mir*_*ash 27 jboss-tools keycloak
我正在尝试为我正在使用的 UI 应用程序实现身份验证https://github.com/joaojosefilho/vuejsOidcClient我已成功配置为与 gluu auth 服务器一起使用
现在我想尝试使用 keycloak 发生的情况是流程开始,看起来不错
http://auth.solidsense.tk/auth/realms/master/protocol/openid-connect/auth?client_id=console&redirect_uri=http%3A%2F%2Fportal.solidsense.tk%2Fcallback.html&response_type=id_token%20token&scope=openid%20profile%20permission%20address%20roles&state=f60457ff91c84ac5b49179bc4b47cd8d&nonce=3753dd32c3ea4f8087608382c2eef932
并且显示了 keycloak 登录页面,但在提交时输入凭据后,我收到以下请求的错误 502 (如果输入了不正确的凭据,则会显示正确的错误消息)
http://auth.solidsense.tk/auth/realms/master/login-actions/authenticate?session_code=2xol67J32yIFVfDfrN0DmIT1sdzfzoeo1dg_kPZrYeY&execution=499b2298-5c08-4521-8993-b23eb253f0a4&client_id=console&tab_id=cHj4HozAr-Q
这是我在日志中看到的异常
08:03:26,164 DEBUG [io.undertow.request.io] (default task-1) UT005013: An IOException occurred: java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
at sun.nio.ch.IOUtil.read(IOUtil.java:197)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
at org.xnio.nio.NioSocketConduit.read(NioSocketConduit.java:289)
at org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
at io.undertow.util.ConnectionUtils.doDrain(ConnectionUtils.java:96)
at io.undertow.util.ConnectionUtils.cleanClose(ConnectionUtils.java:74)
at io.undertow.server.protocol.http.HttpReadListener.exchangeComplete(HttpReadListener.java:368)
at io.undertow.server.protocol.http.HttpServerConnection.exchangeComplete(HttpServerConnection.java:232)
at io.undertow.server.HttpServerExchange.invokeExchangeCompleteListeners(HttpServerExchange.java:1279)
at io.undertow.server.HttpServerExchange.terminateResponse(HttpServerExchange.java:1563)
at io.undertow.server.Connectors.terminateResponse(Connectors.java:147)
at io.undertow.server.protocol.http.ServerFixedLengthStreamSinkConduit.channelFinished(ServerFixedLengthStreamSinkConduit.java:58)
at io.undertow.conduits.AbstractFixedLengthStreamSinkConduit.exitFlush(AbstractFixedLengthStreamSinkConduit.java:316)
at io.undertow.conduits.AbstractFixedLengthStreamSinkConduit.flush(AbstractFixedLengthStreamSinkConduit.java:234)
at org.xnio.conduits.ConduitStreamSinkChannel.flush(ConduitStreamSinkChannel.java:162)
at io.undertow.channels.DetachableStreamSinkChannel.flush(DetachableStreamSinkChannel.java:119)
at org.xnio.channels.Channels.flushBlocking(Channels.java:63)
at io.undertow.servlet.spec.ServletOutputStreamImpl.close(ServletOutputStreamImpl.java:618)
at io.undertow.servlet.spec.HttpServletResponseImpl.closeStreamAndWriter(HttpServletResponseImpl.java:486)
at io.undertow.servlet.spec.HttpServletResponseImpl.responseDone(HttpServletResponseImpl.java:575)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:351)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:364)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
08:03:27,805 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) new JtaTransactionWrapper
08:03:27,806 DEBUG [org.keycloak.transaction.JtaTransactionWrapper] (Timer-2) was existing? false
08:03:27,811 DEBUG [org.keycloak.models.sessions.infinispan.changes.sessions.PersisterLastSessionRefreshStore] (Timer-2) Updating 0 userSessions with lastSessionRefresh: 1557813747
08:03:27,812 DEBUG [org.hibernate.resource.transaction.backend.jta.internal.JtaTransactionCoordinatorImpl] (Timer-2) Hibernate RegisteredSynchronization successfully registered with JTA pla
tform
如果我尝试访问 /auth/realms/master/account 没有问题,但使用授权代码流
http://auth.solidsense.tk/auth/realms/master/protocol/openid-connect/auth?client_id=account&redirect_uri=http%3A%2F%2Fauth.solidsense.tk%2Fauth%2Frealms%2Fmaster%2Faccount%2Flogin-redirect&state=0%2F2758cd0b-d1c0-4fd6-8c0f-a8aa1916aad6&response_type=code&scope=openid
keycloak在nginx后面运行
listen 80;
listen [::]:80;
server_name auth.solidsense.tk;
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:9080;
我希望在单击提交按钮后和 keycloak 验证用户名和密码后重定向到我的应用程序redirect_uri
Sea*_*mus 42
我也遇到了同样的 502 错误。
Nginx 错误日志报告“*1 上游在从上游读取响应标头时发送了太大的标头”。增加缓冲区大小解决了该问题。
将这些指令添加到httpnginx.conf 中的块中
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
Mad*_*deo 35
对于那些正在处理 Nginx Kubernetes 入口的人:
"nginx.ingress.kubernetes.io/proxy-buffer-size": "128k"
更多信息在这里: https: //kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#proxy-buffer-size
Lad*_*čák 11
问题可能出在 Nginx 配置上。尝试将 proxy_buffers 设置为更高的数字。例如:
listen 80;
listen [::]:80;
server_name auth.solidsense.tk;
location /{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffers 4 16k;
proxy_pass http://localhost:9080;
...
根本原因是 nginx 代理缓冲区大小过低。您需要增加它,例如128k。如果你和我一样使用kubernetes ingress,你可以使用以下设置。
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
入口.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-keycloak
annotations:
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
spec:
ingressClassName: nginx
tls:
- hosts:
- keycloak.mesutpiskin.com
secretName: wildcard-fimple
rules:
- host: keycloak.mesutpiskin.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test-keycloak
port:
number: 8080
| 归档时间: |
|
| 查看次数: |
28529 次 |
| 最近记录: |