时间戳

首页 > 解决方案 > 如何在 WSO2 IS 中正确退出 OIDC

wso2 - 如何在 WSO2 IS 中正确退出 OIDC

问题描述

我正在尝试从使用 OIDC 进行身份验证的应用程序中注销。登录后,当我前往 /logout 时无法注销,我没有看到从 WSO2 控制台应用程序注销时看到的同意页面(我没有禁用它,因此它应该显示为确认注销)。之后,我被重定向到不需要插入凭据的 /login 页面,我所要做的就是单击同意上的允许。

配置安全类

public class ConfigSecurity extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/login","/assets/**")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .oauth2Login().loginPage("/login")
                .and()
                .logout().logoutUrl("/logout")
                .logoutSuccessHandler(oidcLogoutSuccessHandler());

    }

    @Autowired
    private ClientRegistrationRepository clientRegistrationRepository;

    private LogoutSuccessHandler oidcLogoutSuccessHandler() {

        OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler =
                new OidcClientInitiatedLogoutSuccessHandler(
                        this.clientRegistrationRepository);
        oidcLogoutSuccessHandler.setPostLogoutRedirectUri(URI.create("http://localhost:8844/logout"));
        return oidcLogoutSuccessHandler;
    }
}

回调 URI:

regexp=(http://localhost:8844/login/oauth2/code/wso2|http://localhost:8844/logout)

BackChannel 注销 URI:https://localhost:9443/oidc/logout

应用程序属性:

server.port=8844
#########
spring.security.oauth2.client.registration.wso2.client-name=WSO2 Identity Server
spring.security.oauth2.client.registration.wso2.client-id=5YvGdwKZaS6pTS_uZhfu_X8sNVYa
spring.security.oauth2.client.registration.wso2.client-secret=hGPrgFnlbuS5N7_srxRenz998h8a
spring.security.oauth2.client.registration.wso2.redirect-uri={baseUrl}/login/oauth2/code/wso2
spring.security.oauth2.client.registration.wso2.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.wso2.scope=openid

# spring.security.oauth2.client.provider.wso2.issuer-uri=https://localhost:9443/oauth2/oidcdiscovery

#Identity Server Properties
spring.security.oauth2.client.provider.wso2.authorization-uri=https://localhost:9443/oauth2/authorize
spring.security.oauth2.client.provider.wso2.token-uri=https://localhost:9443/oauth2/token
spring.security.oauth2.client.provider.wso2.user-info-uri=https://localhost:9443/oauth2/userinfo
spring.security.oauth2.client.provider.wso2.jwk-set-uri=https://localhost:9443/oauth2/jwks

谁能帮忙提前谢谢

标签: wso2wso2is

解决方案

Springboot oauth 客户端从发现端点派生 IDP 的 OIDC 注销端点。问题是,从您的应用程序属性文件中,应用程序无法找到 IDP 的注销端点。令牌端点、授权 url、user-info-uri 和 jwk-set-uri 可以单独配置。但是没有办法以这种方式配置注销 url。由于 WSO2 支持 OIDC 发现,所有端点令牌端点、授权 url、user-info-uri 和 jwk-set-uri url、注销端点都可以从 issuer_uri 属性中获取。所以删除 Token 端点、授权 url、user-info-uri 和 jwk-set-uri 配置并添加 issue-uri 配置。将以下配置应用于您的属性文件并查看。

server.port=8844
#########
spring.security.oauth2.client.registration.wso2.client-name=WSO2 Identity Server
spring.security.oauth2.client.registration.wso2.client-id=5YvGdwKZaS6pTS_uZhfu_X8sNVYa
spring.security.oauth2.client.registration.wso2.client-secret=hGPrgFnlbuS5N7_srxRenz998h8a
spring.security.oauth2.client.registration.wso2.redirect-uri={baseUrl}/login/oauth2/code/wso2
spring.security.oauth2.client.registration.wso2.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.wso2.scope=openid

spring.security.oauth2.client.provider.wso2.issuer-uri=https://localhost:9443/oauth2/token

您可以参考这些文档:

https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-security-oauth2-client

https://www.baeldung.com/spring-security-openid-connect

推荐阅读