Single sign on Spring Cloud Dataflow KeyClope SSO集成注销问题
我已经在Spring云数据流中集成了用于身份验证和授权的Key斗篷。每次尝试使用登录应用程序时,我都成功登录到系统http://localhost:9393/dashboard. 注销后,我将进入默认登录页面,并按如下按钮登录Single sign on Spring Cloud Dataflow KeyClope SSO集成注销问题,single-sign-on,keycloak,spring-cloud-dataflow,dataflow,Single Sign On,Keycloak,Spring Cloud Dataflow,Dataflow,我已经在Spring云数据流中集成了用于身份验证和授权的Key斗篷。每次尝试使用登录应用程序时,我都成功登录到系统http://localhost:9393/dashboard. 注销后,我将进入默认登录页面,并按如下按钮登录 cloud: dataflow: security: authorization: enabled: true provider-role-mappings: keyc
cloud:
dataflow:
security:
authorization:
enabled: true
provider-role-mappings:
keycloak:
map-oauth-scopes: true
role-mappings:
ROLE_VIEW: dataflow.view
ROLE_CREATE: dataflow.create
ROLE_MANAGE: dataflow.manage
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destroy
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
security:
oauth2:
client:
registration:
keycloak:
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
authorization-grant-type: authorization_code
client-id: COMPANY_CLIENT
client-name: COMPANY_CLIENT
client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
scope:
- openid
- dataflow.view
- dataflow.deploy
- dataflow.destroy
- dataflow.manage
- dataflow.modify
- dataflow.schedule
- dataflow.create
provider:
keycloak:
jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
user-name-attribute: preferred_username
user-info-authentication-method: validate_access_token
authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
resourceserver:
opaquetoken:
introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
client-id: COMPANY_CLIENT
client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
authorization:
check-token-access: isAuthenticated()
问题是,当单击页面上的登录按钮时,作为注销成功响应,它将加载http://localhost:9393/login 页面,它引导我进入我的SSO客户端选择页面,如下所示
cloud:
dataflow:
security:
authorization:
enabled: true
provider-role-mappings:
keycloak:
map-oauth-scopes: true
role-mappings:
ROLE_VIEW: dataflow.view
ROLE_CREATE: dataflow.create
ROLE_MANAGE: dataflow.manage
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destroy
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
security:
oauth2:
client:
registration:
keycloak:
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
authorization-grant-type: authorization_code
client-id: COMPANY_CLIENT
client-name: COMPANY_CLIENT
client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
scope:
- openid
- dataflow.view
- dataflow.deploy
- dataflow.destroy
- dataflow.manage
- dataflow.modify
- dataflow.schedule
- dataflow.create
provider:
keycloak:
jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
user-name-attribute: preferred_username
user-info-authentication-method: validate_access_token
authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
resourceserver:
opaquetoken:
introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
client-id: COMPANY_CLIENT
client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
authorization:
check-token-access: isAuthenticated()
一旦我选择了客户端,它就会将我带到根目录(http://localhost:9393/). 成功登录后。它只加载带有URL的json对象,而不是将我带到仪表板
在此之后,我必须加载仪表板路径(任何有效路径)http://localhost:9393/dashboard/ 等)手动加载应用程序
如果您尝试登录到根URLhttp://localhost:9393/ 这也是你第一次面临同样的问题
我正在为本地设置自定义标记
我的钥匙斗篷配置如下
cloud:
dataflow:
security:
authorization:
enabled: true
provider-role-mappings:
keycloak:
map-oauth-scopes: true
role-mappings:
ROLE_VIEW: dataflow.view
ROLE_CREATE: dataflow.create
ROLE_MANAGE: dataflow.manage
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destroy
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
security:
oauth2:
client:
registration:
keycloak:
redirect-uri: '{baseUrl}/login/oauth2/code/{registrationId}'
authorization-grant-type: authorization_code
client-id: COMPANY_CLIENT
client-name: COMPANY_CLIENT
client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
scope:
- openid
- dataflow.view
- dataflow.deploy
- dataflow.destroy
- dataflow.manage
- dataflow.modify
- dataflow.schedule
- dataflow.create
provider:
keycloak:
jwk-set-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/certs
token-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token
user-info-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/userinfo
user-name-attribute: preferred_username
user-info-authentication-method: validate_access_token
authorization-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/auth
resourceserver:
opaquetoken:
introspection-uri: https://ulogin.company.services/auth/realms/XConnect/protocol/openid-connect/token/introspect
client-id: COMPANY_CLIENT
client-secret: a0f442f5-8c58-4220-9b48-4174476ba57a
authorization:
check-token-access: isAuthenticated()
如果有人能提供一些线索来解决这个问题,我将不胜感激
进一步资料: