如何在 kube.netes 中配置 keycloak?
[英]How to configure keycloak in kubernetes?
问题描述
I have a Spring cloud API gateway talking to keycloak server for JWT authentication.
我有一个 Spring 云 API 网关与 keycloak 服务器对话以进行 JWT 身份验证。 If I run my application from eclipse and keycloak as single docker container, it works fine.如果我从 eclipse 和 keycloak 作为单个 docker 容器运行我的应用程序,它工作正常。 However when I run my spring boot application as docker container(using docker compose or kube.netes) its unable to authorize with keycloak throws following error.但是,当我将 spring 启动应用程序作为 docker 容器(使用 docker compose 或 kube.netes)运行时,它无法使用 keycloak 进行授权会抛出以下错误。
org.springframework.security.oauth2.jwt.JwtDecoderInitializationException: Failed to lazily resolve the supplied JwtDecoder instance
at org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder.wrapException(SupplierReactiveJwtDecoder.java:48) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
.
.
Caused by: java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer of "http://keycloak-server:8080/realms/master"
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:161) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfigurationForIssuerLocation(JwtDecoderProviderConfigurationUtils.java:79) ~[spring-security-oauth2-jose-5.7.6.jar!/:5.7.6]
Are there any additional configurations required for this situation?这种情况是否需要额外的配置?
2 个解决方案
解决方案1
1 已采纳 2022-12-28 09:18:33
Please check below links may help请检查以下链接可能有帮助
https://www.keycloak.org/getting-started/getting-started-kube https://www.keycloak.org/getting-started/getting-started-kube
java.lang.IllegalArgumentException: Unable to resolve the Configuration with the provided Issuer java.lang.IllegalArgumentException:无法使用提供的 Issuer 解析配置
解决方案2
0 2022-12-28 05:07:42
If the keycloak and springboot applications are deployed in different namespace, you would need to include the namespace in the keycloak url configured in your springboot application ( https://kube.netes.io/docs/concepts/services.networking/dns-pod-service/#namespaces-of-services ).如果 keycloak 和 springboot 应用程序部署在不同的命名空间中,则需要在 springboot 应用程序中配置的 keycloak url 中包含命名空间 ( https://kube.netes.io/docs/concepts/services.networking/dns-pod -服务/#namespaces-of-services )。
Also you might need to check if the kube.netes service for keycloak is configured correctly.您还可能需要检查 keycloak 的 kube.netes 服务是否配置正确。
解决方案3
0 2022-12-29 06:33:54
To solve this modified few things解决这个修改的几件事
- Created new realm instead of using default master realm创建了新的 realm 而不是使用默认的主 realm
- Instead of using keycloak kube.netes service name in issuer url, used host.docker.internal ip而不是在发行者 url 中使用 keycloak kube.netes 服务名称,而是使用 host.docker.internal ip
- While generating JWT from postman used same host.docker.internal ip in the token generation url从 postman 生成 JWT 在令牌生成 url 中使用相同的 host.docker.internal ip
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.