是否可以让Keycloak充当AWS ALB的OIDC提供程序?
我已经尝试了很多次,但是我只能使用500 Internal Server。
我创建了一个新的机密客户端,并向ALB提供了clientID和密码以及OIDC Urls。几年前,我读到有关标题中Bearer vs Bearer的问题,但我无法验证这是问题还是ALB仍然存在问题。
感谢您的帮助。
编辑:这是我的配置。我已经将网址调整为通用。
AWS -
Issuer: https://login.example.com/auth/realms/example
Auth Endpoint: https://login.example.com/auth/realms/example/protocol/openid-connect/auth
Token Endpoint: https://login.example.com/auth/realms/example/protocol/openid-connect/token
User info Endpoint: https://login.example.com/auth/realms/example/protocol/openid-connect/userinfo
Client ID: ExampleApp
Client secret: supersecret
Keycloak -
Client ID: ExampleApp
Root URL: https://li.stagingweb.example.com
Valid Redirect URIs: https://li.stagingweb.example.com/*
Admin URL: https://li.stagingweb.example.com
Web Origins: https://li.stagingweb.example.com/*
keycloak_client_settings keycloak_cred_settings
我从此配置中得到的响应只是一个500错误。负载均衡器日志报告:
5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 -"li.stagingweb.example.com" -1 2020-04-27T18:11:34.497000Z "authenticate" "-" "AuthTokenEpRequestFailed" "-" "-"
这是收到500错误的请求:
https://li.stagingweb.example.com/oauth2/idpresponse?state=PWISnbHmRCVpxmqyn%2FrKsHdJzbKFnfz5GxhnlCyVdnxRVV%2F9kvj7O0JCjQOuf1DNL08h821PorJGGa3%2F4fzFymulG8sS%2FxhLFQS5gNrpuQyCf9DCzrwFxkIbG3I2sHywK7%2FeDmfYUH6Rej%2FEJ4RQwdjpjm76Z1wycw%2FGjQIRxehaTqNtCS%2FdXhm2oag%2FBnY%2FkuMiB8Q%3D&session_state=3a94a1d6-5e75-491b-a231-e4a1a469e5cb&code=23364bac-92e9-4094-9dc3-19c15eb42e7c.3a94a1d6-5e75-491b-a231-e4a1a469e5cb.9723ee49-5bca-4ff6-8a13-f7539b0bc28c
希望我没有发布我不应该拥有的任何信息:)