我正在尝试使用与 Spring Security 集成的 ForgeRock OpenAM 设置 OAuth2-OpenID Connect,但收到以下错误
2019-06-17 15:01:42.576 DEBUG 62255 --- [nio-8090-exec-2] .o.s.r.w.BearerTokenAuthenticationFilter :
Authentication request for failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException:
An error occurred while attempting to decode the Jwt:
Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Jwk .wellknown uri 返回以下支持的算法:
"id_token_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
]
解码后的 JWT 显示以下标头:
{
"typ": "JWT",
"zip": "NONE",
"alg": "HS256"
}
有没有一种方法可以根据来自标头的值设置特定的 JwtDecoder 或强制 AM 使用一种特定算法?
我正在尝试在这里获取此Dockerfile- https://github.com/ForgeRock/forgeops/blob/release/6.5.0/docker/util/Dockerfile
并更改旧版本为Alpine linux(如下所示):
FROM alpine:3.7
...
RUN apk add --update ca-certificates \
&& apk add --update -t deps curl\
&& curl -L https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl \
&& apk del --purge deps \
&& apk add --update jq su-exec unzip curl bash openldap-clients \
&& rm /var/cache/apk/* \
&& mkdir -p $FORGEROCK_HOME \
&& addgroup -g 11111 forgerock \
&& adduser -s /bin/bash -h "$FORGEROCK_HOME" -u 11111 -D -G forgerock forgerock
对其进行更改以使其脱离RHEL 7(我在下面的更改)
FROM ubi7-stigd:7.6 …