将 Keycloak 与 icCube 一起使用 - 如何让它工作(缺少 Keycloak 上下文令牌)?

using Keycloak with icCube - how to get it to work (missing Keycloak context token)?

我尝试在 icCube 前使用 Keycloak,但遇到了一些问题。可能有人可以提供帮助。

目前已完成:

关于密钥斗篷:

json 文件是:

  {
  "realm": "icCube",
  "auth-server-url": "http://192.168.178.32:8080/auth",
  "ssl-required": "external",
  "resource": "iccube",
  "verify-token-audience": true,
  "credentials": {
    "secret": ".... secret ...."
  },
  "confidential-port": 0,
  "policy-enforcer": {}
}

现在,当我在 icCube.xml 更改后重新启动 icCube 并尝试登录时,我在日志中收到错误消息:

[               qtp689602108-25] [DEBUG] (12-07-19 15:14:35.560 CEST) [auth] Keycloak auth. started
[               qtp689602108-25] [ERROR] (12-07-19 15:14:35.581 CEST) [auth] missing Keycloak context token

如何解决这个错误?我想这与Keycloak中的设置有关,但我无法弄清楚到底是什么?

来自日志的附加信息 将完整的日志放在这里有点太多了,但这些行可能很有趣:

[                          main] [ INFO] (12-07-19 15:14:02.891 CEST)       filter mapping : Keycloak OIDc
[                          main] [ INFO] (12-07-19 15:14:02.891 CEST)                      : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[                          main] [ INFO] (12-07-19 15:14:02.891 CEST)       filter mapping : Passthrough
[                          main] [ INFO] (12-07-19 15:14:02.891 CEST)                      : crazydev.iccube.ux.processor.servlet.UxRestApiServlet-348ad293
[                          main] [ INFO] (12-07-19 15:14:02.891 CEST)       filter mapping : HTTP Basic Authentication
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.server.xmla.IcCubeXmlaOverHttpHandler-30f74e79
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)       filter mapping : Keycloak OIDc
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)       filter mapping : Passthrough
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.gwt.server.reporting.component.OlapReportingServlet-2c88a3e8
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)       filter mapping : Keycloak OIDc
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)       filter mapping : Passthrough
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)       filter mapping : GVI Authentication (logout)
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.server.gvi.GviServlet-68ac9ec5
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)       filter mapping : Print Authentication
[                          main] [ INFO] (12-07-19 15:14:02.892 CEST)                      : crazydev.iccube.server.print.IcCubePrintServlet-a50d709

[                          main] [DEBUG] (12-07-19 15:14:03.521 CEST) Use authServerUrl: http://192.168.178.32:8080/auth, tokenUrl: http://192.168.178.32:8080/auth/realms/icCube/protocol/openid-connect/token, relativeUrls: NEVER
[                          main] [ INFO] (12-07-19 15:14:03.543 CEST) [keycloak] Keycloak is using a per-deployment configuration.
[                          main] [DEBUG] (12-07-19 15:14:03.545 CEST) [auth] passthrough : configured
missing Keycloak context token

表示未进行Keycloak认证。

更有可能是Keycloak实际认证出了问题

提示:确保您在尝试登录 icCube 服务器时确实通过了重定向到 Keycloak 服务器身份验证页面的步骤。