用于浏览器应用程序和RESTful Web服务的集成单点登录(SSO)和Identity Manager(IDM)。建立在JBoss / Wildfly之上,符合OAuth 2.0,Open ID Connect,JSON Web Token(JWT)和SAML 2.0规范。
我正在使用Keycloak docker image 21.0.2(最新的)。 我向此 URL 发出 PUT 请求: http://localhost:8080/admin/realms/custom-realm/users/14905db1-5229-4110-bfbb-df13845a4f52 和这个...
拉取镜像失败“docker.io/jboss/keycloak”拉取镜像失败,拉取访问被拒绝
我们使用 keycloak 作为身份验证服务器(K8S 上的 helm 图表),直到今天(2024 年 3 月 20 日)部署都工作得很好,触发了需要重新启动 pod 的升级,然后开始...
Keycloak + oauth2-proxy;如何获取“id_token_hint”
我在 nginx 服务器后面使用 keycloak 和 oauth2-proxy。完整的身份验证流程由这个免费工具处理。 所以我的 Angular 前端和 NestJS 后端在
Keycloak:如何从管理 REST API 禁用 TOTP?
UserRepresentation 包含一个 totp 成员。 23.0.0 文档将其显示为可选布尔值,但它没有记录。经过一番尝试,我认为: 该字段不可写...
keycloack-js 客户端在检查身份验证时仅返回“未定义”
我正在我的SPA(反应/打字稿)中初始化keycloakClient,但我没有发现我做错了什么。当我点击然后 登录按钮我进入 keycloak 中的应用程序页面,成功后
我有一个 Express.js CRUD 应用程序,我使用 Keycloak 18.0.2 进行身份管理。 Keycloak 为我的应用程序处理 Google 和 Facebook 单点登录 (SSO),并且所有身份验证都是 ma...
如何使用 java keycloak-admin-client 列出客户端的所有范围权限
我正在使用 keycloak 23.0.6、spring-boot 和 keycloak-admin-client maven 依赖项。 keycloak.realm("realm-name").clients().get("client-id").authorization().permissions().sco...
我正在将 jboss/keycloak 与 docker 一起使用,并且想要启用/禁用 keycloak 的功能。根据keycloak的文档,可以这样完成: bin/kc.[sh|bat] 构建 --features=...
我正在开发一个应用程序,其中前端直接与Keycloak通信,当用户未登录时,我将他们重定向到Keycloak登录页面。到目前为止,一切都很好。不过,我...
java.lang.IllegalArgumentException:无法使用提供的颁发者解析配置
我正在尝试使用 Spring Boot 作为资源服务器和 Keycloak 作为授权服务器来制作一个工作演示。以下是项目代码片段: pom.xml ... 我正在尝试使用 Spring Boot 作为资源服务器和 Keycloak 作为授权服务器来制作一个工作演示。这是项目代码片段: pom.xml ... <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.7.3</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <java.version>11</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-oauth2-resource-server</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> ... 应用程序.java @SpringBootApplication public class App { public static void main(String[] args) { SpringApplication.run(App.class, args); } } AppRestController.java @RestController public class AppRestController { @GetMapping("/authenticated") @PreAuthorize("isAuthenticated()") public String authenticated() { return "authenticated"; } @GetMapping("/permitAll") @PreAuthorize("permitAll") public String permitAll() { return "permitAll"; } @GetMapping("/support") @PreAuthorize("hasRole('support')") public String support() { return "support"; } } 应用程序.属性 spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/realms/realm_1/.well-known/openid-configuration 我在端口 8083 上运行 Keycloak。对 http://localhost:8083/realms/realm_1/.well-known/openid-configuration 的获取请求返回以下响应: { "issuer": "http://localhost:8083/realms/realm_1", "authorization_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/auth", "token_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token", "introspection_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token/introspect", "userinfo_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/userinfo", "end_session_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/logout", "frontchannel_logout_session_supported": true, "frontchannel_logout_supported": true, "jwks_uri": "http://localhost:8083/realms/realm_1/protocol/openid-connect/certs", "check_session_iframe": "http://localhost:8083/realms/realm_1/protocol/openid-connect/login-status-iframe.html", "grant_types_supported": [ "authorization_code", "implicit", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "urn:openid:params:grant-type:ciba" ], "acr_values_supported": [ "0", "1" ], "response_types_supported": [ "code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token" ], "subject_types_supported": [ "public", "pairwise" ], "id_token_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "id_token_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "id_token_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "userinfo_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "userinfo_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "userinfo_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "request_object_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512", "none" ], "request_object_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "request_object_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "response_modes_supported": [ "query", "fragment", "form_post", "query.jwt", "fragment.jwt", "form_post.jwt", "jwt" ], "registration_endpoint": "http://localhost:8083/realms/realm_1/clients-registrations/openid-connect", "token_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "introspection_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "introspection_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "authorization_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5" ], "authorization_encryption_enc_values_supported": [ "A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512" ], "claims_supported": [ "aud", "sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email", "acr" ], "claim_types_supported": [ "normal" ], "claims_parameter_supported": true, "scopes_supported": [ "openid", "roles", "microprofile-jwt", "offline_access", "address", "web-origins", "acr", "phone", "profile", "email" ], "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": true, "code_challenge_methods_supported": [ "plain", "S256" ], "tls_client_certificate_bound_access_tokens": true, "revocation_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/revoke", "revocation_endpoint_auth_methods_supported": [ "private_key_jwt", "client_secret_basic", "client_secret_post", "tls_client_auth", "client_secret_jwt" ], "revocation_endpoint_auth_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512" ], "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "device_authorization_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/auth/device", "backchannel_token_delivery_modes_supported": [ "poll", "ping" ], "backchannel_authentication_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/ciba/auth", "backchannel_authentication_request_signing_alg_values_supported": [ "PS384", "ES384", "RS384", "ES256", "RS256", "ES512", "PS256", "PS512", "RS512" ], "require_pushed_authorization_requests": false, "pushed_authorization_request_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/par/request", "mtls_endpoint_aliases": { "token_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token", "revocation_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/revoke", "introspection_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/token/introspect", "device_authorization_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/auth/device", "registration_endpoint": "http://localhost:8083/realms/realm_1/clients-registrations/openid-connect", "userinfo_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/userinfo", "pushed_authorization_request_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/par/request", "backchannel_authentication_endpoint": "http://localhost:8083/realms/realm_1/protocol/openid-connect/ext/ciba/auth" } } 为了获取访问令牌,我使用密码 grand 类型向 http://localhost:8083/realms/realm_1/protocol/openid-connect/token 发送一个发布请求,并得到以下响应: { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJuLXRnUjJJUDdfamp6TXhqbU40XzdBSS1Temx4Yk14d3lyamtueGd0bHVzIn0.eyJleHAiOjE2NjM4NDM3NDYsImlhdCI6MTY2Mzg0MzQ0NiwianRpIjoiYzUyMDk5MjEtMDhlYy00ZDZiLThkYzEtNWJjYjg5MDU5MjU2IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9yZWFsbV8xIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjAyOTI0YjQ0LTRmZTEtNDY0Zi05M2JiLWNhNzM5MmU0YzQ5OCIsInR5cCI6IkJlYXJlciIsImF6cCI6ImNsaWVudC0xIiwic2Vzc2lvbl9zdGF0ZSI6IjBjYWQ2NmE4LWM0NjUtNGNjZS1hYzIxLTc3YTM0MWI1ZWEzMyIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiIsInVzZXIiLCJkZWZhdWx0LXJvbGVzLXJlYWxtXzEiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiIwY2FkNjZhOC1jNDY1LTRjY2UtYWMyMS03N2EzNDFiNWVhMzMiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6InVzZXIxIGZpcnN0IG5hbWUgdXNlcjEgbGFzdCBuYW1lIiwicHJlZmVycmVkX3VzZXJuYW1lIjoidXNlcjEiLCJnaXZlbl9uYW1lIjoidXNlcjEgZmlyc3QgbmFtZSIsImZhbWlseV9uYW1lIjoidXNlcjEgbGFzdCBuYW1lIiwiZW1haWwiOiJ1c2VyMUBtYWlsLmNvbSJ9.CZZx5tmI80qD84qg_cNjwxE13G6U_q5bm1gFFyvDAb0AZsQpckt83Vp7CyhAy40U7nHnOLaSnoVE3VbJQ65hbKLQiXqNs65GKVEaX0iBDNHGJz1WkWDtC8lox55fbgDaePNE7TGwDx15lIMkBHEdXBrMvl1Cm51Npi7nzsqmu2KdybwvnmVxcFJye3Y_OvbfRgEh2QQP4QrnIl2Qb6BuGcja3FY4SqIVEtMr-ZfXHxi3v9Az3NFWLPKPcGiQmLTVp2tYvAWsVvUWV6tomFGFFKtfaLNyXAk1ztGphPrckkGzIi_T_xKIEh56zD_egURKx0ZiDsTxgzJToRdJt6XIlw", "expires_in": 299, "refresh_expires_in": 1799, "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhOWFkOTRlMy02ODIzLTQ0MzMtOWYyZC0xMzYzNTA3OTRhMGIifQ.eyJleHAiOjE2NjM4NDUyNDYsImlhdCI6MTY2Mzg0MzQ0NiwianRpIjoiNDc2Y2M0ZWMtYmMwYS00OTUxLTlkMmItMTk1ZmUzMGQyMzZmIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9yZWFsbV8xIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgzL3JlYWxtcy9yZWFsbV8xIiwic3ViIjoiMDI5MjRiNDQtNGZlMS00NjRmLTkzYmItY2E3MzkyZTRjNDk4IiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImNsaWVudC0xIiwic2Vzc2lvbl9zdGF0ZSI6IjBjYWQ2NmE4LWM0NjUtNGNjZS1hYzIxLTc3YTM0MWI1ZWEzMyIsInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsInNpZCI6IjBjYWQ2NmE4LWM0NjUtNGNjZS1hYzIxLTc3YTM0MWI1ZWEzMyJ9.5Kb2XldpwkEKnGC9baRMDdRDLjid-SpZ1NlnZjse9OE", "token_type": "Bearer", "not-before-policy": 0, "session_state": "0cad66a8-c465-4cce-ac21-77a341b5ea33", "scope": "profile email" } 然后,我将 get 请求发送到 http://localhost:8080/permitAll 并获取 401 响应状态和日志中的以下堆栈跟踪: org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance at org.springframework.security.oauth2.jwt.SupplierJwtDecoder.wrapException(SupplierJwtDecoder.java:58) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.jwt.SupplierJwtDecoder.decode(SupplierJwtDecoder.java:49) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.getJwt(JwtAuthenticationProvider.java:97) ~[spring-security-oauth2-resource-server-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider.authenticate(JwtAuthenticationProvider.java:88) ~[spring-security-oauth2-resource-server-5.7.3.jar:5.7.3] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:134) ~[spring-security-oauth2-resource-server-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:346) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:221) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) ~[spring-security-web-5.7.3.jar:5.7.3] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.22.jar:5.3.22] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.22.jar:5.3.22] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.65.jar:9.0.65] at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na] Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://localhost:8083/realms/realm_1/.well-known/openid-configuration" at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:166) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.security.oauth2.jwt.JwtDecoders.fromIssuerLocation(JwtDecoders.java:93) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] at org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerJwtConfiguration$JwtDecoderConfiguration.lambda$jwtDecoderByIssuerUri$3(OAuth2ResourceServerJwtConfiguration.java:141) ~[spring-boot-autoconfigure-2.7.3.jar:2.7.3] at org.springframework.security.oauth2.jwt.SupplierJwtDecoder.decode(SupplierJwtDecoder.java:46) ~[spring-security-oauth2-jose-5.7.3.jar:5.7.3] ... 59 common frames omitted 我在 Spring Boot 2.7.2 和 Keycloak 服务器版本 16.1.1 上遇到了同样的问题(通过 docker-compose jboss/keycloak 运行) 就我而言,此 URI 不起作用: spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/realms/realm_1 但是当我在“/realms”应用程序成功启动之前添加“auth”时: spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/auth/realms/realm_1 应该就是这个 application.properties spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8083/realms/realm_1 发行者应与 Keycloak 配置 URL 中的发行者匹配。 我使用 spring 3 也遇到同样的错误。 我检测到 spring 在请求发布 url 时收到 404 错误。但是当我在浏览器中发出相同的请求时,它会起作用。
如何让 Keycloak 身份代理显示来自 Entra ID / Azure 身份提供商的 ID 令牌中的声明
我正在尝试使用 Keycloak 作为在 Entra ID 上配置的 OIDC 应用程序的身份提供者,从 ID 令牌中检索一些声明(角色、组、upn)。 使用 Postman,我可以检索 ID 令牌...
我有一段使用keycloak和JS的代码。 除了刷新令牌方法必须在令牌过期时从外部调用之外,代码工作正常。如何自动刷新token...
ArgoCD 和 Keycloak 的“无效客户端或无效客户端凭据”
根据文档使用Keycloak实现ArgoCD 2.10.0时,在Keycloak端输入凭据后,ArgoCD将失败并出现错误 获取令牌失败:oauth2:“
我通过使用authorization_code(scope=openidoffline_access)向/openid-connect/token发送请求来获取离线令牌。在 Keycloak 管理控制台的“离线访问”选项卡中,我可以看到离线创建的...
有没有办法使用Keycloak API(19.x)列出服务帐户用户? 我可以使用 GET /admin/realms/{realm}/users 列出用户,并且可以使用 GET /admin/realms/... 访问服务用户帐户用户
我想创建一个用户并在 Keycloak 的单个 API 中为其分配客户端角色,我已附上详细信息。 我有这个API http://testkeycloak.com:8085/auth/admin/realms/engineer/users { ...
我正在使用 Keycloak 来管理 Spring Boot 应用程序的授权。 我配置了一些只能由某些用户访问的资源。 这太棒了! 现在我想允许...
触发从“Keycloak”到“Azure ADB2C”的基本http调用以获取令牌响应时出现错误
从“Keycloak”到“Azure ADB2C”进行基本的 HTTP 调用,以检索令牌作为来自 AD B2C 的响应。 当前的流程如下所示。对于集成了...的 Java Web 应用程序
我正在构建基于keycloak的应用程序,但我正在努力解决一个问题:如何使用Angular和Keycloak API为用户提供编辑功能。此外,用户不是管理员或
我正在尝试在 azure 容器应用程序上使用 start-dev 启动 Keycloak,但它不起作用。 我的配置如下: 我在 ContainerAppConsoleLogs_CL 中没有应用程序日志 我只是哈...