[英]How to configure keycloak in kubernetes?
I have a Spring cloud API gateway talking to keycloak server for JWT authentication.我有一个 Spring 云 API 网关与 keycloak 服务器对话以进行 JWT 身份验证。 If I run my application from eclipse and keycloak as single docker container, it works fine.
如果我从 eclipse 和 keycloak 作为单个 docker 容器运行我的应用程序,它工作正常。 However when I run my spring boot application as docker container(using docker compose or kube.netes) its unable to authorize with keycloak throws following error.
但是,当我将 spring 启动应用程序作为 docker 容器(使用 docker compose 或 kube.netes)运行时,它无法使用 keycloak 进行授权会抛出以下错误。
org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
at org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder.wrapException(SupplierReactiveJwtDecoder.java:48) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
.
.
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak-server:8080/realms/master"
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:161) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Are there any additional configurations required for this situation?这种情况是否需要额外的配置?
Please check below links may help请检查以下链接可能有帮助
https://www.keycloak.org/getting-started/getting-started-kube https://www.keycloak.org/getting-started/getting-started-kube
java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer java.lang.IllegalArgumentException:无法使用提供的 Issuer 解析配置
If the keycloak and springboot applications are deployed in different namespace, you would need to include the namespace in the keycloak url configured in your springboot application ( https://kube.netes.io/docs/concepts/services.networking/dns-pod-service/#namespaces-of-services ).如果 keycloak 和 springboot 应用程序部署在不同的命名空间中,则需要在 springboot 应用程序中配置的 keycloak url 中包含命名空间 ( https://kube.netes.io/docs/concepts/services.networking/dns-pod -服务/#namespaces-of-services )。
Also you might need to check if the kube.netes service for keycloak is configured correctly.您还可能需要检查 keycloak 的 kube.netes 服务是否配置正确。
To solve this modified few things解决这个修改的几件事
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.