Jwt RabbitMQ+;OAuth=>;用户的MQTT登录失败
我无法配置RabbitMQ以使用JWT进行客户端访问(例如,使用Paho访问MQTT) 我已经使用了这个推荐的插件 我正在使用密钥斗篷生成JWT访问令牌 样本:Jwt RabbitMQ+;OAuth=>;用户的MQTT登录失败,jwt,rabbitmq,keycloak,Jwt,Rabbitmq,Keycloak,我无法配置RabbitMQ以使用JWT进行客户端访问(例如,使用Paho访问MQTT) 我已经使用了这个推荐的插件 我正在使用密钥斗篷生成JWT访问令牌 样本: { "exp": 1617886910, "iat": 1617872510, "jti": "e720xxxxxxad0", "iss": "https://xxxxxxxxxxx",
{
"exp": 1617886910,
"iat": 1617872510,
"jti": "e720xxxxxxad0",
"iss": "https://xxxxxxxxxxx",
"aud": [
"kanban",
"rabbitmq",
"account"
],
"sub": "ec27xxxxxxx92fc",
"typ": "Bearer",
"azp": "kanban",
"session_state": "1bcxxxxxxx5e",
"acr": "1",
"allowed-origins": [
""
],
"realm_access": {
"roles": [
"offline_access",
"uma_authorization"
]
},
"scope": "email kanban.read:*/* kanban.write:*/* profile kanban.configure:*/*",
"email_verified": false,
"plant": "*",
"name": "xxx xx",
"preferred_username": "xxxx",
"given_name": "xxxxx",
"rabbitmq": ["kanban.read:*/*", "kanban.write:*/*"],
"family_name": "xx",
"email": "xxxxxxxxx"
}
对于rabbitmq配置:
dockfile
advanced.config
[
{rabbit, [
{auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]},
{auth_mechanisms, ['PLAIN','AMQPPLAIN','EXTERNAL']}
]},
{rabbitmq_auth_backend_oauth2, [
{resource_server_id, <<"kanban">>},
{key_config, [
{default_key, <<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">>},
{additional_rabbitmq_scopes, <<"rabbitmq">>},
{jwks_url, <<"https://XXXXX/auth/realms/XXXXX/protocol/openid-connect/certs">>},
{signing_key,
#{<<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXL0WnwckscW5XeCofcG65Fhdy/FJhvvuQkFOUu2erzPfI1Tq35yijikcAG4Qp+nnpUaKXw6juWXdRwebAEuX6ZsCZ5T75dJlXErov3jqOb47U5V0g2B2nNWOzeNGLsPDBOVw3e1iG6zIZtVUlJBM7hkAQuKj6w9R4mu5JEisGCw3onjrF97/E1oOvTw3v+tDYxwWqyLpFi5crjam3lzx4VxN8zwLCx1Q3x2a3jeMLlt0iL9F/+axrHZg45CrMq0MOsWJ3vJQh7WfKjW6hFlyDE4y/nxHds+v/nmzJC5ahEAFHixq7+0VhL0K+tSDmQjxG8gBfyaPsQsPCLC4Zzv/wIDAQAB
-----END PUBLIC KEY-----">>}
}
}]
}
]}
].
[
{兔子[
{auth_backend,[rabbit_auth_backend_oauth2,rabbit_auth_backend_internal]},
{auth_机制,['PLAIN','amqplain','EXTERNAL']}
]},
{rabbitmq_auth_backend_oauth2[
{resource\u server\u id,},
{key_config[
{default_key,},
{附加的\u rabbitmq\u作用域,},
{jwks_url,},
{签名\u密钥,
#{=>{pem,}
}
}]
}
]}
].
当我使用Paho测试时,提供密码字段上的JWT(以及用户为空或其他任何内容),我会出现错误
我尝试过的:
- 通过提供dumby key=>generate parse error检查是否加载了advanced.config
- 检查authbackend是否已加载=>在启动时显示在日志中
- 在我的paho脚本中使用不同的用户名或空进行检查
- 在advanced.config中检查带/不带签名的密钥字段
- 在JKWS=>周围检查是否有>没有发生任何事情
[
{rabbit, [
{auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]},
{auth_mechanisms, ['PLAIN','AMQPPLAIN','EXTERNAL']}
]},
{rabbitmq_auth_backend_oauth2, [
{resource_server_id, <<"kanban">>},
{key_config, [
{default_key, <<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">>},
{additional_rabbitmq_scopes, <<"rabbitmq">>},
{jwks_url, <<"https://XXXXX/auth/realms/XXXXX/protocol/openid-connect/certs">>},
{signing_key,
#{<<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXL0WnwckscW5XeCofcG65Fhdy/FJhvvuQkFOUu2erzPfI1Tq35yijikcAG4Qp+nnpUaKXw6juWXdRwebAEuX6ZsCZ5T75dJlXErov3jqOb47U5V0g2B2nNWOzeNGLsPDBOVw3e1iG6zIZtVUlJBM7hkAQuKj6w9R4mu5JEisGCw3onjrF97/E1oOvTw3v+tDYxwWqyLpFi5crjam3lzx4VxN8zwLCx1Q3x2a3jeMLlt0iL9F/+axrHZg45CrMq0MOsWJ3vJQh7WfKjW6hFlyDE4y/nxHds+v/nmzJC5ahEAFHixq7+0VhL0K+tSDmQjxG8gBfyaPsQsPCLC4Zzv/wIDAQAB
-----END PUBLIC KEY-----">>}
}
}]
}
]}
].