mozilla-django-oidc 与 django 3 上的 keycloak
mozilla-django-oidc with keycloak on django 3
我正在尝试使用 mozilla-django-oidc (1.2.4) 连接 Django (3.2) 和 Keycloak (12.0.2)。
单击“登录”按钮(根据 documentation 使用 oidc_authentication_init 视图时,我得到重定向到 keycloak),但成功登录后我收到此错误:
Exception Type: HTTPError at /oidc/callback/
Exception Value: 404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
django设置的相关设置有:
settings.py
INSTALLED_APPS = [
...,
'mozilla_django_oidc',
]
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
),
OIDC_AUTH_URI = 'http://localhost:8080/auth/realms/mycorp'
OIDC_CALLBACK_PUBLIC_URI = 'http://localhost'
LOGIN_REDIRECT_URL = OIDC_CALLBACK_PUBLIC_URI
LOGOUT_REDIRECT_URL = OIDC_AUTH_URI + '/protocol/openid-connect/logout?redirect_uri=' + OIDC_CALLBACK_PUBLIC_URI
OIDC_RP_CLIENT_ID = 'django'
OIDC_RP_CLIENT_SECRET = os.environ.get("OIDC_CLIENT_SECRET")
OIDC_RP_SCOPES = 'openid email profile'
# Keycloak-specific (as per http://KEYCLOAK_SERVER/auth/realms/REALM/.well-known/openid-configuration)
OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/userinfo'
OIDC_OP_JWKS_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/certs'
urls.py
urlpatterns = [
...,
path('oidc/', include('mozilla_django_oidc.urls')),
]
以及详细错误:
HTTPError at /oidc/callback/
404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
Request Method: GET
Request URL: http://localhost/oidc/callback/?state=cBtEeSIHNNdsgMBUjPXkq2RwVSSpKsZF&session_state=a5b50fc0-0ec2-4def-8ec8-db1e4a95450f&code=864a2e21-75a7-42d8-8249-e9397be9b64b.a5b50fc0-0ec2-4def-8ec8-db1e4a95450f.2ec7cfbf-b5ee-4f9a-9d4b-012fdc0f9630
Django Version: 3.2
Exception Type: HTTPError
Exception Value:
404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
Exception Location: /usr/local/lib/python3.8/site-packages/requests/models.py, line 943, in raise_for_status
Python Executable: /usr/local/bin/python
Python Version: 3.8.9
Python Path:
['/home/maat/src',
'/usr/local/bin',
'/usr/local/lib/python38.zip',
'/usr/local/lib/python3.8',
'/usr/local/lib/python3.8/lib-dynload',
'/usr/local/lib/python3.8/site-packages']
Server time: Tue, 27 Apr 2021 19:08:01 +0200
显然一切都按照文档中的说明进行了配置,但我看不出它失败的原因...
404 对我来说不够清楚,直到我意识到测试是 运行 在 docker-compose 上,所以对 localhost 的访问与主机不同。
运行 在主机网络模式下或通过其域名/主机 IP 到达 keycloak(见下文 172.20.0.1 这是主机的 docker 网络 IP)修复它:
OIDC_AUTH_URI=http://172.20.0.1:8080/auth/realms/mycorp
OIDC_AUTHENTICATION_CALLBACK_URL=http://localhost/openid/callback
OIDC_CALLBACK_PUBLIC_URI=http://localhost/
我正在尝试使用 mozilla-django-oidc (1.2.4) 连接 Django (3.2) 和 Keycloak (12.0.2)。
单击“登录”按钮(根据 documentation 使用 oidc_authentication_init 视图时,我得到重定向到 keycloak),但成功登录后我收到此错误:
Exception Type: HTTPError at /oidc/callback/
Exception Value: 404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
django设置的相关设置有:
settings.py
INSTALLED_APPS = [
...,
'mozilla_django_oidc',
]
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
),
OIDC_AUTH_URI = 'http://localhost:8080/auth/realms/mycorp'
OIDC_CALLBACK_PUBLIC_URI = 'http://localhost'
LOGIN_REDIRECT_URL = OIDC_CALLBACK_PUBLIC_URI
LOGOUT_REDIRECT_URL = OIDC_AUTH_URI + '/protocol/openid-connect/logout?redirect_uri=' + OIDC_CALLBACK_PUBLIC_URI
OIDC_RP_CLIENT_ID = 'django'
OIDC_RP_CLIENT_SECRET = os.environ.get("OIDC_CLIENT_SECRET")
OIDC_RP_SCOPES = 'openid email profile'
# Keycloak-specific (as per http://KEYCLOAK_SERVER/auth/realms/REALM/.well-known/openid-configuration)
OIDC_OP_AUTHORIZATION_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/auth'
OIDC_OP_TOKEN_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/token'
OIDC_OP_USER_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/userinfo'
OIDC_OP_JWKS_ENDPOINT = OIDC_AUTH_URI + '/protocol/openid-connect/certs'
urls.py
urlpatterns = [
...,
path('oidc/', include('mozilla_django_oidc.urls')),
]
以及详细错误:
HTTPError at /oidc/callback/
404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
Request Method: GET
Request URL: http://localhost/oidc/callback/?state=cBtEeSIHNNdsgMBUjPXkq2RwVSSpKsZF&session_state=a5b50fc0-0ec2-4def-8ec8-db1e4a95450f&code=864a2e21-75a7-42d8-8249-e9397be9b64b.a5b50fc0-0ec2-4def-8ec8-db1e4a95450f.2ec7cfbf-b5ee-4f9a-9d4b-012fdc0f9630
Django Version: 3.2
Exception Type: HTTPError
Exception Value:
404 Client Error: Not Found for url: http://localhost:8080/auth/realms/mycorp/protocol/openid-connect/token
Exception Location: /usr/local/lib/python3.8/site-packages/requests/models.py, line 943, in raise_for_status
Python Executable: /usr/local/bin/python
Python Version: 3.8.9
Python Path:
['/home/maat/src',
'/usr/local/bin',
'/usr/local/lib/python38.zip',
'/usr/local/lib/python3.8',
'/usr/local/lib/python3.8/lib-dynload',
'/usr/local/lib/python3.8/site-packages']
Server time: Tue, 27 Apr 2021 19:08:01 +0200
显然一切都按照文档中的说明进行了配置,但我看不出它失败的原因...
404 对我来说不够清楚,直到我意识到测试是 运行 在 docker-compose 上,所以对 localhost 的访问与主机不同。
运行 在主机网络模式下或通过其域名/主机 IP 到达 keycloak(见下文 172.20.0.1 这是主机的 docker 网络 IP)修复它:
OIDC_AUTH_URI=http://172.20.0.1:8080/auth/realms/mycorp
OIDC_AUTHENTICATION_CALLBACK_URL=http://localhost/openid/callback
OIDC_CALLBACK_PUBLIC_URI=http://localhost/