apereo CAS服务器中accessToken URL上的错误请求

问题描述 投票:0回答:1

我想将我的Spring Cloud Gateway应用程序与apereo CAS服务器(在8443端口上运行)集成,并且我将CAS服务器配置为充当Oauth2授权服务器。这是流程;

  • i请求网关

  • 它与授权服务器进行交互(此处为CAS)

  • 在交互之前,需要在此处登录。
  • 我已成功使用默认的cas-over-template凭据登录。(casuser:Mellon)
  • cas使用login / oauth2 / code / login-client?code = OC-3-TURQDNdC4jXulPgK7ipJSzfoBLi-iaSv&state = aitARK42e0zx2iTFkeZxoRM2rLehXSex6gTIfZOHlwY%3D url重定向到网关。
  • 和[invalid_grant]错误在网关上发生。

我检查网关跟踪日志,并且在获取访问令牌步骤时发生错误。

[ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [33597172] Completed 302 FOUND, headers={masked}
[ctor-http-nio-2] o.s.h.s.r.ReactorHttpHandlerAdapter      : [33597172] Handling completed
[ctor-http-nio-2] o.s.w.s.adapter.HttpWebHandlerAdapter    : [33597172] HTTP GET "/login/oauth2/code/login-client?code=OC-14-F99FROWxhVYzpfxkmQqB1BAfP-oOfIfI&state=Y9XC3NNkPUvb649Tx0dIDG4ZyIInioAD-xT2ll3bfII%3D", headers={masked}
[ctor-http-nio-2] o.s.w.r.f.client.ExchangeFunctions       : [dee9e83] HTTP POST http://localhost:8443/cas/oauth2.0/accessToken, headers={masked}
[ctor-http-nio-2] o.s.http.codec.FormHttpMessageWriter     : [dee9e83] Writing form fields [grant_type, code, redirect_uri] (content masked)
[ctor-http-nio-2] o.s.w.r.f.client.ExchangeFunctions       : [dee9e83] Response 400 BAD_REQUEST, headers={masked}
[ctor-http-nio-2] o.s.http.codec.json.Jackson2JsonDecoder  : [dee9e83] Decoded [{error=invalid_grant}]

显然,由于请求错误,它无法请求access_token。但是,我找不到有效的参数。而且,我不手动请求,而是在后台自动发生。我的错误在哪里?感谢您的帮助。

这是我的Spring Cloud Gateway配置:

spring:
  security:
    oauth2:
      client:
        registration:
          login-client:
            provider: uaa
            client-id: first-client
            client-secret: noonewilleverguess
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
        provider:
          uaa:
            authorization-uri: http://localhost:8443/cas/oauth2.0/authorize
            token-uri: http://localhost:8443/cas/oauth2.0/accessToken
            user-info-uri: http://localhost:8443/cas/oauth2.0/profile
            prefer-token-info: false
            client-authentication-scheme: form

cas oauth2注册服务

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "first-client",
  "clientSecret": "noonewilleverguess",
  "serviceId": "http://localhost:8085/.*",
  "name": "OAuthService",
  "bypassApprovalPrompt": true,
  "id": 1003,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}

我使用的资源

https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/

https://apereo.github.io/cas/5.3.x/installation/OAuth-OpenId-Authentication.html#responsegrant-types

oauth-2.0 single-sign-on cas spring-cloud-gateway apereo
1个回答
0
投票

好,问题实际上很简单。 Spring Cloud Gateway会自动填充3个字段(grant_type,代码,redirect_uri),但是cas apereo服务器具有api,该API需要5个字段(grant_type,代码,redirect_uri以及client_id,client_secret)。为了解决这个问题,您可以定义您的api,该api在cas接受3个参数,其余逻辑相同。您唯一要做的就是覆盖访问令牌api字段behaivour。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.