无法通过赛普拉斯使用Keycloak进行注册 [英] Unable to signup using Keycloak through Cypress

问题描述

在我的应用程序中，用户管理是通过 Keycloak 完成的.通过 Cypress 端到端测试我的应用程序时，遇到了一个问题.当我注册用户时，会出现以下错误:

In my application, user management is done through Keycloak. While testing my application end-to-end through Cypress, I came across an issue. When I sign up a user, it gives the following error:

很抱歉.发生错误，请通过您的应用程序再次登录..

在我单击提交"按钮后，赛普拉斯正在向生成的URL添加一些内容，这导致了此问题.通过量角器测试的同一场景运行良好.我注意到赛普拉斯将session_code附加到请求URL.在进行手动测试时，我没有得到session_code.

Cypress is adding something to a generated URL after I click the submit button, which is causing this issue. The same scenario tested through Protractor ran fine. I have noticed Cypress is appending session_code to the request URL. While doing manual testing, I don't get session_code.

以下是通过赛普拉斯生成的URL:

Below is the URL generated through Cypress:

.../login-actions/registration?session_code=LsZbmsVVLwEH9s-xwFJ2JdDtaCu1_xzqAGOQCpjxGJI&execution=06fac3bb-fb19-474b-8659-2572586ae371&client_id=web_app&tab_id=PSlmfgdv0ls

手动生成的网址如下所示:

Where as a manually generated URL is like following:

.../login-actions/registration?client_id=web_app&tab_id=PSlmfgdv0ls

我的应用程序后端为 Spring Boot ，前端位于反应和 Next.js .

My application backend is Spring Boot and the front-end is in React and Next.js.

如果有人可以指导我们解决此问题，这将非常有帮助.如果您需要有关我们应用程序的更多信息，请告诉我.

It would be really helpful if anyone could guide us through this issue. Please let me know if you need more information about our application.

推荐答案

Keycloak Authenticator 文档解释说，authenticate方法检查当前的HTTP请求以确定是否满足身份验证要求，如果不满足，则将质询响应发回.如果质询响应本身是身份验证，那么您将看到带有session_code参数的URL.

The Keycloak Authenticator documentation explains that the authenticate method checks the current HTTP request to determine if authentication requirements have been satisfied, and, if not, a challenge response is sent back. If the challenge response itself is authentication, then you'll see a URL with the session_code parameter.

在第一个URL示例中，继续说session_code与从

It goes on to say that session_code, in the first URL example, pertains to the code generated from AuthenticationFlowContext.generateAccessCode(), which further explains:

字符串generateAccessCode()

生成访问代码并更新clientsession时间戳.访问代码必须作为查询参数包含在表单操作回调中.

Generates access code and updates clientsession timestamp. Access codes must be included in form action callbacks as a query parameter.

但是，手动"生成的不包含session_code参数的URL，似乎表明客户端的初始注册已成功，并且使用客户端配置终结点发出GET请求-客户端读取请求-一切都很好.一切正常.

However, the "manually" generated URL, that does not include the session_code parameter, seems to indicate that the initial registration of the client has been successful and a client configuration endpoint is being used to make a GET request - a client read request - and all is well. Everything works fine.

因此，似乎赛普拉斯正在收到质询响应(网络安全上的赛普拉斯文档中进一步说明.

Therefore, it seems that Cypress is being sent a challenge response (and potentially exposing a security flaw in your application). Possible reasons for this might be further explained within Cypress's documentation on Web Security.

常见解决方法可能会为您提供补救措施，或者，如果其他所有方法都失败，则可以尝试出于测试目的，也禁用Web Security .

Common Workarounds might provide you with a remedy, or, if all else fails, you might try Disabling Web Security for testing purposes as well.

这篇关于无法通过赛普拉斯使用Keycloak进行注册的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！