堆栈内存溢出
  简体   繁体   English

带有外部身份提供者的 Keycloak 失败

[英]Keycloak with external Identity Provider fails

 原文  2020-06-04 23:30:15       spring-boot/ kubernetes/ keycloak/ kubernetes-helm

问题描述

I have setup keycloak using kubernetes with new realm created with google and github as external Identity Providers.我已经使用 kubernetes 设置了 keycloak,新的 realm 是用 google 创建的,github 作为外部身份提供者。 I created a simple spring security app configuring the authorization with keycloak.我创建了一个简单的 spring 安全应用程序,使用 keycloak 配置授权。 I could authenticate with internal users and the flow is working as expected.我可以对内部用户进行身份验证,并且流程按预期工作。 But when using the external Identity providers google or github, it fails with similar exception.但是当使用外部身份提供商 google 或 github 时,它会失败并出现类似的异常。 In the log, it shows在日志中,它显示

ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-33) Failed to make identity provider oauth callback: java.net.UnknownHostException: oauth2.googleapis.com : Name or service not known错误 [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider](默认任务 33)无法使身份提供者 oauth 回调: java.net.UnknownHostException:oauth2.googleapis.com或服务未知:
at java.base/java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method)在 java.base/java.net.Inet4AddressImpl.lookupAllHostAddr(本机方法)
at java.base/java.net.InetAddress$PlatformNameService.lookupAllHostAddr(InetAddress.java:929) at java.base/java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1515) at java.base/java.net.InetAddress$PlatformNameService.lookupAllHostAddr(InetAddress.java:929) at java.base/java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1515)
at java.base/java.net.InetAddress$NameServiceAddresses.get(InetAddress.java:848)在 java.base/java.net.InetAddress$NameServiceAddresses.get(InetAddress.java:848)
at java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1505)在 java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1505)
at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1364)在 java.base/java.net.InetAddress.getAllByName(InetAddress.java:1364)
at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1298)在 java.base/java.net.InetAddress.getAllByName(InetAddress.java:1298)
at org.apache.httpcomponents.core//org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45) at org.apache.httpcomponents.core//org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112) at org.apache.httpcomponents.core//org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.Z93F725A07423FE1C889F448B33 at org.apache.httpcomponents.core//org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45) at org.apache.httpcomponents.core//org.apache.http.impl.conn. DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112) at org.apache.httpcomponents.core//org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at org.apache.httpcomponents.core// org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.Z93F725A07423FE1C889F448B33 D21F46Z:393) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.httpcomponents.core//org.ZB6EFD606D118D0F620 D21F46Z:393) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.httpcomponents.core//org.apache.http. impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.httpcomponents.core//org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.httpcomponents .core//org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.httpcomponents.core//org.ZB6EFD606D118D0F620 66E31419FF04CCZ.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at org.keycloak.keycloak-server-spi-private@10.0.0//org.keycloak.broker.provider.util.SimpleHttp.makeRequest(SimpleHttp.Z93F725A07423FE1C889 66E31419FF04CCZ.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org .apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.在 org.keycloak.keycloak-server-spi-private@10.0.0//org.keycloak.broker.provider.util.SimpleHttp.makeRequest(SimpleHttp.Z93F725A07423FE1C889) 执行(CloseableHttpClient.java:56) F448B33D21F46Z:222) at org.keycloak.keycloak-server-spi-private@10.0.0//org.keycloak.broker.provider.util.SimpleHttp.asResponse(SimpleHttp.java:180) at org.keycloak.keycloak-server-spi-private@10.0.0//org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:172) at org.keycloak.keycloak-services@10.0.0//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:470) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) F448B33D21F46Z:222) 在 org.keycloak.keycloak-server-spi-private@10.0.0//org.keycloak.broker.provider.util.SimpleHttp.asResponse(SimpleHttp.java:180) 在 org.keycloak.keycloak-server -spi-private@10.0.0//org.keycloak.broker.provider.util.SimpleHttp.asString(SimpleHttp.java:172) 在 org.keycloak.keycloak-services@10.0.0//org.keycloak.broker。 oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:470)在 java.base/jdk.internal.reflect.NativeMethodAccessorImpl(。
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang .reflect.Method.invoke(Method.java:566)
at org.jboss.resteasy.resteasy-jaxrs@3.11.0.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) at org.jboss.resteasy.resteasy-jaxrs@3.11.0.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:526) at org.jboss.resteasy.resteasy-jaxrs@3.11.0.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138) at org.jboss.resteasy.resteasy-jaxrs@3.11.0 .Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:526)

Is that because, keycloak running under kubernetes cluster?那是因为,keycloak 在 kubernetes 集群下运行吗? The stack shows java.net.UnknownHostException: oauth2.googleapis.com and not sure how to overcome this error.堆栈显示java.net.UnknownHostException: oauth2.googleapis.com并且不确定如何克服此错误。 Please let me know.请告诉我。

1 个解决方案

解决方案1
 1 已采纳  2020-06-06 19:06:38

Little background of this issue.这个问题的背景很少。 Environment: Minikube started with driver=none, kubernetes, keycloak with helm cluster using exiting postgres-ha 11 running on ubuntu 19.04环境:Minikube 以 driver=none、kubernetes、keycloak 和 helm 集群启动,使用在 ubuntu 19.04 上运行的退出 postgres-ha 11

To test ping: I deployed kuberentes dnsutils and followed the debugging steps.测试 ping:我部署了kuberentes dnsutils并遵循调试步骤。 I could not ping any google.com from inside the pod.我无法从吊舱内 ping 任何 google.com。 Also the command还有命令

kubectl get pods --namespace=kube-system -l k8s-app=kube-dns kubectl 获取 pod --namespace=kube-system -l k8s-app=kube-dns

showed that the coredns were not ready or running.表明 coredns 没有准备好或运行。 This was the cause of this issue.这就是这个问题的原因。 After digging through few others posts, espcially this one , I fixed the coredns to start and the rest of things got worked.在挖掘了其他几篇文章后,尤其这篇文章,我修复了 coredns 以启动并且 rest 的东西得到了工作。 HTH. HTH。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有外部身份提供者的 Keycloak - 没有来自服务器的 access_token - Keycloak with external identity provider - No access_token from server Keycloak:获取身份提供者信息 - Keycloak: get identity provider info Spring Security 和 Keycloak 因自定义身份验证提供程序而失败 - Spring Security and Keycloak fails with a custom authentication provider 调用 /logout 端点后,Keycloak 未注销身份提供程序 - Keycloak not logging out the Identity provider after calling the /logout endpoint 使用 Gradle 时,Keycloak 无法加载提供程序类 - Keycloak fails to load provider classes when using Gradle 外部 IDP 的 Keycloak 外部登录页面 - Keycloak external login page for external IDP Keycloak - spring 引导 - 外部登录 web 页面 - Keycloak - spring boot - external login web page 如何将现有用户角色映射到 keycloak 中的自定义用户存储提供程序? - How to map existing user roles to custom user storage provider in keycloak? 使用用户 SPI 在 Keycloak 中为外部用户分配角色 - Assigning Roles to external User in Keycloak Using User SPI 示例 keycloak spring-boot 应用程序无法找到 bean KeycloakSpringBootConfigResolver - Example keycloak spring-boot app fails to find bean KeycloakSpringBootConfigResolver
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM