[英]Keycloak give read time out error while calling external IDP APIs
我使用keycloak 11.0.2
作為身份代理,並添加了幾個身份提供者與OpenID Connect V1
。
當用戶嘗試登錄一個身份提供者時,用戶在 UI 中遇到意外錯誤,並且始終未觀察到此行為(1/10)。 在檢查 keycloak 日志時,我看到 userinfo 端點有超時。
日志:
2022-01-20T08:32:53.013077386Z stdout F Caused by: java.net.SocketTimeoutException: Read timed out
......
org.jboss.resteasy.resteasy-jaxrs@3.12.1.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)
2022-01-20T08:32:53.012493482Z stdout F at org.jboss.resteasy.resteasy-jaxrs@3.12.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:393)
2022-01-20T08:32:53.012485382Z stdout F at org.jboss.resteasy.resteasy-jaxrs@3.12.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:432)
2022-01-20T08:32:53.012477382Z stdout F at org.jboss.resteasy.resteasy-jaxrs@3.12.1.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:543)
2022-01-20T08:32:53.012467282Z stdout F at org.jboss.resteasy.resteasy-jaxrs@3.12.1.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
2022-01-20T08:32:53.012456182Z stdout F at java.base/java.lang.reflect.Method.invoke(Method.java:566)
2022-01-20T08:32:53.012432882Z stdout F at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2022-01-20T08:32:53.011913079Z stdout F at jdk.internal.reflect.GeneratedMethodAccessor568.invoke(Unknown Source)
2022-01-20T08:32:53.011900478Z stdout F at org.keycloak.keycloak-services@11.0.2//org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider$Endpoint.authResponse(AbstractOAuth2IdentityProvider.java:472)
2022-01-20T08:32:53.011880878Z stdout F at org.keycloak.keycloak-services@11.0.2//org.keycloak.broker.oidc.OIDCIdentityProvider.getFederatedIdentity(OIDCIdentityProvider.java:386)
2022-01-20T08:32:53.011803978Z stdout F 08:32:53,010 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-21) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: Could not fetch attributes from userinfo endpoint.
我的假設是 userinfo 端點未能在特定時間響應。我正確嗎?
keycloak 使 API 調用 IDP 時的讀取時間是多少?
如何更改此超時?
在這里,我使用 Docker 圖像來運行帶有 mariaDB 的 keycloak。
我使用 keycloak 作為 docker 容器,並增加了套接字超時,如下所示,它對我有用:
FROM jboss/keycloak:15.0.2
ARG GIT_COMMIT_SHA=unspecified
LABEL GIT_COMMIT_SHA=$GIT_COMMIT_SHA
#Add socket timeout for outgoing http requests
RUN sed -i -e '/^<spi name="connectionsHttpClient">/!b;n;c\
<provider name="default" enabled="true">\
<properties>\
<property name="connection-pool-size" value="256"/>\
<property name="socket-timeout-millis" value="60000"/>\
</properties>\
</provider>' $JBOSS_HOME/standalone/configuration/standalone.xml
RUN sed -i -e '/^<spi name="connectionsHttpClient">/!b;n;c\
<provider name="default" enabled="true">\
<properties>\
<property name="connection-pool-size" value="256"/>\
<property name="socket-timeout-millis" value="60000"/>\
</properties>\
</provider>' $JBOSS_HOME/standalone/configuration/standalone-ha.xml
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.