我正在 Docker-compose 网络中运行 Keycloak、keycloak Security Proxy 和 ui 应用程序。当我尝试访问该网页时,我得到一个可以使用的登录页面 - 但我没有成功重定向,而是收到以下错误:
> Aug 03, 2018 1:13:24 PM org.keycloak.adapters.OAuthRequestAuthenticator resolveCode
ERROR: failed to turn code into token
java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
无论我代理哪种类型的应用程序,或者如果我在 Docker-compose 中运行它或只是作为节点运行它,我都会收到此错误。当我尝试使用 python 适配器而不是安全代理时,它也可能会出现。
整个网络在公司代理后面运行,这可能是原因吗?
考虑到代码似乎是发送的(见下文),看来Keycloak至少可以验证用户。但我对如何解决这个问题感到困惑。有人有什么想法吗?
http://localhost:8080/?state=84736978-afe6-43eb-a554-aedf86717415session_state=8a231709-5ef3-45fd-8e36-103e521ba49ecode=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0 ..4GewkGISgYEXeGPUCxupsA.V939JivWRaNltjnjT4r2CJGT4oj1HEX9iXycJFoAb_qhI4ietRc5Z2wQO6ekF9MOZ0VtMcLAyX0zASY-NPEcf3byX0INP-2zJDSF4TOEXNbMbMnVeKFgmLgQKDseU sl1ieofPVY7df8QVvpTs98VAw2_g2XwTsLemBcpxfalvMRBwViN6PyJI8A-gJJToolyDafHbzIco7bH4X4y5bzZsUh5yB6ZUMy0goBkAV_KPLepnA8X2OjEJef8GHyqgHVi.QQtjD-E_MZq72hb4 g0BEbw http://localhost:8080/?state=84736978-afe6-43eb-a554-aedf86717415session_state=8a231709-5ef3-45fd-8e36-103e521ba49ecode=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..4GewkGISgYEXeGPuCxupsA.V939JivWRaNltjnjT4r2CJGT4oj1HEX9iXycJFoAb_qhI4ietRc5Z2wQO6ekF9MOZ0VtMcLAyX0zASY-NPEcf3byX0INP-2zJDSF4TOEXNbMbMnVeKFgmLgQKDseUsl1ieofPVY7df8QVvpTs98VAw2_g2XwTsLemBcpxfalvMRBwViN6PyJI8A-gJJToolyDafHbzIco7bH4X4y5bzZsUh5yB6ZUMy0goBkAV_KPLepnA8X2OjEJef8GHyqgHVi.QQtjD-E_MZq72hb4g0BEbw
我的 proxy.json 文件是:
{
"target-url": "http://localhost:7005",
"bind-address":"0.0.0.0",
"http-port":"8080",
"applications":[
{
"base-path":"/",
"adapter-config":{
"realm":"realm",
"resource":"realm_ui",
"auth-server-url":"http://localhost:8800/auth",
"ssl-required":"external",
"credentials": {
"secret":"secret"
},
"confidential-port":0
},
"constraints":[
{
"pattern":"/*",
"roles-allowed":[
"user"
]
}
]
}
]
}
在钥匙斗篷中:
Access Type: confidential
Standard Flow Enabled: ON
Direct Access Grands: ON
The Valid Redirect URI: *