那些遇到过的问题

没找到publicKey for kid,Keycloak?

Ahm*_*mal 11 java authentication jwt keycloak keycloak-services

我在调用端点从angular js 2到widlfly服务器时遇到了这个异常"没有找到publicKey for kid".

验证发生在keycloak中,但是我使用相同的令牌在同一个域内调用来自不同客户端(不同的微服务)的8个端点,但是我只在这个微服务调用中得到了这个例外.

我确信用户拥有所有客户的所有角色.我还在JWT上解码了令牌来验证.

有时它工作,有时没有!这个异常堆栈跟踪:

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:90)
    at sun.security.validator.Validator.getInstance(Validator.java:179)
    at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312)
    at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    ... 55 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
    at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
    at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
    at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:88)
    ... 67 more

2017-06-09 00:33:35,994 ERROR [org.keycloak.adapters.rotation.AdapterRSATokenVerifier] (default task-445) Didn't find publicKey for kid: QSm64gYAxG5-5Lt5r-T2dqQmHb8KKJ2dL3h_3Y8zXBE
2017-06-09 00:33:35,994 ERROR [org.keycloak.adapters.BearerTokenRequestAuthenticator] (default task-445) Failed to verify token: org.keycloak.common.VerificationException: Didn't find publicKey for specified kid
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.getPublicKey(AdapterRSATokenVerifier.java:47)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:55)
    at org.keycloak.adapters.rotation.AdapterRSATokenVerifier.verifyToken(AdapterRSATokenVerifier.java:37)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticateToken(BearerTokenRequestAuthenticator.java:87)
    at org.keycloak.adapters.BearerTokenRequestAuthenticator.authenticate(BearerTokenRequestAuthenticator.java:82)
    at org.keycloak.adapters.RequestAuthenticator.authenticate(RequestAuthenticator.java:67)
    at org.keycloak.adapters.undertow.AbstractUndertowKeycloakAuthMech.keycloakAuthenticate(AbstractUndertowKeycloakAuthMech.java:110)
    at org.keycloak.adapters.undertow.ServletKeycloakAuthMech.authenticate(ServletKeycloakAuthMech.java:92)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:233)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:250)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:219)
    at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:121)
    at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:96)
    at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:89)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
    at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Run Code Online (Sandbox Code Playgroud)

bud*_*eru 7

如果这仍然有意义,那么我有同样的问题。就我而言,问题是在Keycloak中客户端名称配置不正确。在Keycloak中更正客户端名称后,一切正常。

  • 你可以说得更详细点吗? (4认同)
  • 你做了什么?这个答案怎么能得到这么多人的点赞呢?它实际上没有提供任何答案 (4认同)
  • 您可以指定更多吗?您的错误是在client_id中输入还是其他? (2认同)

Phi*_*her 5

根据我的经验,这通常是客户端应用程序无法访问jwks_urikeycloak 服务器端点的问题。

您可以通过显式指定“realm-public-key”来排除这种情况,这将“硬编码”该值。https://github.com/keycloak/keycloak-documentation/blob/master/secure_apps/topics/oidc/java/java-adapter-config.adoc

您还可以终端进入应用程序容器,并确保可以卷曲这些端点。请务必验证这是否与适配器中的身份验证服务器配置匹配。

http://localhost:8080/auth/realms/master/protocol/openid-connect/certs http://localhost:8080/auth/realms/master/protocol/openid-connect/certs

归档时间:

查看次数:

9816 次

最近记录:

7 年,4 月 前
相关归档
Hibernate JPA序列(非Id) 121
字节顺序标记用Java解压缩文件读取 106
Intellij IDEA崩溃,现在抛出一个错误 99
使用LIKE Spring JPA @Query 75
New Integer vs valueOf 69
Java 8传递方法作为参数 67
Java.lang.NoClassDefFoundError:com/fasterxml/jackson/databind/exc/InvalidDefinitionException 51
使用凭据添加新用户临时属性不起作用 5
在Python中使用RestAPI的VCloud Director Org用户身份验证 4
以编程方式将用户名和密码发送到Apache Web服务器 3
难疑归档
如何更新GitHub分叉存储库? 3390
C++中指针变量和引用变量之间有什么区别? 3115
__str__和__repr__之间的区别? 2545
忽略已提交到Git存储库的文件 2429
当用户将鼠标悬停在列表项上时,将光标置为手 1871
确定对象的类型? 1700
Java内部类和静态嵌套类 1691
在Python中反转一个字符串 1288
performSelector可能导致泄漏,因为其选择器未知 1251
AngularJS中指令范围内的'@'和'='有什么区别? 1053