实施自定义Keycloak身份验证器SPI时出现问题
[英]Problem Implementing a custom Keycloak Authenticator SPI
问题描述
I'm trying to implement a custom keycloack Authenticator SPI for authentication purposes against an external Identity provider. 
我正在尝试实现自定义密钥克隆Authenticator SPI,以针对外部身份提供程序进行身份验证。 The users already exist on the keycloak store, I only need connection to the custom SPI to authenticate them. 用户已经存在于密钥库存储中,我只需要连接到自定义SPI即可对其进行身份验证。
I'm following section 8.3 of the official guide https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi_walkthrough , which is very similar to what I need. 我正在遵循官方指南的8.3节https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi_walkthrough ,这与我所需要的非常相似。
The problem I'm running into is that after the authentication flow runs into the "action" method of the custom Authenticator, an exception is thrown from the AuthenticationProcessor Class, which after inspection, comes from following check: 我遇到的问题是, 在身份验证流运行到自定义Authenticator的“ action”方法之后, AuthenticationProcessor类引发了异常,该类经过检查后来自以下检查:
// org.keycloak.authentication.AuthenticationProcessor - line 876
if (authenticationSession.getAuthenticatedUser() == null) {
throw new AuthenticationFlowException(AuthenticationFlowError.UNKNOWN_USER);
}
after seeing this problem, my idea for trying solving it, was getting the user (already verified against the externl Identity Provider) from the keycloak store, and pushing it into the AuthenticationSession, like this: 看到此问题后,我尝试解决此问题的想法是从密钥斗篷存储中获取用户(已通过外部身份提供者验证),然后将其推送到AuthenticationSession中,如下所示:
// Connect against external Service Provider
// and asume "USER_ID" represents an already validated User
// AuthenticationFlowContext = afc is given as parameter
UserFederationManager ufm = afc.getSession().users(); // <-- PROBLEM
UserModel userFound = ufm.getUserById("USER_ID", afc.getRealm());
if (userFound != null) {
// get reference to the authSession
AuthenticationSessionModel asm = afc.getAuthenticationSession();
// set authenticated user on the session
asm.setAuthenticatedUser(userFound );
return true;
}
return false;
The problem with the above code, is that a Java NoSuchMethodExceptionError is thrown regarding the users() method of the org.keaycloak.models.KeycloackSession class. 上面的代码的问题是,就org.keaycloak.models.KeycloackSession类的users()方法引发了Java NoSuchMethodExceptionError。 Like this: 像这样:
11:26:32,628 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-14) Uncaught server error: java.lang.NoSuchMethodError: org.keycloak.models.KeycloakSession.users()Lorg/keycloak/models/UserFederationManager;
Any suggestion that you could make to help me solve this would be greatly appreciated! 您可以提出任何帮助我解决此问题的建议,将不胜感激!
2 个解决方案
解决方案1
2 2019-07-03 11:23:30
As Henry stated, it's likely to be a version conflict. 正如Henry所说,这很可能是版本冲突。 I had a similar problem which was solved with this thread 's help. 我有一个类似的问题, 该线程的帮助已解决。 It suggests you downgrade some dependencies version, but in my case, we solved it changing back our server to Tomcat. 它建议您降级某些依赖项版本,但就我而言,我们解决了将其改回Tomcat的问题。
解决方案2
2 已采纳 2019-07-03 13:23:00
It seems the problem was that I was using an org.keycloak.models.UserFederationManager instance, instead of an org.keycloak.models.UserProvider instance. 似乎问题是我使用的是org.keycloak.models.UserFederationManager实例,而不是org.keycloak.models.UserProvider实例。 The UserFederationManager implements the UserProvider, and it seems the more general type works better than the more specific type under the injection mechanism this keycloak is using UserFederationManager实现了UserProvider,并且在此keycloak使用的注入机制下,似乎更通用的类型比更特定的类型更好。
// UserFederationManager ufm = afc.getSession().users(); // <-- PROBLEM
// UserProvider ufm = afc.getSession().users(); // <-- WORKS
Even though it works now, both of your suggestions are valid because my build version is indeed diferent that the one on the runtime, I'll solve that to avoid further Bugs. 即使现在可以使用,但您的两个建议都是有效的,因为我的构建版本确实与运行时版本不同,我将解决该问题以避免进一步的Bug。
Thanks your input Guys! 谢谢大家的投入!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.