成功认证后授权为何失败

时间:2019-06-04 15:29:24

标签: oauth-2.0 spring-security-oauth2 cas

我根据帖子https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/配置了具有OAuth2.0协议(授权码授予类型)的CAS服务器

我的服务器配置(application.yml)

cas:
  server:
    name: https://casoauth.example.org:8443
    prefix: ${cas.server.name}/cas
  authn:
    accept:
      users: casuser::demo
    oauth:
      refreshToken:
        timeToKillInSeconds: 2592000
      code:
        timeToKillInSeconds: 14400
        numberOfUses: 10
      accessToken:
        timeToKillInSeconds: 14400
        maxTimeToLiveInSeconds: 28800
      grants:
        resourceOwner:
          requireServiceHeader: true
      userProfileViewType: FLAT
  ticket:
    tgt:
      maxTimeToLiveInSeconds: 28800
      timeToKillInSeconds: 14400
    st:
      timeToKillInSeconds: 14400
  serviceRegistry:
    json:
      location: classpath:/services
    initFromJson: true
logging:
  config: file:/etc/cas/config/log4j2.xml
  level:
    org:
      apereo:
        cas: DEBUG

用于注册应用程序的json

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "client1",
  "clientSecret": "password1",
  "serviceId": "^https://casoauth.example.org:9999/.*",
  "name": "OAuthService",
  "id": 1000,
  "bypassApprovalPrompt": false,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}

应用配置

debug: true
server:
  port: 9999
  ssl:
    keyStore: file:/etc/cas/thekeystore
    keyStorePassword: changeit
    keyPassword: changeit

security:
  user:
    password: user
  ignored: /,/favicon.ico,/index.html,/home.html,/dashboard.html,/js/**,/css/**,/webjars/**
  sessions: ALWAYS
  oauth2:
    sso:
      loginPath: /dashboard/login
management:
  security:
    role: HERO

logging:
  level:
    org.springframework: INFO
    com.netflix.discovery: 'OFF'

---
spring:
  profiles: cas
security:
  oauth2:
    client:
      clientId: client1
      clientSecret: password1
      accessTokenUri: https://casoauth.example.org:8443/cas/oauth2.0/accessToken
      userAuthorizationUri: https://casoauth.example.org:8443/cas/oauth2.0/authorize
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://casoauth.example.org:8443/cas/oauth2.0/profile
      preferTokenInfo: false

在CAS服务器上进行身份验证后,我得到

Whitelabel错误页面

此应用程序没有针对/ error的显式映射,因此您将其视为备用。

CEST 2019年6月4日17:10:41 发生意外错误(类型=未经授权,状态= 401)。 身份验证失败:无法获取访问令牌

URL https://casoauth.example.org:9999/dashboard/login?code=OC-1-lu5Hlcg2l3E4S5B68fs0-P-47tkh-4gR&state=ef17Ee

有什么想法吗?

1 个答案:

答案 0 :(得分:0)

我遇到了这个问题。您应该将证书添加到受信任的证书中,问题将会解决。