Spring Boot Security OAuth SSO和Keycloak:获取用户详细信息时重定向过多

时间:2018-08-11 08:22:16

标签: java spring spring-boot keycloak

我正在尝试使用Spring Netflix Zuul代理和Keycloak建立微服务架构。因为我不想从旧的Spring版本开始,所以我决定将Keycloak与Spring Security OAuth2库连接。

Zuul应用程序获得了注释@EnableOAUth2Sso@EnableResourceServer之后的mocroservice。现在,当我访问带有服务路径的Zuul时,将显示Keycloak登录屏幕。但是登录后,我得到了ERR_TOO_MANY_REDIRECTS。根据Keycloak日志

09:57:40,354 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
09:57:40,355 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
09:57:40,355 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 4.0.0.Beta3 (WildFly Core 3.0.8.Final) started in 35495ms - Started 545 of 881 services (604 services are lazy, passive or on-demand)
10:04:12,978 WARN  [org.keycloak.services] (default task-40) KC-SERVICES0091: Request is missing scope 'openid' so it's not treated as OIDC, but just pure OAuth2 request.
10:04:23,408 WARN  [org.keycloak.events] (default task-49) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,485 WARN  [org.keycloak.events] (default task-47) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,563 WARN  [org.keycloak.events] (default task-46) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,613 WARN  [org.keycloak.events] (default task-51) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,689 WARN  [org.keycloak.events] (default task-50) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,771 WARN  [org.keycloak.events] (default task-53) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,815 WARN  [org.keycloak.events] (default task-52) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,888 WARN  [org.keycloak.events] (default task-54) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:23,977 WARN  [org.keycloak.events] (default task-55) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,090 WARN  [org.keycloak.events] (default task-56) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,132 WARN  [org.keycloak.events] (default task-57) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,165 WARN  [org.keycloak.events] (default task-58) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,197 WARN  [org.keycloak.events] (default task-59) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,238 WARN  [org.keycloak.events] (default task-60) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,269 WARN  [org.keycloak.events] (default task-61) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,330 WARN  [org.keycloak.events] (default task-62) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,485 WARN  [org.keycloak.events] (default task-2) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,508 WARN  [org.keycloak.events] (default task-1) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token
10:04:24,576 WARN  [org.keycloak.events] (default task-63) type=USER_INFO_REQUEST_ERROR, realmId=LIA, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_token, auth_method=validate_access_token

Spring没有提供正确的信息。结果,Zuul无法获得有关用户的详细信息

org.springframework.security.authentication.BadCredentialsException: Could not obtain user details from token

我的配置是

server:
  port: 8762
  session:
    cookie:
      name: PROXYOAUTH2COOKIE

spring:
  application:
    name: zuul-server

eureka:
  instance:
    perferIpAdress: true
  client:
    registerWithEureka: true
    fetchRegistry: true
    serviceurl:
      defaultZone: http://localhost:1112/eureka

keycloak-client:
  server-url: http://localhost:8080/auth
  realm: LIA

security:
  oauth2:
    client:
      clientId: user-systems
      clientSecret: 9a9539b5-f397-49be-be89-086422530648
      accessTokenUri: ${keycloak-client.server-url}/realms/${keycloak-client.realm}/protocol/openid-connect/token
      userAuthorizationUri: ${keycloak-client.server-url}/realms/${keycloak-client.realm}/protocol/openid-connect/auth
      tokenName: access_token
      authenticationScheme: query
      clientAuthenticationScheme: form
    resource:
      userInfoUri: ${keycloak-client.server-url}/realms/${keycloak-client.realm}/protocol/openid-connect/userinfo

如您所见,我尝试了一些操作,例如设置cookie名称,但没有任何帮助。该错误仍然存​​在,我不知道为什么。

0 个答案:

没有答案
相关问题
最新问题