将 Keycloak 与 icCube 一起使用 - 如何让它工作(缺少 Keycloak 上下文令牌)?
using Keycloak with icCube - how to get it to work (missing Keycloak context token)?
我尝试在 icCube 前使用 Keycloak,但遇到了一些问题。可能有人可以提供帮助。
目前已完成:
- 在 Linux 上安装了 icCube - Debain 10 系统,8Gb 作为 VMWare 中的虚拟机(遵循 https://www.iccube.com/support/documentation/user_guide/running_iccube/server_linux.php 中的建议)
- 创建了两个角色:IC3_admin(所有访问权限)和IC3_sales(访问多维数据集销售)
更改icCube.xml
在同一台服务器上安装了 keycloak
关于密钥斗篷:
- 创建了 Realm icCube 和客户端 iccube,有 2 个用户:admin 和 user
- 创建了 2 个角色:管理员和销售
json 文件是:
{
"realm": "icCube",
"auth-server-url": "http://192.168.178.32:8080/auth",
"ssl-required": "external",
"resource": "iccube",
"verify-token-audience": true,
"credentials": {
"secret": ".... secret ...."
},
"confidential-port": 0,
"policy-enforcer": {}
}
现在,当我在 icCube.xml 更改后重新启动 icCube 并尝试登录时,我在日志中收到错误消息:
[ qtp689602108-25] [DEBUG] (12-07-19 15:14:35.560 CEST) [auth] Keycloak auth. started
[ qtp689602108-25] [ERROR] (12-07-19 15:14:35.581 CEST) [auth] missing Keycloak context token
如何解决这个错误?我想这与Keycloak中的设置有关,但我无法弄清楚到底是什么?
来自日志的附加信息
将完整的日志放在这里有点太多了,但这些行可能很有趣:
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : HTTP Basic Authentication
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.xmla.IcCubeXmlaOverHttpHandler-30f74e79
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : GVI Authentication (logout)
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Print Authentication
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.print.IcCubePrintServlet-a50d709
[ main] [DEBUG] (12-07-19 15:14:03.521 CEST) Use authServerUrl: http://192.168.178.32:8080/auth, tokenUrl: http://192.168.178.32:8080/auth/realms/icCube/protocol/openid-connect/token, relativeUrls: NEVER
[ main] [ INFO] (12-07-19 15:14:03.543 CEST) [keycloak] Keycloak is using a per-deployment configuration.
[ main] [DEBUG] (12-07-19 15:14:03.545 CEST) [auth] passthrough : configured
missing Keycloak context token
表示未进行Keycloak认证。
更有可能是Keycloak实际认证出了问题
提示:确保您在尝试登录 icCube 服务器时确实通过了重定向到 Keycloak 服务器身份验证页面的步骤。
我尝试在 icCube 前使用 Keycloak,但遇到了一些问题。可能有人可以提供帮助。
目前已完成:
- 在 Linux 上安装了 icCube - Debain 10 系统,8Gb 作为 VMWare 中的虚拟机(遵循 https://www.iccube.com/support/documentation/user_guide/running_iccube/server_linux.php 中的建议)
- 创建了两个角色:IC3_admin(所有访问权限)和IC3_sales(访问多维数据集销售)
- 更改icCube.xml
在同一台服务器上安装了 keycloak
关于密钥斗篷:
- 创建了 Realm icCube 和客户端 iccube,有 2 个用户:admin 和 user
- 创建了 2 个角色:管理员和销售
json 文件是:
{
"realm": "icCube",
"auth-server-url": "http://192.168.178.32:8080/auth",
"ssl-required": "external",
"resource": "iccube",
"verify-token-audience": true,
"credentials": {
"secret": ".... secret ...."
},
"confidential-port": 0,
"policy-enforcer": {}
}
现在,当我在 icCube.xml 更改后重新启动 icCube 并尝试登录时,我在日志中收到错误消息:
[ qtp689602108-25] [DEBUG] (12-07-19 15:14:35.560 CEST) [auth] Keycloak auth. started
[ qtp689602108-25] [ERROR] (12-07-19 15:14:35.581 CEST) [auth] missing Keycloak context token
如何解决这个错误?我想这与Keycloak中的设置有关,但我无法弄清楚到底是什么?
来自日志的附加信息 将完整的日志放在这里有点太多了,但这些行可能很有趣:
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[ main] [ INFO] (12-07-19 15:14:02.891 CEST) filter mapping : HTTP Basic Authentication
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.xmla.IcCubeXmlaOverHttpHandler-30f74e79
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Keycloak OIDc
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Passthrough
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : GVI Authentication (logout)
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) filter mapping : Print Authentication
[ main] [ INFO] (12-07-19 15:14:02.892 CEST) : crazydev.iccube.server.print.IcCubePrintServlet-a50d709
[ main] [DEBUG] (12-07-19 15:14:03.521 CEST) Use authServerUrl: http://192.168.178.32:8080/auth, tokenUrl: http://192.168.178.32:8080/auth/realms/icCube/protocol/openid-connect/token, relativeUrls: NEVER
[ main] [ INFO] (12-07-19 15:14:03.543 CEST) [keycloak] Keycloak is using a per-deployment configuration.
[ main] [DEBUG] (12-07-19 15:14:03.545 CEST) [auth] passthrough : configured
missing Keycloak context token
表示未进行Keycloak认证。
更有可能是Keycloak实际认证出了问题
提示:确保您在尝试登录 icCube 服务器时确实通过了重定向到 Keycloak 服务器身份验证页面的步骤。