Keycloak 使用https时,IDP元数据在位置URL中丢失端口
我正在测试一个使用SpringSecuritySAML的应用程序,并使用KeyClope作为身份验证提供者进行测试。默认情况下,KeyClope在http和带有自签名证书的https上运行 在浏览器中通过https检索元数据时https://localhost:8543/auth/realms/master/protocol/saml/descriptor 它正确返回以下内容:Keycloak 使用https时,IDP元数据在位置URL中丢失端口,keycloak,opensaml,spring-security-saml2,Keycloak,Opensaml,Spring Security Saml2,我正在测试一个使用SpringSecuritySAML的应用程序,并使用KeyClope作为身份验证提供者进行测试。默认情况下,KeyClope在http和带有自签名证书的https上运行 在浏览器中通过https检索元数据时https://localhost:8543/auth/realms/master/protocol/saml/descriptor 它正确返回以下内容: <md:EntitiesDescriptor xmlns="urn:oasis:names:tc:SA
<md:EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Name="urn:keycloak">
<md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://localhost:8543/auth/realms/master">
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:KeyName>phlmLKZ2YqrT_0hsZQYSpBPrZxPmgNdI3I2AmPQFjg8</ds:KeyName>
<ds:X509Data>
<ds:X509Certificate>MIICmzCCAYMCBgF05GlTszANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjAxMDAxMTM0NDAyWhcNMzAxMDAxMTM0NTQyWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYxMG75gqear+r+4fyvmyNSMcHzB46HRk7sNd0Y9LDbuUT24KoyBz5A0ln1WyvCszoxpKcuKMcwGUP+kszbo8D3FjH+2zET+KoilEzDBn3g0JP6K8BUPyOoBftmRCujaI/kEjya1AQzM44xvFPp6hFlsGICqk6NJe8eWlRyv6/VE2MB+WSKq0OOtZz+PrMHvJC6R50xm4DLXLRCPXJ3HA9J78ghQTziPs69kCi90xsuYubX+qs8KfDPy1i8geZZM+PXQrPfM1BcAnwe7hUayqMLk5OeVrixm1KEZhqHMKaCXhDJE3uH4c++/TR++zIbdz2x15k24D569gxPSKlcYpjAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAB5SYnR0JFWMRE1qutLArc4NeD3DjbyBwvOZaCsLRz3T7paZe3O0SmKQGPkUyARrERvV01R8Q04OVuf+/UJ2fgYqRTthh5G0Y2qak9UL7oefrsuB15C4ZEjBJnoBZNzDXhmDYoOguxrxXMN9XPgJSO08+7l8nJE6V1cu4811+ksV67JaNkk6oU1V3/HU5+tRc2GpjiwO0qr4dKOGrrfRuRZ7BqzgLh/KcZOxvc5hbmxvtJrGh/xuuspAG/3akeEXTD754YLoZVFJTJOdXlbaBrfSvvIndV/gVfJyAavTGQBCcz+bucJ2ijNa394S36t5KrU9Hu4hXC0TgPbFPq7IrIk=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8543/auth/realms/master/protocol/saml"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8543/auth/realms/master/protocol/saml"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost:8543/auth/realms/master/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:8543/auth/realms/master/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://localhost:8543/auth/realms/master/protocol/saml"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
</md:EntitiesDescriptor>
是否有任何方法可以控制此操作并使其尊重元数据xml中的端口?进一步调试后,HTTPMetadataProvider获得的原始响应中也不存在该端口 原来问题是由于HttpClient的错误配置导致的,它没有在主机头中发送端口,因此Key斗篷没有用端口响应
protected XMLObject unmarshallMetadata(InputStream metadataInput) throws UnmarshallingException {
try {
log.trace("Parsing retrieved metadata into a DOM object");
Document mdDocument = parser.parse(metadataInput);