我在管理门户中配置了 Keycloak 密钥管理器。我做了 WSO APIM documentation 中确切提到的内容,并从 GitHub 克隆了 WSO2 API-M Keycloak 连接器项目,并将 jar 文件复制到 /repository/components/dropins/ directory 中,但没有任何改变。尽管如此,我还是无法使用 keycloak 密钥管理器在 WSO2 的 devPortal 中生成应用程序密钥。
WSO2 APIM 的日志:
Caused by: feign.FeignException$Forbidden: [403 Forbidden] during [POST] to [http://localhost:8080/auth/realms/apim/clients-registrations/openid-connect] [DCRClient#createApplication(ClientInfo)]: [{"error":"insufficient_scope","error_description":"Forbidden"}]
at feign.FeignException.clientErrorStatus(FeignException.java:199) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.FeignException.errorStatus(FeignException.java:177) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.FeignException.errorStatus(FeignException.java:169) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:92) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.AsyncResponseHandler.handleResponse(AsyncResponseHandler.java:96) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:138) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:89) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:100) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
at com.sun.proxy.$Proxy480.createApplication(Unknown Source) ~[?:?]
at org.wso2.keycloak.client.KeycloakClient.createApplication(KeycloakClient.java:134) ~[keycloak.key.manager_2.0.2.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication_aroundBody8(AbstractApplicationRegistrationWorkflowExecutor.java:150) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:124) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication_aroundBody6(AbstractApplicationRegistrationWorkflowExecutor.java:120) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:117) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete_aroundBody2(ApplicationRegistrationSimpleWorkflowExecutor.java:78) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
... 59 more
Keycloak 的堆栈跟踪:
21:03:57,491 WARN [org.keycloak.events] (default task-4) type=CLIENT_REGISTER_ERROR, realmId=apim, clientId=null, userId=null, ipAddress=127.0.0.1, error=not_allowed
答案 0 :(得分:0)
不需要在外部将 Keycloak 连接器添加到 APIM 服务器。在 APIM-3.2.0 版本中,Keycloak 连接器预装在服务器中。
可以不添加 Key cloak 连接器试试吗?这应该可以解决问题。