时间戳

首页 > 解决方案 > 为什么认证成功后授权失败

oauth-2.0 - 为什么认证成功后授权失败

问题描述

我根据帖子https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/为 CAS 服务器配置了 OAuth2.0 协议(授权码授予类型)

我的服务器配置(application.yml)

cas:
  server:
    name: https://casoauth.example.org:8443
    prefix: ${cas.server.name}/cas
  authn:
    accept:
      users: casuser::demo
    oauth:
      refreshToken:
        timeToKillInSeconds: 2592000
      code:
        timeToKillInSeconds: 14400
        numberOfUses: 10
      accessToken:
        timeToKillInSeconds: 14400
        maxTimeToLiveInSeconds: 28800
      grants:
        resourceOwner:
          requireServiceHeader: true
      userProfileViewType: FLAT
  ticket:
    tgt:
      maxTimeToLiveInSeconds: 28800
      timeToKillInSeconds: 14400
    st:
      timeToKillInSeconds: 14400
  serviceRegistry:
    json:
      location: classpath:/services
    initFromJson: true
logging:
  config: file:/etc/cas/config/log4j2.xml
  level:
    org:
      apereo:
        cas: DEBUG

注册应用的json

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "client1",
  "clientSecret": "password1",
  "serviceId": "^https://casoauth.example.org:9999/.*",
  "name": "OAuthService",
  "id": 1000,
  "bypassApprovalPrompt": false,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}

应用配置

debug: true
server:
  port: 9999
  ssl:
    keyStore: file:/etc/cas/thekeystore
    keyStorePassword: changeit
    keyPassword: changeit

security:
  user:
    password: user
  ignored: /,/favicon.ico,/index.html,/home.html,/dashboard.html,/js/**,/css/**,/webjars/**
  sessions: ALWAYS
  oauth2:
    sso:
      loginPath: /dashboard/login
management:
  security:
    role: HERO

logging:
  level:
    org.springframework: INFO
    com.netflix.discovery: 'OFF'

---
spring:
  profiles: cas
security:
  oauth2:
    client:
      clientId: client1
      clientSecret: password1
      accessTokenUri: https://casoauth.example.org:8443/cas/oauth2.0/accessToken
      userAuthorizationUri: https://casoauth.example.org:8443/cas/oauth2.0/authorize
      clientAuthenticationScheme: form
    resource:
      userInfoUri: https://casoauth.example.org:8443/cas/oauth2.0/profile
      preferTokenInfo: false

在 CAS 服务器上进行身份验证后,我得到

白标错误页面

此应用程序没有显式映射 /error,因此您将其视为后备。

Tue Jun 04 17:10:41 CEST 2019 出现意外错误(类型=未授权,状态=401)。身份验证失败:无法获取访问令牌

网址https://casoauth.example.org:9999/dashboard/login?code=OC-1-lu5Hlcg2l3E4S5B68fs0-P-47tkh-4gR&state=ef17Ee

有什么想法有什么问题吗?

标签: oauth-2.0spring-security-oauth2cas

解决方案

我有这个问题。您应该将您的证书添加到受信任的证书中,问题就会解决。

推荐阅读