Question

在docker-compose.yaml中使用仅包含keycloak + keycloak网关+基本hello world服务器的基本设置，我将端口绑定到localhost。

在hittint localhost：3000 / app上的浏览器中，它要求登录，登录后进入307循环直到给出错误为止

skynet redirected you too many times.

这是码头工人日志

gatekeeper_1  | 1.5577503597710125e+09  error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503597711482e+09  info    client request  {"latency": 0.0001417, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/app"}
gatekeeper_1  | 1.5577503597758873e+09  info    client request  {"latency": 0.0001075, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503598393035e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.1607132s"}
gatekeeper_1  | 1.5577503598394403e+09  info    client request  {"latency": 0.0488485, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.557750359842182e+09   error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503598422916e+09  info    client request  {"latency": 0.0001062, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503598452325e+09  info    client request  {"latency": 0.0001103, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503599140193e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.0860053s"}
gatekeeper_1  | 1.5577503599142253e+09  info    client request  {"latency": 0.0468151, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.5577503599177747e+09  error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503599179156e+09  info    client request  {"latency": 0.0001666, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503599206538e+09  info    client request  {"latency": 0.0000965, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.557750359972925e+09   info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.0270923s"}
gatekeeper_1  | 1.5577503599730272e+09  info    client request  {"latency": 0.0356627, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.5577503599757788e+09  error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503599758906e+09  info    client request  {"latency": 0.0001187, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503599789677e+09  info    client request  {"latency": 0.0000897, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503600374641e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:31:00Z", "duration": "4m59.9625537s"}
gatekeeper_1  | 1.557750360037571e+09   info    client request  {"latency": 0.0470309, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1  | 1.557750360040543e+09   error   no session found in request, redirecting for authorization      {"error": "authentication session not found"}
gatekeeper_1  | 1.5577503600406244e+09  info    client request  {"latency": 0.0000851, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1  | 1.5577503600438595e+09  info    client request  {"latency": 0.0000815, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1  | 1.5577503600930834e+09  info    issuing access token for user   {"email": "", "expires": "2019-05-13T12:31:00Z", "duration": "4m59.9069331s"}
gatekeeper_1  | 1.5577503600936885e+09  info    client request  {"latency": 0.0345039, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}

这是我的/ etc / hosts

192.168.1.132   skynet

这是我的docker-compose文件

version: '2.3'

services:

  appserver:
    image: python:2-alpine
    environment:
      HOST: 0.0.0.0
      PORT: 80
    ports:
      - 8081:80
    volumes:
      - ./appserver.py:/appserver.py
    command: [python, /appserver.py]

  postgres:
    image: postgres:11.0
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U keycloak -d keycloak"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 5s
    environment:
      POSTGRES_DB:        keycloak
      POSTGRES_USER:      keycloak
      POSTGRES_PASSWORD:  password
    volumes:
      - pg-storage:/var/lib/postgresql/data:Z

  keycloak:
    image: jboss/keycloak:latest
    healthcheck:
      test: ["CMD-SHELL", "curl http://localhost:8080/auth/realms/master"]
      interval: 10s
      timeout: 10s
      retries: 10
      start_period: 8s
    depends_on:
      postgres:
        condition: service_healthy
    environment:
      DB_VENDOR:                POSTGRES
      DB_ADDR:                  postgres
      DB_DATABASE:              keycloak
      DB_USER:                  keycloak
      DB_SCHEMA:                public
      DB_PASSWORD:              password
      KEYCLOAK_USER:            admin
      KEYCLOAK_PASSWORD:        secret
      # PROXY_ADDRESS_FORWARDING: 'true'
    ports:
      - 8080:8080

  gatekeeper:
    image: keycloak/keycloak-gatekeeper:latest
    # restart: unless-stopped
    depends_on:
      keycloak:
        condition: service_healthy
    ports:
      - 3000:3000
    volumes:
      - ./gatekeeper.yaml:/gatekeeper.yaml:ro
    command: [
      --config, "/gatekeeper.yaml",
      --enable-logging, "true",
      --enable-json-logging, "true",
      --verbose, "true"
    ]

volumes:
  pg-storage: null

这是我的网守配置


listen: 0.0.0.0:3000
discovery-url: http://skynet:8080/auth/realms/justice-league
upstream-url: http://skynet:8081
# redirection-url: http://192.168.1.132:3000


client-id: service-gatekeeper
client-secret: a02a7867-b713-4b1f-81d7-6bfd07ec7937
enable-default-deny: true
encryption_key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j

match-claims:
  aud: service-gatekeeper
  iss: http://skynet:8080/auth/realms/justice-league


resources:
- uri: /app
  methods:
  - GET
  roles:
  - service-gatekeeper:edit
  require-any-role: true

Answer 1

有点晚了，但是...我们遇到了这个问题，这是由网络延迟引起的，当时Keycloak正在接收初始令牌以调度访问令牌，初始令牌已经过期，并且周期再次开始。

我们增加了客户端登录超时，它解决了该问题。

登录后的密钥斗篷网关ERR_TOO_MANY_REDIRECTS

1 个答案: