java ELY23005：无法加载OpenID提供程序元数据

iqih9akk 于 2023-04-04 发布在 Java

关注(0)|答案(1)|浏览(95)

我们的是一个基于wildfly的应用程序。我们用Elytron配置了Keycloak OIDC。这个集成在我们所有的环境中都能很好地工作，除了这个。在点击任何URL时，它都会返回403 Forbidden错误。
在启用TRACE级别时，我可以在访问应用程序端点时看到这些日志：

{"log_timestamp": "2023-03-31T12:34:38.629+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.servlet", "log_message": "Created ServletSecurityContextImpl enableJapi=true, integratedJaspi=true, applicationContext=default-host /my-app"}
{"log_timestamp": "2023-03-31T12:34:38.629+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.servlet", "log_message": "No AuthConfigProvider for layer=HttpServlet, appContext=default-host /my-app"}
{"log_timestamp": "2023-03-31T12:34:38.629+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.servlet", "log_message": "JASPIC Unavailable, using HTTP authentication."}
{"log_timestamp": "2023-03-31T12:34:38.629+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security", "log_message": "No CachedIdentity to restore."}
{"log_timestamp": "2023-03-31T12:34:38.629+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security", "log_message": "Created HttpServerAuthenticationMechanism [org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1@611230fa] for mechanism [OIDC]"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "DEBUG", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "adminRequest http://localhost:8180/my-app/"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "--> authenticate()"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "try bearer"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "try query parameter auth"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "try basic auth"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "TRACE", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "try oidc"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "DEBUG", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "Account was not in session, returning null"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "DEBUG", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "there was no code"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "DEBUG", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "redirecting to auth server"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "DEBUG", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "callback uri: http://localhost:8180/my-app/"}
{"log_timestamp": "2023-03-31T12:34:38.630+0000", "log_level": "DEBUG", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "Loading OpenID provider metadata from https://myidp.com/realm/myrealm/.well-known/openid-configuration"}
{"log_timestamp": "2023-03-31T12:34:38.632+0000", "log_level": "WARN", "process_id": 1, "process_name": "myapp", "thread_id": 1, "thread_name": "default task-1", "action_name": "org.wildfly.security.http.oidc", "log_message": "ELY23005: Unable to load OpenID provider metadata from https://myidp.com/realm/myrealm/.well-known/openid-configuration"}

在查看此日志的源代码时，没有证据表明哪一行导致了异常。
一些线索：
我们所有的环境都是使用相同的Helm创建的，所以没有完整性或健全性的问题。IDP的HTTPS证书由受信任的CA颁发。从容器中，我们能够在最后一行中找到metadata configuration URL还附加了standalone.xml IDP提供程序是Keycloak。比较了Realm设置，客户端设置并没有发现任何差异。尝试将此应用程序指向不同的Keycloak示例，但得到同样的问题。

Java

来源：https://stackoverflow.com/questions/75916483/ely23005-unable-to-load-openid-provider-metadata

1条答案

按热度按时间

lkaoscv71#

我认为问题是内部服务无法通过HTTPS到达内部https://myidp.com。当您的HTTPS在代理/负载均衡器中终止并且内部服务大多使用HTTP时，这是一个非常常见的网络问题。如何解决它取决于您的基础架构，一个选项可以是将HTTPS证书添加到密钥斗篷端点，然后将www.example.commyidp.comMap到内部https://myidp.com。LAN上的IP地址。

赞(0）回复(0）举报 2023-04-04

我来回答

java ELY23005：无法加载OpenID提供程序元数据

1条答案

相关问题

热门标签

最新问答