Fatal编程技术网
  • single-sign-on/
  • Single sign on Spring Cloud Dataflow KeyClope SSO集成注销问题

Single sign on Spring Cloud Dataflow KeyClope SSO集成注销问题

single-sign-on keycloak

Single sign on Spring Cloud Dataflow KeyClope SSO集成注销问题,single-sign-on,keycloak,spring-cloud-dataflow,dataflow,Single Sign On,Keycloak,Spring Cloud Dataflow,Dataflow,我已经在Spring云数据流中集成了用于身份验证和授权的Key斗篷。每次尝试使用登录应用程序时,我都成功登录到系统http://localhost:9393/dashboard. 注销后,我将进入默认登录页面,并按如下按钮登录 cloud: dataflow: security: authorization: enabled: true provider-role-mappings: keyc

我已经在Spring云数据流中集成了用于身份验证和授权的Key斗篷。每次尝试使用登录应用程序时,我都成功登录到系统http://localhost:9393/dashboard. 注销后,我将进入默认登录页面,并按如下按钮登录

  cloud:
    dataflow:
      security:
        authorization:
          enabled: true
          provider-role-mappings:
            keycloak:
              map-oauth-scopes: true
              role-mappings:
                ROLE_VIEW: dataflow.view
                ROLE_CREATE: dataflow.create
                ROLE_MANAGE: dataflow.manage
                ROLE_DEPLOY: dataflow.deploy
                ROLE_DESTROY: dataflow.destroy
                ROLE_MODIFY: dataflow.modify
                ROLE_SCHEDULE: dataflow.schedule
  security:
    oauth2:
      client:
        registration:
          keycloak:
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            client-id: COMPANY_CLIENT
            client-name: COMPANY_CLIENT
            client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
            scope:
              - openid
              - dataflow.view
              - dataflow.deploy
              - dataflow.destroy
              - dataflow.manage
              - dataflow.modify
              - dataflow.schedule
              - dataflow.create
        provider:
          keycloak:
            jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
            token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
            user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
            user-name-attribute: preferred_username
            user-info-authentication-method: validate_access_token
            authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
      resourceserver:
        opaquetoken:
          introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
          client-id: COMPANY_CLIENT
          client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
      authorization:
        check-token-access: isAuthenticated()

问题是,当单击页面上的登录按钮时,作为注销成功响应,它将加载http://localhost:9393/login 页面,它引导我进入我的SSO客户端选择页面,如下所示

  cloud:
    dataflow:
      security:
        authorization:
          enabled: true
          provider-role-mappings:
            keycloak:
              map-oauth-scopes: true
              role-mappings:
                ROLE_VIEW: dataflow.view
                ROLE_CREATE: dataflow.create
                ROLE_MANAGE: dataflow.manage
                ROLE_DEPLOY: dataflow.deploy
                ROLE_DESTROY: dataflow.destroy
                ROLE_MODIFY: dataflow.modify
                ROLE_SCHEDULE: dataflow.schedule
  security:
    oauth2:
      client:
        registration:
          keycloak:
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            client-id: COMPANY_CLIENT
            client-name: COMPANY_CLIENT
            client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
            scope:
              - openid
              - dataflow.view
              - dataflow.deploy
              - dataflow.destroy
              - dataflow.manage
              - dataflow.modify
              - dataflow.schedule
              - dataflow.create
        provider:
          keycloak:
            jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
            token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
            user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
            user-name-attribute: preferred_username
            user-info-authentication-method: validate_access_token
            authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
      resourceserver:
        opaquetoken:
          introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
          client-id: COMPANY_CLIENT
          client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
      authorization:
        check-token-access: isAuthenticated()

一旦我选择了客户端,它就会将我带到根目录(http://localhost:9393/). 成功登录后。它只加载带有URL的json对象,而不是将我带到仪表板

在此之后,我必须加载仪表板路径(任何有效路径)http://localhost:9393/dashboard/ 等)手动加载应用程序

如果您尝试登录到根URLhttp://localhost:9393/ 这也是你第一次面临同样的问题

我正在为本地设置自定义标记

我的钥匙斗篷配置如下

  cloud:
    dataflow:
      security:
        authorization:
          enabled: true
          provider-role-mappings:
            keycloak:
              map-oauth-scopes: true
              role-mappings:
                ROLE_VIEW: dataflow.view
                ROLE_CREATE: dataflow.create
                ROLE_MANAGE: dataflow.manage
                ROLE_DEPLOY: dataflow.deploy
                ROLE_DESTROY: dataflow.destroy
                ROLE_MODIFY: dataflow.modify
                ROLE_SCHEDULE: dataflow.schedule
  security:
    oauth2:
      client:
        registration:
          keycloak:
            redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
            authorization-grant-type: authorization_code
            client-id: COMPANY_CLIENT
            client-name: COMPANY_CLIENT
            client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
            scope:
              - openid
              - dataflow.view
              - dataflow.deploy
              - dataflow.destroy
              - dataflow.manage
              - dataflow.modify
              - dataflow.schedule
              - dataflow.create
        provider:
          keycloak:
            jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
            token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
            user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
            user-name-attribute: preferred_username
            user-info-authentication-method: validate_access_token
            authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
      resourceserver:
        opaquetoken:
          introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
          client-id: COMPANY_CLIENT
          client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
      authorization:
        check-token-access: isAuthenticated()
如果有人能提供一些线索来解决这个问题,我将不胜感激

进一步资料: