【问题标题】:Keycloak / SpringBoot - The Issuer <https://example.com> provided in the OpenID Configuration did not match the requested issuer <https://bar.com>Keycloak / SpringBoot - OpenID 配置中提供的颁发者 <https://example.com> 与请求的颁发者 <https://bar.com> 不匹配
【发布时间】:2021-03-04 13:51:44
【问题描述】:

我刚加入的项目有问题。

技术栈:

  • 使用 Angular 和 SpringBoot 的 Jhipster
  • 钥匙斗篷

我将正确的 url 替换为 example.com 和 bar.com

application.yaml

端点https://bar.com/auth/realms/artemis/.well-known/openid-configuration 返回:

{
  "issuer": "https://example.com/auth/realms/artemis",
  "authorization_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/auth",
  "token_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token",
  "token_introspection_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/userinfo",
  "end_session_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/logout",
  "jwks_uri": "https://bar.com/auth/realms/artemis/protocol/openid-connect/certs",
  "check_session_iframe": "https://example.com/auth/realms/artemis/protocol/openid-connect/login-status-iframe.html",
}

当我运行应用程序时出现此错误:

Caused by: java.lang.IllegalStateException: The Issuer "https://example.com/auth/realms/artemis" provided in the OpenID Configuration did not match the requested issuer "https://bar.com:8443/auth/realms/artemis"
    at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromOidcIssuerLocation(ClientRegistrations.java:76)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:84)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:60)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
    at java.util.HashMap.forEach(HashMap.java:1289)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:55)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.CGLIB$clientRegistrationRepository$0(<generated>)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3$$FastClassBySpringCGLIB$$1d0ccf00.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.clientRegistrationRepository(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
    ... 92 common frames omitted

我是 Spring Boot 的新手。我真的不明白我必须做什么才能使用 2 个不同的 url。

感谢您的帮助!如果您需要,我可以为您提供更多信息。

【问题讨论】:

    标签: spring-boot jhipster keycloak


    【解决方案1】:

    您的 application.yaml 配置 issuer-uri 与使用的 OIDC Keycloak 领域的 issuer 不匹配。设置成https://example.com/auth/realms/artemis就可以了。

    【讨论】:

      猜你喜欢
      • 2023-01-28
      • 1970-01-01
      • 2017-06-22
      • 2020-09-21
      • 2016-04-26
      • 2019-09-20
      • 2020-05-06
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多