我们有一个代理运行,可以将HTTPS页面提供给互联网。因此,它将请求重定向到我们的DMZ,其中页面作为HTTP页面提供。
我们将WireCloud设置为在子域运行:wirecloud.example.com。 Horizon运行于horizon.example.com。
在Horizon中,回调网址设置为:http://wirecloud.example.com/complete/fiware/,在Wirecloud的settings.py中设置了FIWARE_IDM_SERVER = 'http://horizon.example.com'。
现在,当wirecloud.example.com/login被调用时,我们的代理会将其重定向到https,然后通过wireclound重定向到地平线,然后由我们的代理重定向到https://horizon.example.com/oauth2/authorize/?state=STATE_KEY&redirect_uri=http://wirecloud.example.com/complete/fiware/&response_type=code&client_id=CLIENT_ID。如果用户未登录并且现在已经登录,则redirect_uri会转换为:http%253A%252F%252Fwirecloud.example.com%252Fcomplete%252Ffiware%252F导致此错误:{"state": "STATE_KEY", "error": "invalid_redirect_uri"} (HTTP 400)。如果用户已登录并尝试授权应用程序(WireCloud),则会抛出405错误:
Environment:
Request Method: GET
Request URL: http://wirecloud.example.com/complete/fiware/?state=STATE_KEY&code=CODE
Django Version: 1.9.6
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'wirecloud.commons',
'compressor',
'wirecloud.catalogue',
'wirecloud.platform',
'wirecloud.oauth2provider',
'wirecloud.fiware',
'social.apps.django_app.default')
Installed Middleware:
('wirecloud.commons.middleware.URLMiddleware',)
Traceback:
File "/opt/wc/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
149. response = self.process_exception_by_middleware(e, request)
File "/opt/wc/venv/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
147. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
57. response = view_func(request, *args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/django/views/decorators/csrf.py" in wrapped_view
58. return view_func(*args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/apps/django_app/utils.py" in wrapper
51. return func(request, backend, *args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/apps/django_app/views.py" in complete
28. redirect_name=REDIRECT_FIELD_NAME, *args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/actions.py" in do_complete
43. user = backend.complete(user=user, *args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/backends/base.py" in complete
41. return self.auth_complete(*args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/utils.py" in wrapper
229. return func(*args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/backends/oauth.py" in auth_complete
383. method=self.ACCESS_TOKEN_METHOD
File "/opt/wc/venv/lib/python2.7/site-packages/social/backends/oauth.py" in request_access_token
361. return self.get_json(*args, **kwargs)
File "/opt/wc/venv/lib/python2.7/site-packages/social/backends/base.py" in get_json
229. return self.request(url, *args, **kwargs).json()
File "/opt/wc/venv/lib/python2.7/site-packages/social/backends/base.py" in request
225. response.raise_for_status()
File "/opt/wc/venv/lib/python2.7/site-packages/requests/models.py" in raise_for_status
844. raise HTTPError(http_error_msg, response=self)
Exception Type: HTTPError at /complete/fiware/
Exception Value: 405 Client Error: METHOD NOT ALLOWED for url: https://horizon.example.com/oauth2/token
那么我们如何配置WireCloud和/或Horizon和/或我们的代理才能使其正常工作?
答案 0 :(得分:1)
修改您的settings.py文件并添加以下行,以强制WireCloud将https用于内部网址:
FORCE_PROTO = 'https'
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
这应该使WireCloud使用https://wirecloud.example.com/complete/fiware/作为redirect_uri。有关详细信息,请参阅FORCE_PROTO。
关于,这个例外:
Exception Type: HTTPError at /complete/fiware/
Exception Value: 405 Client Error: METHOD NOT ALLOWED for url: https://horizon.example.com/oauth2/token
我需要更多信息才能100%确定,但似乎有关网络可见性的问题。我认为WireCloud计算机正在请求https://horizon.example.com/oauth2/token URL,但此请求未通过您的代理/前端服务器。如果你有一个有效的令牌,你可以通过从WireCloud机器和外部机器执行以下行来确认这种情况:
curl -v https://horizon.example.com/oauth2/token?access_token=*****