Keycloak gateway ERR_TOO_MANY_REDIRECTS после входа в систему

Question

Keycloak gateway ERR_TOO_MANY_REDIRECTS после входа в систему

Используя базовую настройку с помощью только keycloak + keycloak gateway + базовый сервер hello world в docker-compose.yaml, я привязываю порты к localhost.

в браузере на hittint localhost:3000/app, он запрашивает логин, после входа он входит в цикл 307, пока не выдаст ошибку

skynet redirected you too many times.

это докер логи

gatekeeper_1  | 1.5577503597710125e+09  error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503597711482e+09  info    client request  {"latency": 0.0001417, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/app"}
gatekeeper_1  | 1.5577503597758873e+09  info    client request  {"latency": 0.0001075, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503598393035e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.1607132s"}
gatekeeper_1  | 1.5577503598394403e+09  info    client request  {"latency": 0.0488485, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.557750359842182e+09   error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503598422916e+09  info    client request  {"latency": 0.0001062, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503598452325e+09  info    client request  {"latency": 0.0001103, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503599140193e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.0860053s"}
gatekeeper_1  | 1.5577503599142253e+09  info    client request  {"latency": 0.0468151, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.5577503599177747e+09  error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503599179156e+09  info    client request  {"latency": 0.0001666, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503599206538e+09  info    client request  {"latency": 0.0000965, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.557750359972925e+09   info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.0270923s"}
gatekeeper_1  | 1.5577503599730272e+09  info    client request  {"latency": 0.0356627, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.5577503599757788e+09  error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503599758906e+09  info    client request  {"latency": 0.0001187, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503599789677e+09  info    client request  {"latency": 0.0000897, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503600374641e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:31:00Z", "duration": "4m59.9625537s"}
gatekeeper_1  | 1.557750360037571e+09   info    client request  {"latency": 0.0470309, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.557750360040543e+09   error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503600406244e+09  info    client request  {"latency": 0.0000851, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503600438595e+09  info    client request  {"latency": 0.0000815, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503600930834e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:31:00Z", "duration": "4m59.9069331s"}
gatekeeper_1  | 1.5577503600936885e+09  info    client request  {"latency": 0.0345039, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}

это мой /etc/hosts

192.168.1.132   skynet

это мой файл docker-compose

version: '2.3'

services:

  appserver:
    image: python:2-alpine
    environment:
      HOST: 0.0.0.0
      PORT: 80
    ports:
      - 8081:80
    volumes:
      - ./appserver.py:/appserver.py
    command: [python, /appserver.py]

  postgres:
    image: postgres:11.0
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keycloak -d keycloak"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 5s
    environment:
      POSTGRES_DB:        keycloak
      POSTGRES_USER:      keycloak
      POSTGRES_PASSWORD:  password
    volumes:
      - pg-storage:/var/lib/postgresql/data:Z

  keycloak:
    image: jboss/keycloak:latest
    healthcheck:
      test: ["CMD-SHELL", "curl http://localhost:8080/auth/realms/master"]
      interval: 10s
      timeout: 10s
      retries: 10
      start_period: 8s
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      DB_VENDOR:                POSTGRES
      DB_ADDR:                  postgres
      DB_DATABASE:              keycloak
      DB_USER:                  keycloak
      DB_SCHEMA:                public
      DB_PASSWORD:              password
      KEYCLOAK_USER:            admin
      KEYCLOAK_PASSWORD:        secret
      # PROXY_ADDRESS_FORWARDING: 'true'
    ports:
      - 8080:8080

  gatekeeper:
    image: keycloak/keycloak-gatekeeper:latest
    # restart: unless-stopped
    depends_on:
      keycloak:
        condition: service_healthy
    ports:
      - 3000:3000
    volumes:
      - ./gatekeeper.yaml:/gatekeeper.yaml:ro
    command: [
      --config, "/gatekeeper.yaml",
      --enable-logging, "true",
      --enable-json-logging, "true",
      --verbose, "true"
    ]

volumes:
  pg-storage: null

это мой конфиг привратника


listen: 0.0.0.0:3000
discovery-url: http://skynet:8080/auth/realms/justice-league
upstream-url: http://skynet:8081
# redirection-url: http://192.168.1.132:3000


client-id: service-gatekeeper
client-secret: a02a7867-b713-4b1f-81d7-6bfd07ec7937
enable-default-deny: true
encryption_key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j

match-claims:
  aud: service-gatekeeper
  iss: http://skynet:8080/auth/realms/justice-league


resources:
- uri: /app
  methods:
  - GET
  roles:
  - service-gatekeeper:edit
  require-any-role: true

2

keycloak keycloak-gatekeeper

Источник

user4120599 13 май '19 в 12:23

0 ответов

Другие вопросы по тегам keycloak keycloak-gatekeeper

user11283343 07 апр '20 в 17:20 2020-04-07 17:20 · Answer 1 · 2020-04-07 17:20

Немного поздно, но... У нас была эта проблема, и она была вызвана задержкой в сети, к тому времени, когда Keycloak получал начальный токен для отправки токена доступа, срок действия исходного токена уже истек, и цикл был запущен снова.

Мы увеличили время ожидания входа клиента, и это решило проблему.