为什么身份验证成功后授权失败

问题描述 投票:0回答:1

我根据帖子https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/配置了OAuth2.0协议(授权码授予类型)的CAS服务器>

我的服务器配置(application.yml)

cas:
  server:
    name: https://casoauth.example.org:8443
    prefix: ${cas.server.name}/cas
  authn:
    accept:
      users: casuser::demo
    oauth:
      refreshToken:
        timeToKillInSeconds: 2592000
      code:
        timeToKillInSeconds: 14400
        numberOfUses: 10
      accessToken:
        timeToKillInSeconds: 14400
        maxTimeToLiveInSeconds: 28800
      grants:
        resourceOwner:
          requireServiceHeader: true
      userProfileViewType: FLAT
  ticket:
    tgt:
      maxTimeToLiveInSeconds: 28800
      timeToKillInSeconds: 14400
    st:
      timeToKillInSeconds: 14400
  serviceRegistry:
    json:
      location: classpath:/services
    initFromJson: true
logging:
  config: file:/etc/cas/config/log4j2.xml
  level:
    org:
      apereo:
        cas: DEBUG

用于注册应用程序的json
{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "client1",
  "clientSecret": "password1",
  "serviceId": "^https://casoauth.example.org:9999/.*",
  "name": "OAuthService",
  "id": 1000,
  "bypassApprovalPrompt": false,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}

应用程序配置
debug: true
server:
  port: 9999
  ssl:
    keyStore: file:/etc/cas/thekeystore
    keyStorePassword: changeit
    keyPassword: changeit

security:
  user:
    password: user
  ignored: /,/favicon.ico,/index.html,/home.html,/dashboard.html,/js/**,/css/**,/webjars/**
  sessions: ALWAYS
  oauth2:
    sso:
      loginPath: /dashboard/login
management:
  security:
    role: HERO

logging:
  level:
    org.springframework: INFO
    com.netflix.discovery: 'OFF'

---
spring:
  profiles: cas
security:
  oauth2:
    client:
      clientId: client1
      clientSecret: password1
      accessTokenUri: https://casoauth.example.org:8443/cas/oauth2.0/accessToken
      userAuthorizationUri: https://casoauth.example.org:8443/cas/oauth2.0/authorize
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://casoauth.example.org:8443/cas/oauth2.0/profile
      preferTokenInfo: false

在CAS服务器上进行身份验证后,我得到

Whitelabel错误页面

此应用程序没有针对/ error的显式映射,因此您将其视为备用。

[Cue Jun 04 17:10:41 CEST 2019发生意外错误(类型=未经授权,状态= 401)。身份验证失败:无法获取访问令牌

URL https://casoauth.example.org:9999/dashboard/login?code=OC-1-lu5Hlcg2l3E4S5B68fs0-P-47tkh-4gR&state=ef17Ee

任何想法有什么问题吗?

我根据https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/我的服务器配置,使用OAuth2.0协议(授权代码授予类型)配置了CAS服务器( application.yml)...

oauth-2.0 spring-security-oauth2 cas
1个回答
0
投票

我有这个问题。您应该将证书添加到受信任的证书中,问题将会解决。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.