在docker-compose.yaml中使用仅包含keycloak + keycloak网关+基本hello world服务器的基本设置,我将端口绑定到localhost。
在hittint localhost:3000 / app上的浏览器中,它要求登录,登录后进入307循环直到给出错误为止
skynet redirected you too many times.
这是码头工人日志
gatekeeper_1 | 1.5577503597710125e+09 error no session found in request, redirecting for authorization {"error": "authentication session not found"}
gatekeeper_1 | 1.5577503597711482e+09 info client request {"latency": 0.0001417, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/app"}
gatekeeper_1 | 1.5577503597758873e+09 info client request {"latency": 0.0001075, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1 | 1.5577503598393035e+09 info issuing access token for user {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.1607132s"}
gatekeeper_1 | 1.5577503598394403e+09 info client request {"latency": 0.0488485, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1 | 1.557750359842182e+09 error no session found in request, redirecting for authorization {"error": "authentication session not found"}
gatekeeper_1 | 1.5577503598422916e+09 info client request {"latency": 0.0001062, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1 | 1.5577503598452325e+09 info client request {"latency": 0.0001103, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1 | 1.5577503599140193e+09 info issuing access token for user {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.0860053s"}
gatekeeper_1 | 1.5577503599142253e+09 info client request {"latency": 0.0468151, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1 | 1.5577503599177747e+09 error no session found in request, redirecting for authorization {"error": "authentication session not found"}
gatekeeper_1 | 1.5577503599179156e+09 info client request {"latency": 0.0001666, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1 | 1.5577503599206538e+09 info client request {"latency": 0.0000965, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1 | 1.557750359972925e+09 info issuing access token for user {"email": "", "expires": "2019-05-13T12:30:59Z", "duration": "4m59.0270923s"}
gatekeeper_1 | 1.5577503599730272e+09 info client request {"latency": 0.0356627, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1 | 1.5577503599757788e+09 error no session found in request, redirecting for authorization {"error": "authentication session not found"}
gatekeeper_1 | 1.5577503599758906e+09 info client request {"latency": 0.0001187, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1 | 1.5577503599789677e+09 info client request {"latency": 0.0000897, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1 | 1.5577503600374641e+09 info issuing access token for user {"email": "", "expires": "2019-05-13T12:31:00Z", "duration": "4m59.9625537s"}
gatekeeper_1 | 1.557750360037571e+09 info client request {"latency": 0.0470309, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
gatekeeper_1 | 1.557750360040543e+09 error no session found in request, redirecting for authorization {"error": "authentication session not found"}
gatekeeper_1 | 1.5577503600406244e+09 info client request {"latency": 0.0000851, "status": 307, "bytes": 95, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/"}
gatekeeper_1 | 1.5577503600438595e+09 info client request {"latency": 0.0000815, "status": 307, "bytes": 303, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/authorize"}
gatekeeper_1 | 1.5577503600930834e+09 info issuing access token for user {"email": "", "expires": "2019-05-13T12:31:00Z", "duration": "4m59.9069331s"}
gatekeeper_1 | 1.5577503600936885e+09 info client request {"latency": 0.0345039, "status": 307, "bytes": 37, "client_ip": "172.31.0.1:47246", "method": "GET", "path": "/oauth/callback"}
这是我的/ etc / hosts
192.168.1.132 skynet
这是我的docker-compose文件
version: '2.3'
services:
appserver:
image: python:2-alpine
environment:
HOST: 0.0.0.0
PORT: 80
ports:
- 8081:80
volumes:
- ./appserver.py:/appserver.py
command: [python, /appserver.py]
postgres:
image: postgres:11.0
healthcheck:
test: ["CMD-SHELL", "pg_isready -U keycloak -d keycloak"]
interval: 10s
timeout: 5s
retries: 3
start_period: 5s
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
volumes:
- pg-storage:/var/lib/postgresql/data:Z
keycloak:
image: jboss/keycloak:latest
healthcheck:
test: ["CMD-SHELL", "curl http://localhost:8080/auth/realms/master"]
interval: 10s
timeout: 10s
retries: 10
start_period: 8s
depends_on:
postgres:
condition: service_healthy
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: secret
# PROXY_ADDRESS_FORWARDING: 'true'
ports:
- 8080:8080
gatekeeper:
image: keycloak/keycloak-gatekeeper:latest
# restart: unless-stopped
depends_on:
keycloak:
condition: service_healthy
ports:
- 3000:3000
volumes:
- ./gatekeeper.yaml:/gatekeeper.yaml:ro
command: [
--config, "/gatekeeper.yaml",
--enable-logging, "true",
--enable-json-logging, "true",
--verbose, "true"
]
volumes:
pg-storage: null
这是我的网守配置
listen: 0.0.0.0:3000
discovery-url: http://skynet:8080/auth/realms/justice-league
upstream-url: http://skynet:8081
# redirection-url: http://192.168.1.132:3000
client-id: service-gatekeeper
client-secret: a02a7867-b713-4b1f-81d7-6bfd07ec7937
enable-default-deny: true
encryption_key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
match-claims:
aud: service-gatekeeper
iss: http://skynet:8080/auth/realms/justice-league
resources:
- uri: /app
methods:
- GET
roles:
- service-gatekeeper:edit
require-any-role: true
答案 0 :(得分:0)
有点晚了,但是...我们遇到了这个问题,这是由网络延迟引起的,当时Keycloak正在接收初始令牌以调度访问令牌,初始令牌已经过期,并且周期再次开始。
我们增加了客户端登录超时,它解决了该问题。