Keycloak"没有代码"使用自定义OpenID提供程序进行身份验证后

时间:2018-02-06 11:07:10

标签: keycloak openid-provider

我跟着一个名为" app-profile-jee-vanilla"将应用程序添加到Keycloak服务器。之后,我启用了Google登录。到目前为止,非常好。

现在,我想添加一个自定义OpenID提供程序。我开发了openid提供程序(仍然正在进行中......我还需要添加所有错误响应),但是,当流程成功完成时,用户将被重定向到Keycloak的登录页面,而不是去Vanilla认证。 "香草"日志说:

10:48:18,845 DEBUG [io.undertow.request] (default I/O-1) Matched prefix path /vanilla for path /vanilla/profile.jsp
10:48:18,847 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-57) adminRequest https://localhost:8443/vanilla/profile.jsp
10:48:18,848 DEBUG [io.undertow.request.security] (default task-57) Security constraints for request /vanilla/profile.jsp are [SingleConstraintMatch{emptyRoleSemantic=AUTHENTICATE, requiredRoles=[]}]
10:48:18,848 DEBUG [io.undertow.request.security] (default task-57) Authenticating required for request HttpServerExchange{ GET /vanilla/profile.jsp request {accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8], accept-language=[en-GB,en-US;q=0.9,en;q=0.8], cache-control=[max-age=0], accept-encoding=[gzip, deflate, br], dnt=[1], user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36], cookie=[JSESSIONID=Cqd-3jIqTC4Mpszlilw-0HxgAEFyKLZ6i49X7irA.id3698, JSESSIONID=6B32E6C903620A3ACCB305C764A239AE], referer=[https://localhost:8444/Login.jsp?scope=openid&state=wjLUKD-74VoKSIxMNrGgxfsfk2iT7PkELy3RWoB9tg4.0dafd6d9-6253-4356-88fa-29d565dcbc49&response_type=code&client_id=this-is-a-client-id&redirect_uri=https%3A%2F%2Flocalhost%3A8543%2Fauth%2Frealms%2Fdemo%2Fbroker%2Fcustom-oidc%2Fendpoint], upgrade-insecure-requests=[1], Host=[localhost:8443]} response {X-Powered-By=[Undertow/1], Server=[WildFly/10]}}
10:48:18,849 DEBUG [io.undertow.request.security] (default task-57) Setting authentication required for exchange HttpServerExchange{ GET /vanilla/profile.jsp request {accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8], accept-language=[en-GB,en-US;q=0.9,en;q=0.8], cache-control=[max-age=0], accept-encoding=[gzip, deflate, br], dnt=[1], user-agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36], cookie=[JSESSIONID=Cqd-3jIqTC4Mpszlilw-0HxgAEFyKLZ6i49X7irA.id3698, JSESSIONID=6B32E6C903620A3ACCB305C764A239AE], referer=[https://localhost:8444/Login.jsp?scope=openid&state=wjLUKD-74VoKSIxMNrGgxfsfk2iT7PkELy3RWoB9tg4.0dafd6d9-6253-4356-88fa-29d565dcbc49&response_type=code&client_id=this-is-a-client-id&redirect_uri=https%3A%2F%2Flocalhost%3A8543%2Fauth%2Frealms%2Fdemo%2Fbroker%2Fcustom-oidc%2Fendpoint], upgrade-insecure-requests=[1], Host=[localhost:8443]} response {X-Powered-By=[Undertow/1], Server=[WildFly/10]}}
10:48:18,851 DEBUG [org.keycloak.adapters.elytron.KeycloakHttpServerAuthenticationMechanismFactory] (default task-57) Evaluating request for path [https://localhost:8443/vanilla/profile.jsp]
10:48:18,852 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-57) adminRequest https://localhost:8443/vanilla/profile.jsp
10:48:18,861 DEBUG [org.keycloak.adapters.elytron.ElytronSessionTokenStore] (default task-57) Account was not in session, returning null
10:48:18,861 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-57) there was no code
10:48:18,861 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-57) redirecting to auth server
10:48:18,862 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-57) callback uri: https://localhost:8443/vanilla/profile.jsp
10:48:18,863 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-57) Sending redirect to login page: https://localhost:8543/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=vanilla&redirect_uri=https%3A%2F%2Flocalhost%3A8443%2Fvanilla%2Fprofile.jsp&state=65f979c1-e062-4e71-9c14-f350c5189b16&login=true&scope=openid

Keycloak日志说:

10:48:14,533 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-19) Got authorization code from client [vanilla].
10:48:14,549 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-19) Authorization code is valid.
...
10:48:14,750 DEBUG [org.keycloak.events] (default task-21) type=LOGIN, realmId=demo, clientId=vanilla, userId=b87b0a03-2418-4274-af4a-34dec666d376, ipAddress=127.0.0.1, auth_method=broker, identity_provider=custom-oidc, response_type=code, redirect_uri=https://localhost:8443/vanilla/profile.jsp, consent=persistent_consent, identity_provider_identity=tentativa123oiu123oiu, code_id=0dafd6d9-6253-4356-88fa-29d565dcbc49, username=tentativa123oiu123oiu, response_mode=query
10:48:14,751 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-21) Removing old user session: session: 553c5ae6-c713-4009-96c3-d7cd5798f702
10:48:14,761 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-21) Create login cookie - name: KEYCLOAK_IDENTITY, path: /auth/realms/demo, max-age: -1
...
10:48:15,505 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-18) AUTHENTICATE CLIENT
10:48:15,512 DEBUG [org.keycloak.authentication.ClientAuthenticationFlow] (default task-18) client authenticator: client-secret
10:48:15,513 DEBUG [org.keycloak.authentication.ClientAuthenticationFlow] (default task-18) client authenticator SUCCESS: client-secret
10:48:15,513 DEBUG [org.keycloak.authentication.ClientAuthenticationFlow] (default task-18) Client vanilla authenticated by client-secret
10:48:15,514 DEBUG [org.keycloak.protocol.oidc.endpoints.TokenEndpoint] (default task-18) Adapter Session 'Cqd-3jIqTC4Mpszlilw-0HxgAEFyKLZ6i49X7irA' saved in ClientSession for client 'vanilla'. Host is 'id3698'
10:48:15,650 DEBUG [org.keycloak.events] (default task-18) type=CODE_TO_TOKEN, realmId=demo, clientId=vanilla, userId=b87b0a03-2418-4274-af4a-34dec666d376, ipAddress=127.0.0.1, client_session_host=id3698, token_id=834c1b6f-9692-453b-94ee-604db2a1ffc4, grant_type=authorization_code, refresh_token_type=Refresh, client_session_state=Cqd-3jIqTC4Mpszlilw-0HxgAEFyKLZ6i49X7irA, refresh_token_id=b8d8ba7c-3a0c-4012-9cdb-ab99d6ccaa11, code_id=0dafd6d9-6253-4356-88fa-29d565dcbc49, client_auth_method=client-secret

在Keycloak中,我尝试打开Cookie身份验证流程。当我这样做时,登录后,浏览器只需进入重定向循环。

有没有人知道这里可能有什么问题?我错过了什么?

0 个答案:

没有答案