spring-boot - Keycloak/SpringBoot - OpenID 配置中提供的发行者 与请求的发行者 不匹配

Question

我刚加入的项目有问题。

技术栈:

• 使用 Angular 和 SpringBoot 的 Jhipster
• key 斗篷

我用 example.com 和 bar.com 替换了正确的 url

application.yaml

端点 https://bar.com/auth/realms/artemis/.well-known/openid-configuration返回这个:

{
  "issuer": "https://example.com/auth/realms/artemis",
  "authorization_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/auth",
  "token_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token",
  "token_introspection_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "https://bar.com/auth/realms/artemis/protocol/openid-connect/userinfo",
  "end_session_endpoint": "https://example.com/auth/realms/artemis/protocol/openid-connect/logout",
  "jwks_uri": "https://bar.com/auth/realms/artemis/protocol/openid-connect/certs",
  "check_session_iframe": "https://example.com/auth/realms/artemis/protocol/openid-connect/login-status-iframe.html",
}

当我运行该应用程序时出现此错误:

Caused by: java.lang.IllegalStateException: The Issuer "https://example.com/auth/realms/artemis" provided in the OpenID Configuration did not match the requested issuer "https://bar.com:8443/auth/realms/artemis"
    at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromOidcIssuerLocation(ClientRegistrations.java:76)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesRegistrationAdapter.java:84)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistration(OAuth2ClientPropertiesRegistrationAdapter.java:60)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.lambda$getClientRegistrations$0(OAuth2ClientPropertiesRegistrationAdapter.java:53)
    at java.util.HashMap.forEach(HashMap.java:1289)
    at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(OAuth2ClientPropertiesRegistrationAdapter.java:52)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:55)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.CGLIB$clientRegistrationRepository$0(<generated>)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3$$FastClassBySpringCGLIB$$1d0ccf00.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244)
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:363)
    at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration$$EnhancerBySpringCGLIB$$c9d328e3.clientRegistrationRepository(<generated>)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
    ... 92 common frames omitted

我是 Spring Boot 的新手。我真的不明白我必须做什么才能使用 2 个不同的 url。

谢谢你的帮助!如果您需要，我可以为您提供更多信息。

Answer 1

您的application.yaml 配置issuer-uri 与使用的OIDC Keycloak 领域的issuer 不匹配。将其设置为 https://example.com/auth/realms/artemis 应该没问题。