我试图通过本教程验证我的spinnaker界面: https://www.spinnaker.io/setup/quickstart/halyard-gke-public/
在本教程之前,确认了大三角帆并在http://localhost:9000上运行。我在1.3.1,1.4.1和1.4.2上尝试了以下内容。
在编辑/应用/启用Google安全性后,我尝试登录并成功通过谷歌登录屏幕进行挑战。完成双因素身份验证后,我按预期重定向到http://localhost:8084/login,但我收到以下错误:
{
"error": "Unauthorized",
"message": "Authentication Failed: User's info does not have all required fields.",
"status": 401,
"timestamp": 1506985726074
}
以下是我的设置步骤的日志:
kross@halyard:~$ hal config security authn oauth2 edit --provider google \
> --client-id $CLIENT_ID \
> --client-secret $CLIENT_SECRET \
> --user-info-requirements hd=$DOMAIN
+ Get current deployment
Success
+ Get authentication settings
Success
+ Edit oauth2 authentication settings
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
+ Successfully edited oauth2 method.
kross@halyard:~$ hal config security authn oauth2 enable
+ Get current deployment
Success
+ Edit oauth2 authentication settings
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
+ Successfully enabled oauth2
kross@halyard:~$ hal deploy apply
+ Get current deployment
Success
+ Apply deployment
Success
+ Deploy spin-clouddriver
Success
+ Deploy spin-front50
Success
+ Deploy spin-orca
Success
+ Deploy spin-deck
Success
+ Deploy spin-echo
Success
+ Deploy spin-gate
Success
+ Deploy spin-igor
Success
+ Deploy spin-rosco
Success
Problems in default.security:
- WARNING Your UI or API domain does not have override base URLs
set even though your Spinnaker deployment is a Distributed deployment on a
remote cloud provider. As a result, you will need to open SSH tunnels against
that deployment to access Spinnaker.
? We recommend that you instead configure an authentication
mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
securely, and then register the intended Domain and IP addresses that your
publicly facing services will be using.
我不太清楚如何处理这件事。看来我是真实的,但由于某种原因,交互中不允许使用所需的用户字段。
我也审核了spinnaker's authentication setup,并反复进行了一些更改,并使用全新的隐身浏览器进行了测试,但没有任何变化。
自google provider is a packaged OAuth 2 provider with spinnaker以来,我对于需要进一步配置感到困惑,因为我不是"带我自己的提供商"。
我可以从哪里开始寻找下一个?任何文档的引用/指针?
答案 0 :(得分:1)
问题是--user-info-requirements hd=$DOMAIN参数。这通常只在您使用G Suite / Google Apps for Work帐户作为OAuth身份提供商时才需要 - 它限制只能登录您域中的用户。否则,拥有有效@gmail帐户的任何人都可以登录。
如果您使用--user-info-requirements hd=$DOMAIN并且指定的$DOMAIN无效,您将收到此错误。请务必使用完全限定的域名作为值。