py", line
1612, in full_dispatch_request
rv = self.dispatch_request()
File "/home/ubuntu/venv/lib/python3.6/site-packages/flask/app.py", line
1598, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/home/ubuntu/venv/lib/python3.6/site-
packages/flask_oidc/__init__.py", line 657, in _oidc_callback
plainreturn, data = self._process_callback('destination')
File "/home/ubuntu/venv/lib/python3.6/site-
packages/flask_oidc/__init__.py", line 689, in _process_callback
credentials = flow.step2_exchange(code)
File "/home/ubuntu/venv/lib/python3.6/site-
packages/oauth2client/_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)
File "/home/ubuntu/venv/lib/python3.6/site-
packages/oauth2client/client.py", line 2054, in step2_exchange
http, self.token_uri, method='POST', body=body, headers=headers)
File "/home/ubuntu/venv/lib/python3.6/site-
packages/oauth2client/transport.py", line 282, in request
connection_type=connection_type)
File "/home/ubuntu/venv/lib/python3.6/site-
packages/httplib2/__init__.py", line 1953, in request
cachekey,
File "/home/ubuntu/venv/lib/python3.6/site-
packages/httplib2/__init__.py", line 1618, in _request
conn, request_uri, method, body, headers
File "/home/ubuntu/venv/lib/python3.6/site-
packages/httplib2/__init__.py", line 1524, in _conn_request
conn.connect()
File "/home/ubuntu/venv/lib/python3.6/site-
packages/httplib2/__init__.py",
line 1307, in connect
self.sock = self._context.wrap_socket(sock, server_hostname=self.host)
File "/home/ubuntu/venv/lib/python3.6/site-packages/gevent/_ssl3.py",
line 66, in wrap_socket
_session=session)
File "/home/ubuntu/venv/lib/python3.6/site-packages/gevent/_ssl3.py",
line
267, in __init__
raise x
File "/home/ubuntu/venv/lib/python3.6/site-packages/gevent/_ssl3.py",
line
263, in __init__
self.do_handshake()
File "/home/ubuntu/venv/lib/python3.6/site-packages/gevent/_ssl3.py",
line
587, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:852)