JMeter:Keycloak "User session not found " 端点错误 /protocol/openid-connect/token
JMeter: Keycloak "User session not found " error with /protocol/openid-connect/token end point
我正在尝试使用 JMeter 模拟 /protocol/openid-connect/token Keycloak 端点。即使我关联了代码参数并正确传递了它。有一个叫做 code_verifier 的东西,它没有找到任何以前的请求。提供示例请求和响应供您参考。如果我必须采取任何额外的步骤来解决所附回复中的这个问题,有人可以在这里帮助我吗?
要求:
POST https://{HOST}/auth/realms/{Appname}/protocol/openid-connect/token
POST data:
code=f99e9da5-cfcf-4069-aaec-b53mee00af54.e46a981h-5291-4862-b6fd-abc7f2d222f2.87488f77-3b05-47b0-afd7-8a8c80b384e7%0AContent-Length%3A+0%0ADate%3A+Wed%2C+29+Dec+2021+18%3A30%3A26+GMT%0A&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fwebclient-performance.appname.ad%2F&client_id=premium-web-client&code_verifier=YTlYTmoxZ2tXbzM1M0xkVkRfZXg0M280TUhDZXVMYVdIY2hoVzRqTE5ESXkw
Cookie Data:
AUTH_SESSION_ID=e46a61f9-5291-4862-b6fd-eff7f2d222f2.d306f6737649; KEYCLOAK_LOCALE=en; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiZDBmYTc0Ni02Y2NmLTRiMjktYTBmZC1kOWMxMWNmY2RlM2UifQ.eyJleHAiOjE2NDA4ODkwMjYsImlhdCI6MTY0MDgwMjYyNiwianRpIjoiZWFjZDczNDctNDYyNC00Mjk0LWE4NjYtYzRiYmM1MjNiMDlhIiwiaXNzIjoiaHR0cHM6Ly8xNzIuMjYuMjMzLjE0NDoyODA4MC9hdXRoL3JlYWxtcy9uZXh0Z2VuLXNvbmV0Iiwic3ViIjoiOTE4MDcyNDktZWZlYi00ZWZlLWEwY2EtMGRlMTYxZWIzNTU5IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiJlNDZhNjFmOS01MjkxLTQ4NjItYjZmZC1lZmY3ZjJkMjIyZjIiLCJzdGF0ZV9jaGVja2VyIjoiU3VmS2tOLXE0UTNDVUhvM2xFblhHZ3NFSWdWSS0wektFR2JKRENzZHpiYyJ9.4XA6eGrUB8HhhLTfNlhY9twiX3oJLQhlFlYDY3zYa6Q; KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiABCmYTc0Ni02Y2NmLTRiMjktYTBmZC1kOWMxMWNmY2RlM2UifQ.eyJleHAiOjE2NDA4ODkwMjYsImlhdCI6MTY0MDgwMjYyNiwianRpIjoiZWFjZDczNDctNDYyNC00Mjk0LWE4NjYtYzRiYmM1MjNiMDlhIiwiaXNzIjoiaHR0cHM6Ly8xNzIuMjYuMjMzLjE0NDoyODA4MC9hdXRoL3JlYWxtcy9uZXh0Z2VuLXNvbmV0Iiwic3ViIjoiOTE4MDcyNDktZWZlYi00ZWZlLWEwY2EtMGRlMTYxZWIzNTU5IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3phdGUiOiJlNDZhNjFmOS01MjkxAAA4NjItYjZmZC1lZmY3ZjJkMjIyZjIiLCJzdGF0ZV9jaGVja2VyIjoiU3VmS2tOLXE0UTNDVUhvM2xFblhHZ3NFSWdWSS0wektFR2JKRENzZHpiYyJ9.4XA8bGrUB8HhhLTfNlhY9twiX3oJLQhlFlYDY3zYa6Q; KEYCLOAK_SESSION=appname/91807249-efeb-4abc-a0ca-0de161eb8741/e46a61f9-2147-4862-b6fd-eff7f2d222f2; KEYCLOAK_SESSION_LEGACY=name/85211234-efeb-4efe-a0ca-0de161eb1877/e46a78f9-5291-4862-b6fd-eff7f2d899f2
回复:
{"error":"invalid_grant","error_description":"User session not found"}
这个code_verifier参数需要生成,不相关。
算法说明见RFC 7636
4. Protocol
4.1. Client Creates a Code Verifier
The client first creates a code verifier, "code_verifier", for each
OAuth 2.0 [RFC6749] Authorization Request, in the following manner:
code_verifier = high-entropy cryptographic random STRING using the
unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
from Section 2.3 of [RFC3986], with a minimum length of 43 characters
and a maximum length of 128 characters.
ABNF for "code_verifier" is as follows.
code-verifier = 43*128unreserved
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
ALPHA = %x41-5A / %x61-7A
DIGIT = %x30-39
NOTE: The code verifier SHOULD have enough entropy to make it
impractical to guess the value. It is RECOMMENDED that the output of
a suitable random number generator be used to create a 32-octet
sequence. The octet sequence is then base64url-encoded to produce a
43-octet URL safe string to use as the code verifier.
Auth0 手册的 Create Code Verifier 部分提供了示例实现
// Dependency: Apache Commons Codec
// https://commons.apache.org/proper/commons-codec/
// Import the Base64 class.
// import org.apache.commons.codec.binary.Base64;
SecureRandom sr = new SecureRandom();
byte[] code = new byte[32];
sr.nextBytes(code);
String verifier = Base64.getUrlEncoder().withoutPadding().encodeToString(code);
您可以添加以下行以将生成的值存储到 JMeter 变量中:
vars.put("code_verifier", verifier);
并在您的 HTTP 请求采样器中使用 ${code_verifier} 而不是硬编码值。在上面的代码片段中,vars 代表 JMeterVariables class instance, see Top 8 JMeter Java Classes You Should Be Using with Groovy 文章,如有需要可获取更多详细信息。
代码可以从JSR223 PreProcessor
调用
我正在尝试使用 JMeter 模拟 /protocol/openid-connect/token Keycloak 端点。即使我关联了代码参数并正确传递了它。有一个叫做 code_verifier 的东西,它没有找到任何以前的请求。提供示例请求和响应供您参考。如果我必须采取任何额外的步骤来解决所附回复中的这个问题,有人可以在这里帮助我吗?
要求:
POST https://{HOST}/auth/realms/{Appname}/protocol/openid-connect/token
POST data:
code=f99e9da5-cfcf-4069-aaec-b53mee00af54.e46a981h-5291-4862-b6fd-abc7f2d222f2.87488f77-3b05-47b0-afd7-8a8c80b384e7%0AContent-Length%3A+0%0ADate%3A+Wed%2C+29+Dec+2021+18%3A30%3A26+GMT%0A&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fwebclient-performance.appname.ad%2F&client_id=premium-web-client&code_verifier=YTlYTmoxZ2tXbzM1M0xkVkRfZXg0M280TUhDZXVMYVdIY2hoVzRqTE5ESXkw
Cookie Data:
AUTH_SESSION_ID=e46a61f9-5291-4862-b6fd-eff7f2d222f2.d306f6737649; KEYCLOAK_LOCALE=en; KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiZDBmYTc0Ni02Y2NmLTRiMjktYTBmZC1kOWMxMWNmY2RlM2UifQ.eyJleHAiOjE2NDA4ODkwMjYsImlhdCI6MTY0MDgwMjYyNiwianRpIjoiZWFjZDczNDctNDYyNC00Mjk0LWE4NjYtYzRiYmM1MjNiMDlhIiwiaXNzIjoiaHR0cHM6Ly8xNzIuMjYuMjMzLjE0NDoyODA4MC9hdXRoL3JlYWxtcy9uZXh0Z2VuLXNvbmV0Iiwic3ViIjoiOTE4MDcyNDktZWZlYi00ZWZlLWEwY2EtMGRlMTYxZWIzNTU5IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3RhdGUiOiJlNDZhNjFmOS01MjkxLTQ4NjItYjZmZC1lZmY3ZjJkMjIyZjIiLCJzdGF0ZV9jaGVja2VyIjoiU3VmS2tOLXE0UTNDVUhvM2xFblhHZ3NFSWdWSS0wektFR2JKRENzZHpiYyJ9.4XA6eGrUB8HhhLTfNlhY9twiX3oJLQhlFlYDY3zYa6Q; KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiABCmYTc0Ni02Y2NmLTRiMjktYTBmZC1kOWMxMWNmY2RlM2UifQ.eyJleHAiOjE2NDA4ODkwMjYsImlhdCI6MTY0MDgwMjYyNiwianRpIjoiZWFjZDczNDctNDYyNC00Mjk0LWE4NjYtYzRiYmM1MjNiMDlhIiwiaXNzIjoiaHR0cHM6Ly8xNzIuMjYuMjMzLjE0NDoyODA4MC9hdXRoL3JlYWxtcy9uZXh0Z2VuLXNvbmV0Iiwic3ViIjoiOTE4MDcyNDktZWZlYi00ZWZlLWEwY2EtMGRlMTYxZWIzNTU5IiwidHlwIjoiU2VyaWFsaXplZC1JRCIsInNlc3Npb25fc3phdGUiOiJlNDZhNjFmOS01MjkxAAA4NjItYjZmZC1lZmY3ZjJkMjIyZjIiLCJzdGF0ZV9jaGVja2VyIjoiU3VmS2tOLXE0UTNDVUhvM2xFblhHZ3NFSWdWSS0wektFR2JKRENzZHpiYyJ9.4XA8bGrUB8HhhLTfNlhY9twiX3oJLQhlFlYDY3zYa6Q; KEYCLOAK_SESSION=appname/91807249-efeb-4abc-a0ca-0de161eb8741/e46a61f9-2147-4862-b6fd-eff7f2d222f2; KEYCLOAK_SESSION_LEGACY=name/85211234-efeb-4efe-a0ca-0de161eb1877/e46a78f9-5291-4862-b6fd-eff7f2d899f2
回复:
{"error":"invalid_grant","error_description":"User session not found"}
这个code_verifier参数需要生成,不相关。
算法说明见RFC 7636
4. Protocol
4.1. Client Creates a Code Verifier
The client first creates a code verifier, "code_verifier", for each
OAuth 2.0 [RFC6749] Authorization Request, in the following manner:
code_verifier = high-entropy cryptographic random STRING using the
unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
from Section 2.3 of [RFC3986], with a minimum length of 43 characters
and a maximum length of 128 characters.
ABNF for "code_verifier" is as follows.
code-verifier = 43*128unreserved
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
ALPHA = %x41-5A / %x61-7A
DIGIT = %x30-39
NOTE: The code verifier SHOULD have enough entropy to make it
impractical to guess the value. It is RECOMMENDED that the output of
a suitable random number generator be used to create a 32-octet
sequence. The octet sequence is then base64url-encoded to produce a
43-octet URL safe string to use as the code verifier.
Auth0 手册的 Create Code Verifier 部分提供了示例实现
// Dependency: Apache Commons Codec
// https://commons.apache.org/proper/commons-codec/
// Import the Base64 class.
// import org.apache.commons.codec.binary.Base64;
SecureRandom sr = new SecureRandom();
byte[] code = new byte[32];
sr.nextBytes(code);
String verifier = Base64.getUrlEncoder().withoutPadding().encodeToString(code);
您可以添加以下行以将生成的值存储到 JMeter 变量中:
vars.put("code_verifier", verifier);
并在您的 HTTP 请求采样器中使用 ${code_verifier} 而不是硬编码值。在上面的代码片段中,vars 代表 JMeterVariables class instance, see Top 8 JMeter Java Classes You Should Be Using with Groovy 文章,如有需要可获取更多详细信息。
代码可以从JSR223 PreProcessor
调用