pac4j在尝试获取OIDC回调和Keycloak提供程序后引发”无法确定状态”错误。

huangapple go评论56阅读模式
英文:

pac4j raises "State cannot be determined" when trying to get keycloakOidcProfile after OIDC callback and Keycloak provider

问题

I am trying to implement pac4j openid with keycloak in Spring WebFlux project with JAVA 19 and Spring Boot 3.0.3.
I am also facing the same issue while fetching KeycloakOidcProfile after authentication is done in Keycloak.

I notice that when it redirects to the Keycloak login page, it sets a SESSION cookie, and at the end when the callback URL comes, it gets that SESSION cookie. The cookie is not getting changed, but I'm still getting this same error.

I am getting "Referrer-policy" variable as "no-referrer" in the header from Keycloak. Is this causing the problem? Could you please guide me on how to resolve this?

英文:

I am trying to implement pac4j openid with keycloak in Spring webflux project with JAVA 19 and spring boot 3.0.3.
I am also facing same issue while fetching KeycloakOidcProfile after authentication is done in keycloak.

I notice that when it redirect to keycloak login page it sets SESSION cookie and at the end when callback url comes it get that SESSION cookie. cookie is not getting changed than also getting this same error.

public Mono<keycloakOidcProfile> getUserProfile(ServerRequest serverRequest) {
        return Mono.just(serverRequest)
                .flatMap(serverRequest1 -> {
                    if (ObjectUtils.isNotEmpty(serverRequest1.queryParams().get("code"))) {
                        //getting code from url
                        System.out.println(serverRequest1.queryParam("code").get());
                    }
                    final WebContext context = new SpringWebfluxWebContext(serverRequest1.exchange());
                    final SessionStore sessionStore = new SpringWebfluxSessionStore(serverRequest1.exchange());
                    final ProfileManager profileManager = new ProfileManager(context,sessionStore);
                    
                    Optional<Credentials> credentials = config.getClients().findClient("KeycloakOidcClient").get().getCredentials(context,sessionStore);
                    Optional<UserProfile> userProfile = config.getClients().findClient("KeycloakOidcClient").get().getUserProfile(credentials.get(),context,sessionStore);
                    KeycloakOidcProfile keycloakOidcProfile = (KeycloakOidcProfile) userProfile.get();

                    System.out.println(keycloakOidcProfile.getAccessToken());

                    return keycloakOidcProfile;
                });
}

I am getting "Referrer-policy" variable as "no-referrer" in header from keycloak. Is this cause the problem?
could you please guide me how to resolve this?

答案1

得分: 0

如果您在成功登录Keycloak之前和之后具有相同的SESSION cookie,则应该可以正常工作。通常,这种问题是由于不希望的会话续订/丢失引起的。

您能否在org.pac4j.springframework.context.SpringWebfluxSessionStore类(会话存储)上启用DEBUG日志,以查看发生了什么情况?谢谢。

英文:

If you have the same SESSION cookie before and after the successful login at Keycloak, it should work. Generally, this kind of problem comes from an unwanted renewed/lost session.

Can you turn on DEBUG logs on the org.pac4j.springframework.context.SpringWebfluxSessionStore class (the session store) to see what's going on? Thx

huangapple
  • 本文由 发表于 2023年6月12日 13:27:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/76453827.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定