我正在关注 keycloak 文档 使用 wildfly 适配器子系统来保护我的 WAR。
我正在尝试使用 jboss-cli.sh 添加以下内容 -
<secure-deployment name="WAR MODULE NAME.war">
<realm>bkofc</realm>
<auth-server-url>http://192.168.99.100:30001/auth</auth-server-url>
<bearer-only>true</bearer-only>
<ssl-required>EXTERNAL</ssl-required>
<resource>bkofc-svc</resource>
<credential name="secret">9bcc6d9f-9c72-4b58-b297-79f0f207d9e1</credential>
<use-resource-role-mappings>true</use-resource-role-mappings>
</secure-deployment>
但是无法识别“凭据”属性:
[standalone@localhost:9990 /]
/subsystem=keycloak/securedeployment=my.war/:add(realm=bkofc,auth-server-
url=http://192.168.99.100/30001/auth, bearer-only=true, ssl-
required=EXTERNAL, resource=bkofc-svc, use-resource-role-mappings=true,
credential=9bcc6d9f-9c72-4b58-b297-79f0f207d9e1)
'credential' is not found among the supported properties: [allow-any-
hostname, always-refresh-token, auth-server-url, auth-server-url-for-
backend-requests, autodetect-bearer-only, bearer-only, client-key-password,
client-keystore, client-keystore-password, connection-pool-size, cors-
allowed-headers, cors-allowed-methods, cors-max-age, disable-trust-manager,
enable-basic-auth, enable-cors, expose-token, min-time-between-jwks-
requests, principal-attribute, public-client, realm, realm-public-key,
register-node-at-startup, register-node-period, resource, ssl-required,
token-minimum-time-to-live, token-store, truststore, truststore-passw
ord, turn-off-change-session-id-on-login, use-resource-role-mappings]
[standalone@localhost:9990 /]
没有凭据属性,其余部分将被正确添加。
我该如何解决这个问题?
你必须稍后添加凭据,你应该尝试这样的事情:
/subsystem=keycloak/securedeployment=my.war/:add(realm=bkofc,auth-server-url=http://192.168.99.100/30001/auth, bearer-only=true, ssl-required=EXTERNAL, resource=bkofc-svc, use-resource-role-mappings=true)
/subsystem=keycloak/secure-deployment=my.war/credential=secret:add(value="9bcc6d9f-9c72-4b58-b297-79f0f207d9e1")
这适用于 WildFly 版本 20.0.1.Final 和 WildFly Keycloak 适配器版本 20.0.5,用于使用 Okta 配置身份验证:
embed-server --server-config=${server.config:standalone.xml}
# Add the WAR that is protected with SAML
/subsystem=keycloak-saml/secure-deployment=secure-application.war:add()
# Add SAML Service Provider
/subsystem=keycloak-saml/secure-deployment=secure-application.war/SP="http://localhost:8080/example-saml-auth":add(logoutPage="/logout.jsp",sslPolicy="EXTERNAL",nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",roleMappingsProviderId="my-rolemappings-provider",RoleIdentifiers=["role"])
# Add SP signing key
/subsystem=keycloak-saml/secure-deployment=secure-application.war/SP="http://localhost:8080/example-saml-auth"/Key=sp-signing-key:add(signing=true, PrivateKeyPem="...", CertificatePem="...")
# Add SAML Identity Provider
/subsystem=keycloak-saml/secure-deployment=secure-application.war/SP="http://localhost:8080/example-saml-auth"/IDP="http://www.okta.com/okta-id":add(signatureAlgorithm="RSA_SHA256",signatureCanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#",SingleSignOnService={signRequest=true,validateResponseSignature=true,validateAssertionSignature=true,requestBinding="POST",bindingUrl="https://dev-12345.okta.com/app/dev-12345_myexampleapp_1/okta-id/sso/saml"},SingleLogoutService={signRequest=true,signResponse=true,validateRequestSignature=true,validateResponseSignature=true,requestBinding="POST",responseBinding="POST",postBindingUrl="https://dev-12345.okta.com/app/dev-12345_myexampleapp_1/okta-id/sso/saml",redirectBindingUrl="https://dev-12345.okta.com/app/dev-12345_myexampleapp_1/okta-id/sso/saml"})
# Add IDP signing key
/subsystem=keycloak-saml/secure-deployment=secure-application.war/SP="http://localhost:8080/example-saml-auth"/IDP="http://www.okta.com/okta-id"/Key=idp-signing-key:add(signing=true,CertificatePem="...")
stop-embedded-server