登录后,密钥斗篷陷在循环中 [英] Keycloak stuck in loop after login
问题描述
我已经使用SAML2.0将Keycloak
设置为SSO的IdP.我已经使用所需的URL在Keycloak
注册了我的客户端:
主SAML处理URL: http://localhost:8085/myapp/saml
尽管设置了主URL并不是必须的:
我的ACS URL POST Binding
和Logout URL POST Binding
都设置为:http://localhost:8085/myapp/saml
Root URL:
http://localhost:8085/myapp
I have setup Keycloak
as an IdP for SSO using SAML2.0. I have registered my client at Keycloak
with the needed URLs:
Master SAML Processing URL: http://localhost:8085/myapp/saml
Althought it's not necessary when I have the master URL set:
I have ACS URL POST Binding
, Logout URL POST Binding
both set to: http://localhost:8085/myapp/saml
Root URL:
http://localhost:8085/myapp
当我尝试访问受保护的资源时,即形式为URL
http://localhost:8085/myapp/protected/*
,Keycloak
将我重定向到其登录页面.现在,成功登录后,如果在我的ACS URL上出现问题,我将尝试将页面重定向到受保护的资源之一.
这样做:resp.sendRedirect("http://localhost:8085/myapp/protected/home.html");
.
When I try to access a protected resource i.e., a URL of the form
http://localhost:8085/myapp/protected/*
, Keycloak
redirects me to its login page. Now, when I get a hit on my ACS URL after successful login, I try to redirect the page to one of protected resources.
Doing this: resp.sendRedirect("http://localhost:8085/myapp/protected/home.html");
.
现在,Keycloak再次将我重定向到登录页面,然后陷入无限循环.
Now, Keycloak again redirects me to login page and then gets stuck in an infinite loop.
我的web.xml
配置为:
<filter>
<filter-name>Keycloak Filter</filter-name>
<filter-class>org.keycloak.adapters.saml.servlet.SamlFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
<url-pattern>/protected/*</url-pattern>
</filter-mapping>
-有些人通过以我已经拥有的/saml
结束主URL来解决它.
-我也尝试将/rest
放在ACS URL的末尾,但是没有任何作用
-Some people got it resolved by ending the Master URL with /saml
that I already have.
-I also tried putting /rest
at the end of ACS URL, but nothing works
它仅显示Your are already logged in
或仅保持重定向
It just shows Your are already logged in
or just keeps redirecting
推荐答案
我浏览了Keycloak日志以找到Info: Assertion expired
.就我而言,Keycloak
和Service Provider
(客户端)在不同的计算机上.错误的区别是它们的系统时间在不同的时区中.
I went through the Keycloak logs to find Info: Assertion expired
. In my case, Keycloak
and Service Provider
(client) are on different machines. The erroneous difference was that their system time was in different timezone.
SP正在按照其时区在UTC中创建SAMLRequest
,而SAMLResponse
正在根据不同时区在UTC中创建.
The SP was creating SAMLRequest
in UTC as per its timezone, and the SAMLResponse
was coming in UTC as per different timezone.
因此,保持相同的时区可以解决此问题.
So, maintaining same timezone fixed the issue.
这篇关于登录后,密钥斗篷陷在循环中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!