oauth-2.0 - 为什么认证成功后授权失败
问题描述
我根据帖子https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/为 CAS 服务器配置了 OAuth2.0 协议(授权码授予类型)
我的服务器配置(application.yml)
cas:
server:
name: https://casoauth.example.org:8443
prefix: ${cas.server.name}/cas
authn:
accept:
users: casuser::demo
oauth:
refreshToken:
timeToKillInSeconds: 2592000
code:
timeToKillInSeconds: 14400
numberOfUses: 10
accessToken:
timeToKillInSeconds: 14400
maxTimeToLiveInSeconds: 28800
grants:
resourceOwner:
requireServiceHeader: true
userProfileViewType: FLAT
ticket:
tgt:
maxTimeToLiveInSeconds: 28800
timeToKillInSeconds: 14400
st:
timeToKillInSeconds: 14400
serviceRegistry:
json:
location: classpath:/services
initFromJson: true
logging:
config: file:/etc/cas/config/log4j2.xml
level:
org:
apereo:
cas: DEBUG
注册应用的json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "client1",
"clientSecret": "password1",
"serviceId": "^https://casoauth.example.org:9999/.*",
"name": "OAuthService",
"id": 1000,
"bypassApprovalPrompt": false,
"supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}
应用配置
debug: true
server:
port: 9999
ssl:
keyStore: file:/etc/cas/thekeystore
keyStorePassword: changeit
keyPassword: changeit
security:
user:
password: user
ignored: /,/favicon.ico,/index.html,/home.html,/dashboard.html,/js/**,/css/**,/webjars/**
sessions: ALWAYS
oauth2:
sso:
loginPath: /dashboard/login
management:
security:
role: HERO
logging:
level:
org.springframework: INFO
com.netflix.discovery: 'OFF'
---
spring:
profiles: cas
security:
oauth2:
client:
clientId: client1
clientSecret: password1
accessTokenUri: https://casoauth.example.org:8443/cas/oauth2.0/accessToken
userAuthorizationUri: https://casoauth.example.org:8443/cas/oauth2.0/authorize
clientAuthenticationScheme: form
resource:
userInfoUri: https://casoauth.example.org:8443/cas/oauth2.0/profile
preferTokenInfo: false
在 CAS 服务器上进行身份验证后,我得到
白标错误页面
此应用程序没有显式映射 /error,因此您将其视为后备。
Tue Jun 04 17:10:41 CEST 2019 出现意外错误(类型=未授权,状态=401)。身份验证失败:无法获取访问令牌
有什么想法有什么问题吗?
解决方案
我有这个问题。您应该将您的证书添加到受信任的证书中,问题就会解决。
推荐阅读
- python - 根据运行时值从 tensorflow 张量中提取元素
- jquery - 在更改时附加输入表单返回默认值
- autohotkey - AutoHotKey while 循环中断
- mysql - MySQL:如何用左连接连接 2 个表(a 和 b = x1),用右连接连接 2 个(c 和 d = x2),然后内连接它们(x1 和 x2)?
- javascript - 如何通过dm给用户添加角色
- cookies - Mediawiki:Cookies
- firebase - 如何使用firebase检查Fieldvalue
- reactjs - 反应大日历重复日期
- kubernetes - 管理员注册失败,错误:%o 消息=调用注册端点失败,连接超时
- python - 如果他使用Python输入的数据不正确,我如何让用户输入另一个响应