文章/答案/技术大牛

发布

社区首页 >问答首页 >身份验证代码流错误后，KeyCloak重定向到身份提供程序

问身份验证代码流错误后，KeyCloak重定向到身份提供程序
EN

Stack Overflow用户

提问于 2020-09-09 15:14:48

回答 1查看 3.6K关注 0票数 3

我使用KeyCloak作为应用程序的OAuth2身份验证节点。但是真正的身份验证和授权发生在自定义(默认)身份提供程序中。

一个愉快的流成功，客户端应用程序(通过用户)接收授权代码(用于获取令牌)。

但是，每当我的IdP (Identity Provider)返回错误时，KeyCloak就会在循环中重试将用户重定向回IdP的过程，而不是将此错误传递回客户端应用程序。

是否有一个配置或参数来纠正这个问题？

标识提供程序配置

重定向：

客户端应用程序将redirects...

User重定向到KeyCloak: redirects...

User将KeyCloak重定向到My IdP：https://myidp/auth?scope=openid&state=SsjEd0IPdoG4EMPXwIPOtcTbxvrvZo3x9V2u6y3d3QE.J_i69mzjjS8.1&response_type=code&client_id=keycloak-client-id&redirect_uri=http%3A%2F%2Fkeycloak%2Fauth%2Frealms%2Fapp%2Fbroker%2Fmy-idp%2Fendpoint&uuid=123&nonce=5pe9y4dIpmPHghQbsZrhAA

User被IdP重定向到KeyCloak并带有错误：https://keycloak/auth/realms/app/broker/my-idp/endpoint?error_description=expired%20uuid&state=SsjEd0IPdoG4EMPXwIPOtcTbxvrvZo3x9V2u6y3d3QE.J_i69mzjjS8.1&error=invalid_request

User被KeyCloak重定向到My IdP (N)：https://myidp/auth?scope=openid&state=WINKLu_z9MDPwShk_mJE9ri7dxMgHN9xNoiTDskku90.J_i69mzjjS8.1&response_type=code&client_id=keycloak-client-id&redirect_uri=http%3A%2F%2Fkeycloak%2Fauth%2Frealms%2Fapp%2Fbroker%2Fmy-idp%2Fendpoint&uuid=123&nonce=0IcmhzImj9HpAudIk799hg

来自KeyCloak的跟踪

15:03:31,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
15:03:31,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
15:03:31,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper  commit
15:03:31,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
15:03:31,045 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1466/0x00000008414e4440
15:03:36,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
15:03:36,049 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
15:03:36,052 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper  commit
15:03:36,052 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
15:03:36,052 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1466/0x00000008414e4440
15:03:41,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
15:03:41,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
15:03:41,045 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper  commit
15:03:41,046 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) JtaTransactionWrapper end
15:03:41,046 DEBUG [org.keycloak.services.scheduled.ScheduledTaskRunner] (Timer-2) Executed scheduled task AbstractLastSessionRefreshStoreFactory$$Lambda$1466/0x00000008414e4440
15:03:42,366 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) new JtaTransactionWrapper
15:03:42,366 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) was existing? false
15:03:42,367 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) realm by name cache hit: app
15:03:42,367 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) by id cache hit: app
15:03:42,367 TRACE [org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint] (default task-115) Processing @GET request
15:03:42,367 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by name cache hit: 1
15:03:42,367 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,367 DEBUG [org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint] (default task-115) PKCE non-supporting Client
15:03:42,367 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the requests header
15:03:42,367 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the cookies field
15:03:42,367 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-115) Found AUTH_SESSION_ID cookie with value 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6.keycloak-0
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 DEBUG [org.keycloak.protocol.AuthorizationEndpointBase] (default task-115) Sent request to authz endpoint. Root authentication session with ID '7db70911-e7ce-41f9-9c43-f01ca4d3d9e6' exists. Client is '1' . Created new authentication session with tab ID: ekb7z3lW0c8
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,367 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,367 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,368 TRACE [org.keycloak.keys.DefaultKeyManager] (default task-115) Active key found: realm=app kid=8f2e9d61-d473-46b3-9b8f-fe95161b4eae algorithm=HS256 use=SIG
15:03:42,368 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-115) AUTHENTICATE
15:03:42,368 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-115) AUTHENTICATE ONLY
15:03:42,368 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,368 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) processFlow: browser
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) check execution: 'auth-cookie', requirement: 'ALTERNATIVE'
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) authenticator: auth-cookie
15:03:42,368 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-115) Going through the flow 'browser' for adding executions
15:03:42,368 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-115) Selections when trying execution 'auth-cookie' : [ authSelection - auth-cookie,  authSelection - identity-provider-redirector]
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) invoke authenticator.authenticate: auth-cookie
15:03:42,368 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) Couldnt find cookie {0}, trying {1}
15:03:42,368 DEBUG [org.keycloak.services.managers.AuthenticationManager] (default task-115) Could not find cookie: KEYCLOAK_IDENTITY
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) authenticator ATTEMPTED: auth-cookie
15:03:42,368 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) check execution: 'identity-provider-redirector', requirement: 'ALTERNATIVE'
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) authenticator: identity-provider-redirector
15:03:42,368 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-115) Going through the flow 'browser' for adding executions
15:03:42,368 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-115) Selections when trying execution 'identity-provider-redirector' : [ authSelection - identity-provider-redirector]
15:03:42,368 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) invoke authenticator.authenticate: identity-provider-redirector
15:03:42,368 TRACE [org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator] (default task-115) Redirecting: default provider set to my-idp
15:03:42,368 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,368 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,368 DEBUG [org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator] (default task-115) Redirecting to my-idp
15:03:42,368 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,368 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,368 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper  commit
15:03:42,368 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper end


15:03:42,436 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) new JtaTransactionWrapper
15:03:42,436 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) was existing? false
15:03:42,436 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) realm by name cache hit: app
15:03:42,436 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) by id cache hit: app
15:03:42,437 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Sending authentication request to identity provider [my-idp].
15:03:42,437 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (default task-115) Will use client '1' in back-to-application link
15:03:42,437 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by name cache hit: 1
15:03:42,437 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,437 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the requests header
15:03:42,437 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the cookies field
15:03:42,437 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-115) Found AUTH_SESSION_ID cookie with value 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6.keycloak-0
15:03:42,437 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,437 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,437 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,437 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Authorization code is valid.
15:03:42,437 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,437 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,440 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,440 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Identity provider [org.keycloak.broker.oidc.OIDCIdentityProvider@530bbebe] is going to send a request [org.jboss.resteasy.specimpl.BuiltResponse@12aba942].
15:03:42,440 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper  commit
15:03:42,440 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper end
15:03:42,741 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) new JtaTransactionWrapper
15:03:42,741 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) was existing? false
15:03:42,741 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) realm by name cache hit: app
15:03:42,741 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) by id cache hit: app
15:03:42,742 ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-115) invalid_request for broker login oidc
15:03:42,742 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (default task-115) Will use client '1' in back-to-application link
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by name cache hit: 1
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,742 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the requests header
15:03:42,742 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the cookies field
15:03:42,742 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-115) Found AUTH_SESSION_ID cookie with value 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6.keycloak-0
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,742 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,742 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Authorization code is valid.
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,742 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-115) AUTHENTICATE
15:03:42,742 DEBUG [org.keycloak.authentication.AuthenticationProcessor] (default task-115) AUTHENTICATE ONLY
15:03:42,742 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,742 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) processFlow: browser
15:03:42,742 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) check execution: 'auth-cookie', requirement: 'ALTERNATIVE'
15:03:42,742 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) execution 'auth-cookie' is processed
15:03:42,742 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) check execution: 'identity-provider-redirector', requirement: 'ALTERNATIVE'
15:03:42,742 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) authenticator: identity-provider-redirector
15:03:42,742 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-115) Going through the flow 'browser' for adding executions
15:03:42,742 DEBUG [org.keycloak.authentication.AuthenticationSelectionResolver] (default task-115) Selections when trying execution 'identity-provider-redirector' : [ authSelection - identity-provider-redirector]
15:03:42,742 DEBUG [org.keycloak.authentication.DefaultAuthenticationFlow] (default task-115) invoke authenticator.authenticate: identity-provider-redirector
15:03:42,742 TRACE [org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator] (default task-115) Redirecting: default provider set to my-idp
15:03:42,742 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,742 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,742 DEBUG [org.keycloak.authentication.authenticators.browser.IdentityProviderAuthenticator] (default task-115) Redirecting to my-idp
15:03:42,742 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,742 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,743 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper  commit
15:03:42,743 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper end


15:03:42,802 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) new JtaTransactionWrapper
15:03:42,802 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) was existing? false
15:03:42,802 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) realm by name cache hit: app
15:03:42,802 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) by id cache hit: app
15:03:42,802 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Sending authentication request to identity provider [my-idp].
15:03:42,802 DEBUG [org.keycloak.services.resources.SessionCodeChecks] (default task-115) Will use client '1' in back-to-application link
15:03:42,802 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by name cache hit: 1
15:03:42,802 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,802 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the requests header
15:03:42,802 DEBUG [org.keycloak.services.util.CookieHelper] (default task-115) {1} cookie found in the cookies field
15:03:42,802 DEBUG [org.keycloak.services.managers.AuthenticationSessionManager] (default task-115) Found AUTH_SESSION_ID cookie with value 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6.keycloak-0
15:03:42,802 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,802 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,802 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,802 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Authorization code is valid.
15:03:42,803 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,803 TRACE [org.keycloak.models.cache.infinispan.RealmCacheSession] (default task-115) client by id cache hit: 1
15:03:42,803 TRACE [org.keycloak.models.sessions.infinispan.InfinispanKeycloakTransaction] (default task-115) Adding cache operation: REPLACE on 7db70911-e7ce-41f9-9c43-f01ca4d3d9e6
15:03:42,803 DEBUG [org.keycloak.services.resources.IdentityBrokerService] (default task-115) Identity provider [org.keycloak.broker.oidc.OIDCIdentityProvider@68b04511] is going to send a request [org.jboss.resteasy.specimpl.BuiltResponse@1f1ebc48].
15:03:42,803 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper  commit
15:03:42,803 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (default task-115) JtaTransactionWrapper end

oauth-2.0

keycloak

回答 1

Stack Overflow用户

发布于 2020-11-24 10:59:12

我找出了我的问题的原因，不幸的是，它看起来与你的不同。您应该发布已配置的流(浏览器流、第一个登录流)。

在我的示例中，id提供程序返回了一个与其他错误不同的access_denied错误: keycloak试图显示您可以选择提供程序的登录表单；但是在我的浏览器流中，这是禁用的，我强迫重定向到id提供程序。

为了避免循环，我似乎必须禁用“Identity Provider Redirector”，或者对其进行配置，以便用户可以选择哪一个。

这段代码处理oauth响应中的错误参数：https://github.com/keycloak/keycloak/blob/66dfa32cd569a7416de21b4dc04db212e8fccce5/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java#L461

这一问题在redhat jira：https://issues.redhat.com/browse/KEYCLOAK-13274上有报道。

票数 0

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/63814640

复制

相似问题

问身份验证代码流错误后，KeyCloak重定向到身份提供程序
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问身份验证代码流错误后，KeyCloak重定向到身份提供程序EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问身份验证代码流错误后，KeyCloak重定向到身份提供程序
EN