无法通过密钥披风OpenID-连接使用OneLogin进行身份验证
无法通过密钥披风OpenID-连接使用OneLogin进行身份验证
提问于 2017-09-26 16:22:02
下午所有..。
我正在尝试使用OpenID协议将凯克雅克 IdM与OneLogin连接起来。
我已经成功地实现了双方的设置,但是当我试图通过Keycloak进行身份验证时,我得到了以下错误:
Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: No access_token from server.
at org.keycloak.broker.oidc.OIDCIdentityProvider.verifyAccessToken(OIDCIdentityProvider.java:297)运行带有调试日志的Keycloak,我可以看到从OneLogin返回的错误代码如下:
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "POST /oidc/token HTTP/1.1[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "Content-Length: 677[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "Host: ***.onelogin.com[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "Connection: Keep-Alive[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "User-Agent: Apache-HttpClient/4.5 (Java/1.8.0_112)[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "Accept-Encoding: gzip,deflate[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "[\r][\n]"
2017-09-26 16:38:09,986 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 >> "code=**redacted**&grant_type=authorization_code&client_secret=**redacted**&redirect_uri=https%3A%2F%2Fidm01.**redacted-url**%2Fendpoint&client_id=**redacted**"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "HTTP/1.1 400 Bad Request[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "Cache-Control: no-cache, no-store[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "Content-Type: application/json; charset=utf-8[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "Date: Tue, 26 Sep 2017 15:38:10 GMT[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "Pragma: no-cache[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "X-Content-Type-Options: nosniff[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "X-Powered-By: Express[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "X-Xss-Protection: 1; mode=block[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "Content-Length: 108[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "Connection: keep-alive[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "[\r][\n]"
2017-09-26 16:38:10,391 DEBUG [org.apache.http.wire] (default task-4) http-outgoing-2 << "{"error":"invalid_request","error_description":"client_secret must be provided in the Authorization header"}"听起来很简单,但是当我环顾四周时,我看到关于如果请求包含client_id和client_secret,“授权”头是否必不可少的信息是相互矛盾的。
那么,这是密钥披风中的一个bug,还是OneLogin中的一个bug?
谢谢您的回复。
问候
加文
回答 1
Stack Overflow用户
发布于 2017-10-12 23:48:25
不熟悉Keycloak,但我们期望客户端/秘密作为基本的auth标头发送,而不是在URL或请求正文中发送(这就是它所做的)
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/46431457
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号