Spring Security 如何将Spring授权服务器作为OIDC身份提供者集成到keycloak中

zsbz8rwp 于 2023-01-26 发布在 Spring

关注(0)|答案(1)|浏览(241)

我已经用Spring实现了一个简单的授权服务器www.example.com，目标是将其用作OIDC身份提供程序，并使用keycloak注册它。以下是我的配置：boot.my goal is to use it as an OIDC idntity provider an register it with keycloak. this is my configuration:

@Configuration
@Import(OAuth2AuthorizationServerConfiguration.class)
public class AuthorizationServerConfig {
    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
                .clientId("client")
                .clientSecret("{noop}secret")
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .redirectUri("http://KEYCLOAK_URL:8082/*")
                .scope(OidcScopes.OPENID)
                .build();

        return new InMemoryRegisteredClientRepository(registeredClient);
    }

    @Bean
    UserDetailsService users() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("admin")
                .password("admin")
                .roles("ADMIN")
                .build();
        UserDetails user2 = User.withDefaultPasswordEncoder()
                .username("test")
                .password("test")
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(user,user2);
    }

    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE)
    public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
        OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
        return http.formLogin(Customizer.withDefaults()).build();
    }

    @Bean
    public JWKSource<SecurityContext> jwkSource() throws NoSuchAlgorithmException {
        RSAKey rsaKey = generateRsa();
        JWKSet jwkSet = new JWKSet(rsaKey);
        return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
    }

    private static RSAKey generateRsa() throws NoSuchAlgorithmException {
        KeyPair keyPair = generateRsaKey();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        return new RSAKey.Builder(publicKey)
                .privateKey(privateKey)
                .keyID(UUID.randomUUID().toString())
                .build();
    }

    private static KeyPair generateRsaKey() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        return keyPairGenerator.generateKeyPair();
    }
    @Bean
    public ProviderSettings providerSettings() {
        return ProviderSettings.builder()
                .issuer("http://AUTH_SRVER_URL:9000")
                .build();
    }



}

@EnableWebSecurity
public class DefaultSecurityConfig {

    @Bean
    SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
       http.authorizeRequests()
               .antMatchers("/login")
               .permitAll()
               .anyRequest()
               .authenticated()
               .and()
               .formLogin();
        return http.build();
    }


}

然后我注册了sring授权服务器作为一个idp在keycloak.当我执行"login_with_spring"它重定向到spring auth服务器登录页面.提交表单后，它不重定向我回到keycloak.

spring-security

来源：https://stackoverflow.com/questions/75211365/how-to-integrate-spring-authorization-server-into-keycloak-as-oidc-an-identity-p

1条答案

按热度按时间

2w3rbyxf1#

看起来您已经将client_credentials配置为授权类型，但正在尝试将其用于OpenID Connect 1.0。OIDC使用authorization_code授权类型。我没有测试您在这里描述的设置，但我相信您可以简单地使用：

.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)

赞(0）回复(0）举报 2023-01-26

我来回答

Spring Security 如何将Spring授权服务器作为OIDC身份提供者集成到keycloak中

1条答案

相关问题

热门标签

最新问答