Keycloak Wildfly 认证方法
Keycloak Wildfly auth method
我创建了一个以 keycloak 作为子系统的 wildfly 容器(wildfly 25.0.1 和 keycloak 15.0.2)。我还有一个 运行 keycloak 容器。
尝试使用 web.xml 部署一个简单的 jakarta 应用程序(通过 maven 构建为 war 并将其上传到 wildfly)会导致以下错误:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"demo1-1.0-
SNAPSHOT.war\".undertow-deployment" => "java.lang.RuntimeException:
java.lang.IllegalStateException: The required mechanism 'KEYCLOAK' is not available
in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The
required mechanism 'KEYCLOAK' is not available in mechanisms [BASIC, CLIENT_CERT,
DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.IllegalStateException: The required mechanism 'KEYCLOAK' is
not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the
HttpAuthenticationFactory."}}
我的web.xml在WEB-INF下:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>demo</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>my-auth</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
我的野蝇docker 文件:
FROM jboss/wildfly:25.0.0.Final
ENV KEYCLOAK_VERSION 15.0.2
ENV WILDFLY_HOME /opt/jboss/wildfly
RUN cd $WILDFLY_HOME && curl -LO https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& tar -xzvf keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& rm keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& bin/jboss-cli.sh --file=bin/adapter-elytron-install-offline.cli \
# Admin-User anlegen
&& bin/add-user.sh admin admin1234 --silent \
# Zu Vermeidung von Fehlermeldungen beim Start
&& rm -r standalone/configuration/standalone_xml_history/current/
CMD ["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0"]
EXPOSE 8285
EXPOSE 9992
在浏览器中打开 wildfly -> 配置 -> 子系统显示 keycloak 在那里。
我可以在 Wildfly 容器的 thestandalone.xml 文件中看到以下设置:
<http-authentication-factory name="keycloak-http-authentication" security-domain="KeycloakDomain" http-server-mechanism-factory="keycloak-http-server-mechanism-factory">
<mechanism-configuration>
<mechanism mechanism-name="KEYCLOAK">
<mechanism-realm realm-name="KeycloakOIDCRealm" realm-mapper="keycloak-oidc-realm-mapper"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
该应用在 WEB-INF 中也有 keyclaock.json。
知道如何解决这个问题吗?
Keycloak 已弃用 Wildfly-Adapter,转而支持内置的 Elytron OIDC-Authenticator。 https://www.keycloak.org/2021/12/keycloak-1510-released
您可以看看是否满足您的要求,或者暂时使用 Wildfly 24。
有关使用 Elytron 内置身份验证的更多信息,请参阅 https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/。
请勿将适配器安装到 Wildfly 25 或 Wildfly 26。使用 wildfly:elytron-oidc-client:1.0 方式进行配置。我的问题是一样的,但是当我进行配置时,出现 403 状态代码错误。如果更改为 wildfly 23,一切正常。
我创建了一个以 keycloak 作为子系统的 wildfly 容器(wildfly 25.0.1 和 keycloak 15.0.2)。我还有一个 运行 keycloak 容器。 尝试使用 web.xml 部署一个简单的 jakarta 应用程序(通过 maven 构建为 war 并将其上传到 wildfly)会导致以下错误:
{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"demo1-1.0-
SNAPSHOT.war\".undertow-deployment" => "java.lang.RuntimeException:
java.lang.IllegalStateException: The required mechanism 'KEYCLOAK' is not available
in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.RuntimeException: java.lang.IllegalStateException: The
required mechanism 'KEYCLOAK' is not available in mechanisms [BASIC, CLIENT_CERT,
DIGEST, FORM] from the HttpAuthenticationFactory.
Caused by: java.lang.IllegalStateException: The required mechanism 'KEYCLOAK' is
not available in mechanisms [BASIC, CLIENT_CERT, DIGEST, FORM] from the
HttpAuthenticationFactory."}}
我的web.xml在WEB-INF下:
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<module-name>demo</module-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>KEYCLOAK</auth-method>
<realm-name>my-auth</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
</web-app>
我的野蝇docker 文件:
FROM jboss/wildfly:25.0.0.Final
ENV KEYCLOAK_VERSION 15.0.2
ENV WILDFLY_HOME /opt/jboss/wildfly
RUN cd $WILDFLY_HOME && curl -LO https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& tar -xzvf keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& rm keycloak-oidc-wildfly-adapter-${KEYCLOAK_VERSION}.tar.gz \
&& bin/jboss-cli.sh --file=bin/adapter-elytron-install-offline.cli \
# Admin-User anlegen
&& bin/add-user.sh admin admin1234 --silent \
# Zu Vermeidung von Fehlermeldungen beim Start
&& rm -r standalone/configuration/standalone_xml_history/current/
CMD ["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0"]
EXPOSE 8285
EXPOSE 9992
在浏览器中打开 wildfly -> 配置 -> 子系统显示 keycloak 在那里。 我可以在 Wildfly 容器的 thestandalone.xml 文件中看到以下设置:
<http-authentication-factory name="keycloak-http-authentication" security-domain="KeycloakDomain" http-server-mechanism-factory="keycloak-http-server-mechanism-factory">
<mechanism-configuration>
<mechanism mechanism-name="KEYCLOAK">
<mechanism-realm realm-name="KeycloakOIDCRealm" realm-mapper="keycloak-oidc-realm-mapper"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
该应用在 WEB-INF 中也有 keyclaock.json。 知道如何解决这个问题吗?
Keycloak 已弃用 Wildfly-Adapter,转而支持内置的 Elytron OIDC-Authenticator。 https://www.keycloak.org/2021/12/keycloak-1510-released
您可以看看是否满足您的要求,或者暂时使用 Wildfly 24。
有关使用 Elytron 内置身份验证的更多信息,请参阅 https://wildfly-security.github.io/wildfly-elytron/blog/securing-wildfly-apps-openid-connect/。
请勿将适配器安装到 Wildfly 25 或 Wildfly 26。使用 wildfly:elytron-oidc-client:1.0 方式进行配置。我的问题是一样的,但是当我进行配置时,出现 403 状态代码错误。如果更改为 wildfly 23,一切正常。