【问题标题】:mozilla-django-oidc with keycloak on django 3django 3 上带有 keycloak 的 Mozilla-django-oidc
【发布时间】:2021-07-21 01:53:58
【问题描述】:

我正在尝试使用 mozilla-django-oidc (1.2.4) 将 Django (3.2) 与 Keycloak (12.0.2) 连接。

单击登录按钮时,我会重定向到 keycloak(根据 documentation 使用 oidc_authentication_init 视图),但成功登录后出现此错误:

Exception Type: HTTPError at /oidc/callback/
Exception Value: 404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token

django设置的相关设置有:

settings.py

INSTALLED_APPS = [
    ...,
    'mozilla_django_oidc',
]
AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
),

OIDC_AUTH_URI = 'http://localhost:8080/auth/realms/mycorp'
OIDC_CALLBACK_PUBLIC_URI = 'http://localhost'

LOGIN_REDIRECT_URL = OIDC_CALLBACK_PUBLIC_URI
LOGOUT_REDIRECT_URL = OIDC_AUTH_URI + '/protocol/openid-connect/logout?redirect_uri=' + OIDC_CALLBACK_PUBLIC_URI

OIDC_RP_CLIENT_ID = 'django'
OIDC_RP_CLIENT_SECRET = os.environ.get("OIDC_CLIENT_SECRET")
OIDC_RP_SCOPES = 'openid email profile'

# Keycloak-specific (as per http://KEYCLOAK_SERVER/auth/realms/REALM/.well-known/openid-configuration)
OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/userinfo'
OIDC_OP_JWKS_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/certs'

urls.py

urlpatterns = [
    ...,
    path('oidc/', include('mozilla_django_oidc.urls')),
]

以及详细的错误:

HTTPError at /oidc/callback/
404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
Request Method: GET
Request URL:    http://localhost/oidc/callback/?state=cBtEeSIHNNdsgMBUjPXkq2RwVSSpKsZF&session_state=a5b50fc0-0ec2-4def-8ec8-db1e4a95450f&code=864a2e21-75a7-42d8-8249-e9397be9b64b.a5b50fc0-0ec2-4def-8ec8-db1e4a95450f.2ec7cfbf-b5ee-4f9a-9d4b-012fdc0f9630
Django Version: 3.2
Exception Type: HTTPError
Exception Value:    
404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
Exception Location: /usr/local/lib/python3.8/site-packages/requests/models.py, line 943, in raise_for_status
Python Executable:  /usr/local/bin/python
Python Version: 3.8.9
Python Path:    
['/home/maat/src',
 '/usr/local/bin',
 '/usr/local/lib/python38.zip',
 '/usr/local/lib/python3.8',
 '/usr/local/lib/python3.8/lib-dynload',
 '/usr/local/lib/python3.8/site-packages']
Server time:    Tue, 27 Apr 2021 19:08:01 +0200

显然一切都按照文档中的说明进行了配置,但我看不出它失败的原因......

【问题讨论】:

    标签: django keycloak openid-connect


    【解决方案1】:

    404 对我来说还不够清楚,直到我意识到测试是在 docker-compose 上运行的,因此对 localhost 的访问与主机不同。

    在主机网络模式下运行或通过其域名/主机 IP 到达 keycloak(见下文 172.20.0.1 这是主机的 docker 网络 IP)修复它:

    OIDC_AUTH_URI=http://172.20.0.1:8080/auth/realms/mycorp
    OIDC_AUTHENTICATION_CALLBACK_URL=http://localhost/openid/callback
    OIDC_CALLBACK_PUBLIC_URI=http://localhost/
    

    【讨论】:

    • 您能否发布您的 docker-compose.yml (或只是其中的一部分)以确保答案的完整性?我也可以帮助那些遇到同样问题的人,这样他们就可以有一个完整的工作示例。
    猜你喜欢
    • 2020-05-09
    • 2022-11-27
    • 2022-08-11
    • 2022-10-06
    • 2016-01-15
    • 2020-12-21
    • 2014-08-20
    • 2015-10-24
    • 2021-12-08
    相关资源
    最近更新 更多