我使用Kong来通过kong-oidc(https://github.com/nokia/kong-oidc)保护我的微服务。只要我不使用Kong作为Keycloak的反向代理,它就可以正常工作。否则,当访问受保护的URI(API:https://localhost/api/v1/counterparty)时,我会收到对redirect_uri_path的请求,但找不到会话状态。
我只有在第一次重定向后出现问题,如下所示: https://localhost/api/v1/counterparty-service/?state=48f642ce2e4d6aea65810e01bb0de89c&session_state=a63 .....
如果我在/(?state = ....)之后删除了该部分,则一切正常。
我的kong ngnix配置(完整示例位于https://github.com/hostettler/microservices):
location /auth/ {
proxy_pass http://iam:8080/auth/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api {
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
default_type '';
set $ctx_ref '';
set $upstream_host '';
set $upstream_upgrade '';
set $upstream_connection '';
set $upstream_scheme '';
set $upstream_uri '';
set $upstream_x_forwarded_for '';
set $upstream_x_forwarded_proto '';
set $upstream_x_forwarded_host '';
set $upstream_x_forwarded_port '';
rewrite_by_lua_block {
Kong.rewrite()
}
我只是希望第一个重定向能够像手动删除state =
一样工作