keycloak 相关问题

用于浏览器应用程序和RESTful Web服务的集成单点登录(SSO)和Identity Manager(IDM)。建立在JBoss / Wildfly之上,符合OAuth 2.0,Open ID Connect,JSON Web Token(JWT)和SAML 2.0规范。

java.lang.IllegalArgumentException:无法使用提供的颁发者解析配置

我正在尝试使用 Spring Boot 作为资源服务器和 Keycloak 作为授权服务器来制作一个工作演示。以下是项目代码片段: pom.xml ... 我正在尝试使用 Spring Boot 作为资源服务器和 Keycloak 作为授权服务器来制作一个工作演示。这是项目代码片段: pom.xml ... <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.7.3</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <java.version>11</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-resource-server</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> ... 应用程序.java @SpringBootApplication public class App { public static void main(String[] args) { SpringApplication.run(App.class, args); } } AppRestController.java @RestController public class AppRestController { @GetMapping("/authenticated") @PreAuthorize("isAuthenticated()") public String authenticated() { return "authenticated"; } @GetMapping("/permitAll") @PreAuthorize("permitAll") public String permitAll() { return "permitAll"; } @GetMapping("/support") @PreAuthorize("hasRole('support')") public String support() { return "support"; } } 应用程序.属性 spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/realms/realm_1/.well-known/openid-configuration 我在端口 8083 上运行 Keycloak。对 http://localhost:8083/realms/realm_1/.well-known/openid-configuration 的获取请求返回以下响应: { "issuer": "http://localhost:8083/realms/realm_1", "authorization_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/auth", "token_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token", "introspection_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token/introspect", "userinfo_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/userinfo", "end_session_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/logout", "frontchannel_logout_session_supported": true, "frontchannel_logout_supported": true, "jwks_uri": "http://localhost:8083/realms/realm_1/protocol/openid-connect/certs", "check_session_iframe": "http://localhost:8083/realms/realm_1/protocol/openid-connect/login-status-iframe.html", "grant_types_supported": [ "authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "urn:openid:params:grant-type:ciba" ], "acr_values_supported": [ "0", "1" ], "response_types_supported": [ "code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token" ], "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "id_token_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "id_token_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "userinfo_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "userinfo_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "userinfo_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "request_object_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "request_object_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "request_object_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "response_modes_supported": [ "query", "fragment", "form_post", "query.jwt", "fragment.jwt", "form_post.jwt", "jwt" ], "registration_endpoint": "http://localhost:8083/realms/realm_1/clients-registrations/openid-connect", "token_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "introspection_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "introspection_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "authorization_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "claims_supported": [ "aud", "sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email", "acr" ], "claim_types_supported": [ "normal" ], "claims_parameter_supported": true, "scopes_supported": [ "openid", "roles", "microprofile-jwt", "offline_access", "address", "web-origins", "acr", "phone", "profile", "email" ], "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "code_challenge_methods_supported": [ "plain", "S256" ], "tls_client_certificate_bound_access_tokens": true, "revocation_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/revoke", "revocation_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "revocation_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "device_authorization_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/auth/device", "backchannel_token_delivery_modes_supported": [ "poll", "ping" ], "backchannel_authentication_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/ciba/auth", "backchannel_authentication_request_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "ES256", "RS256", "ES512", "PS256", "PS512", "RS512" ], "require_pushed_authorization_requests": false, "pushed_authorization_request_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/par/request", "mtls_endpoint_aliases": { "token_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token", "revocation_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/revoke", "introspection_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token/introspect", "device_authorization_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/auth/device", "registration_endpoint": "http://localhost:8083/realms/realm_1/clients-registrations/openid-connect", "userinfo_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/userinfo", "pushed_authorization_request_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/par/request", "backchannel_authentication_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/ciba/auth" } } 为了获取访问令牌,我使用密码 grand 类型向 http://localhost:8083/realms/realm_1/protocol/openid-connect/token 发送一个发布请求,并得到以下响应: { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJuLXRnUjJJUDdfamp6TXhqbU40XzdBSS1Temx4Yk14d3lyamtueGd0bHVzIn0.eyJleHAiOjE2NjM4NDM3NDYsImlhdCI6MTY2Mzg0MzQ0NiwianRpIjoiYzUyMDk5MjEtMDhlYy00ZDZiLThkYzEtNWJjYjg5MDU5MjU2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9yZWFsbV8xIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjAyOTI0YjQ0LTRmZTEtNDY0Zi05M2JiLWNhNzM5MmU0YzQ5OCIsInR5cCI6IkJlYXJlciIsImF6cCI6ImNsaWVudC0xIiwic2Vzc2lvbl9zdGF0ZSI6IjBjYWQ2NmE4LWM0NjUtNGNjZS1hYzIxLTc3YTM0MWI1ZWEzMyIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsInVzZXIiLCJkZWZhdWx0LXJvbGVzLXJlYWxtXzEiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiIwY2FkNjZhOC1jNDY1LTRjY2UtYWMyMS03N2EzNDFiNWVhMzMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6InVzZXIxIGZpcnN0IG5hbWUgdXNlcjEgbGFzdCBuYW1lIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidXNlcjEiLCJnaXZlbl9uYW1lIjoidXNlcjEgZmlyc3QgbmFtZSIsImZhbWlseV9uYW1lIjoidXNlcjEgbGFzdCBuYW1lIiwiZW1haWwiOiJ1c2VyMUBtYWlsLmNvbSJ9.CZZx5tmI80qD84qg_cNjwxE13G6U_q5bm1gFFyvDAb0AZsQpckt83Vp7CyhAy40U7nHnOLaSnoVE3VbJQ65hbKLQiXqNs65GKVEaX0iBDNHGJz1WkWDtC8lox55fbgDaePNE7TGwDx15lIMkBHEdXBrMvl1Cm51Npi7nzsqmu2KdybwvnmVxcFJye3Y_OvbfRgEh2QQP4QrnIl2Qb6BuGcja3FY4SqIVEtMr-ZfXHxi3v9Az3NFWLPKPcGiQmLTVp2tYvAWsVvUWV6tomFGFFKtfaLNyXAk1ztGphPrckkGzIi_T_xKIEh56zD_egURKx0ZiDsTxgzJToRdJt6XIlw", "expires_in": 299, "refresh_expires_in": 1799, "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhOWFkOTRlMy02ODIzLTQ0MzMtOWYyZC0xMzYzNTA3OTRhMGIifQ.eyJleHAiOjE2NjM4NDUyNDYsImlhdCI6MTY2Mzg0MzQ0NiwianRpIjoiNDc2Y2M0ZWMtYmMwYS00OTUxLTlkMmItMTk1ZmUzMGQyMzZmIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9yZWFsbV8xIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9yZWFsbV8xIiwic3ViIjoiMDI5MjRiNDQtNGZlMS00NjRmLTkzYmItY2E3MzkyZTRjNDk4IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImNsaWVudC0xIiwic2Vzc2lvbl9zdGF0ZSI6IjBjYWQ2NmE4LWM0NjUtNGNjZS1hYzIxLTc3YTM0MWI1ZWEzMyIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsInNpZCI6IjBjYWQ2NmE4LWM0NjUtNGNjZS1hYzIxLTc3YTM0MWI1ZWEzMyJ9.5Kb2XldpwkEKnGC9baRMDdRDLjid-SpZ1NlnZjse9OE", "token_type": "Bearer", "not-before-policy": 0, "session_state": "0cad66a8-c465-4cce-ac21-77a341b5ea33", "scope": "profile email" } 然后,我将 get 请求发送到 http://localhost:8080/permitAll 并获取 401 响应状态和日志中的以下堆栈跟踪: org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance at org.springframework.security.oauth2.jwt.SupplierJwtDecoder.wrapException(SupplierJwtDecoder.java:58) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.jwt.SupplierJwtDecoder.decode(SupplierJwtDecoder.java:49) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.getJwt(JwtAuthenticationProvider.java:97) ~[spring-security-oauth2-resource-server-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:88) ~[spring-security-oauth2-resource-server-5.7.3.jar:5.7.3] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:134) ~[spring-security-oauth2-resource-server-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na] Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://localhost:8083/realms/realm_1/.well-known/openid-configuration" at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:166) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.jwt.JwtDecoders.fromIssuerLocation(JwtDecoders.java:93) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerJwtConfiguration$JwtDecoderConfiguration.lambda$jwtDecoderByIssuerUri$3(OAuth2ResourceServerJwtConfiguration.java:141) ~[spring-boot-autoconfigure-2.7.3.jar:2.7.3] at org.springframework.security.oauth2.jwt.SupplierJwtDecoder.decode(SupplierJwtDecoder.java:46) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] ... 59 common frames omitted 我在 Spring Boot 2.7.2 和 Keycloak 服务器版本 16.1.1 上遇到了同样的问题(通过 docker-compose jboss/keycloak 运行) 就我而言,此 URI 不起作用: spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/realms/realm_1 但是当我在“/realms”应用程序成功启动之前添加“auth”时: spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/auth/realms/realm_1 应该就是这个 application.properties spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/realms/realm_1 发行者应与 Keycloak 配置 URL 中的发行者匹配。 我使用 spring 3 也遇到同样的错误。 我检测到 spring 在请求发布 url 时收到 404 错误。但是当我在浏览器中发出相同的请求时,它会起作用。

java spring-boot oauth-2.0 keycloak
回答 3 投票 0

如何让 Keycloak 身份代理显示来自 Entra ID / Azure 身份提供商的 ID 令牌中的声明

我正在尝试使用 Keycloak 作为在 Entra ID 上配置的 OIDC 应用程序的身份提供者,从 ID 令牌中检索一些声明(角色、组、upn)。 使用 Postman,我可以检索 ID 令牌...

keycloak openid-connect claims-based-identity microsoft-entra-id oidc-identity-brokering
回答 1 投票 0

keycloak js 自动令牌刷新

我有一段使用keycloak和JS的代码。 除了刷新令牌方法必须在令牌过期时从外部调用之外,代码工作正常。如何自动刷新token...

javascript keycloak
回答 3 投票 0

ArgoCD 和 Keycloak 的“无效客户端或无效客户端凭据”

根据文档使用Keycloak实现ArgoCD 2.10.0时,在Keycloak端输入凭据后,ArgoCD将失败并出现错误 获取令牌失败:oauth2:“

keycloak rbac argocd
回答 1 投票 0

Keycloak 离线令牌注销后失效

我通过使用authorization_code(scope=openidoffline_access)向/openid-connect/token发送请求来获取离线令牌。在 Keycloak 管理控制台的“离线访问”选项卡中,我可以看到离线创建的...

keycloak token offline
回答 1 投票 0

如何在keycloak中列出服务帐户用户

有没有办法使用Keycloak API(19.x)列出服务帐户用户? 我可以使用 GET /admin/realms/{realm}/users 列出用户,并且可以使用 GET /admin/realms/... 访问服务用户帐户用户

keycloak keycloak-rest-api
回答 1 投票 0

如何在单个 API 中创建具有多个客户端角色的用户

我想创建一个用户并在 Keycloak 的单个 API 中为其分配客户端角色,我已附上详细信息。 我有这个API http://testkeycloak.com:8085/auth/admin/realms/engineer/users { ...

keycloak keycloak-services keycloak-rest-api
回答 4 投票 0

Keycloak多资源授权肯定决策策略

我正在使用 Keycloak 来管理 Spring Boot 应用程序的授权。 我配置了一些只能由某些用户访问的资源。 这太棒了! 现在我想允许...

keycloak
回答 1 投票 0

触发从“Keycloak”到“Azure ADB2C”的基本http调用以获取令牌响应时出现错误

从“Keycloak”到“Azure ADB2C”进行基本的 HTTP 调用,以检索令牌作为来自 AD B2C 的响应。 当前的流程如下所示。对于集成了...的 Java Web 应用程序

keycloak azure-ad-b2c keycloak-rest-api keycloak-gatekeeper
回答 1 投票 0

Keycloak账户自助管理API

我正在构建基于keycloak的应用程序,但我正在努力解决一个问题:如何使用Angular和Keycloak API为用户提供编辑功能。此外,用户不是管理员或

angular postman keycloak
回答 1 投票 0

Keycloak 无法在 Azure 容器应用程序上启动

我正在尝试在 azure 容器应用程序上使用 start-dev 启动 Keycloak,但它不起作用。 我的配置如下: 我在 ContainerAppConsoleLogs_CL 中没有应用程序日志 我只是哈...

azure keycloak azure-container-apps
回答 2 投票 0

HTTP 请求到 keycloak 并失眠

我正在使用 Keycloak 和 NestJS 为新应用程序创建一个安全后端。我导入了包含客户端和用户的领域,并且我正在尝试通过 Insomnia 获取令牌并访问受保护的数据。

oauth-2.0 keycloak insomnia
回答 1 投票 0

Keycloak docker 中的令牌颁发者无效

我的钥匙斗篷有问题。所以,我有带有 keycloak 的 spring-microservices。如果它从本地开始,那么干得好。但是如果我在 docker 中启动 spring 和 keycloak,那么我就会遇到安全问题......

java reactjs spring docker keycloak
回答 2 投票 0

是否有一种优雅的方法可以为多租户应用程序克隆 Keycloak 领域及其所有配置(客户端和角色)?

我正在构建一个多租户应用程序,并使用 Keycloak 进行身份验证和授权。 对于每个租户,我们的想法是拥有一个专用的 Keycloak 领域。每个租户都会有确切的...

keycloak
回答 3 投票 0

缺少表单参数:grant_type IONIC CAPACITOR

我正在尝试调用Keycloak,但控制台给了我这个错误: 缺少表单参数:GRANT_TYPE 这是我的代码: 邮政() { 调试器; 让 url = "http://172.20.10.3:8080/realms/myre...

angular ionic-framework ionic3 keycloak
回答 1 投票 0

如何将Keycloack获取到Azure/EntraId以检索SpringBoot的声明/组/角色

我已配置 Keycloak 的本地实例作为 Microsoft EntraID 的身份代理(一种代理),以前称为 Azure Active Directory,它是实际的身份提供程序)...

spring-boot microsoft-graph-api keycloak openid-connect azure-entra-id
回答 1 投票 0

python-keycloak 包和 FastApi 的问题

我有一个小应用程序,我尝试使用 Keycloak 进行身份验证。如果我使用端点 /public 来获取测试用户的令牌,并使用该令牌与 Postman 一起向 /prote 发送请求...

python keycloak fastapi
回答 1 投票 0

Superset 与 Keycloak 的集成在用户名验证后崩溃,出现错误 500

我终于成功让Apache Superset将用户验证路由到Keycloak(弹出keycloak登录屏幕,KC用户正在被使用、验证和使用)。与 Sup 完全匹配的角色...

authentication flask keycloak apache-superset
回答 1 投票 0

keycloak - microsoft azure 广告安全漏洞

Keycloak 提供内置功能来与不同的应用程序(例如 Microsoft Azure AD)集成。我发现一篇文章讨论了 Azure 广告中的安全漏洞。有哪些类型的配置...

azure-active-directory keycloak
回答 1 投票 0

嵌入式Keycloak(Spring boot Java)证书问题:无法使用提供的颁发者解决配置

目前我正在构建一个带有 Angular 前端和 Java 后端的 Web 应用程序。目前,我正在 Baeldung 教程的帮助下将 keycloak 实现为嵌入式 Spring Boot 应用程序(https://www.ba...

java keycloak keystore pkix
回答 2 投票 0
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.