如何将Keycloak设置为humhub的身份验证提供程序

I have a local apache2 server running humhub 1.3.14. My goal is to set Keycloak located on my rancher cluster as the authentication provider for humhub.

After selecting "keycloak OpenId Connect" the user is successfully redirected to the keycloak server. After the user has authenticated, keycloak redirects back to my local humhub server. There humhub complains: "Unable to verify JWS: Unsecured connection" . to validate the JWS, humhub uses yii2-authclient/src/OpenIdConnect.php which requires "spomky-labs/jose:~5.0.6" (which is abandoned, but yii2 does still use it).

in humhub/protected/vendor/yiisoft/yii2-authclient/src/OpenIdConnect.php setting

$validateJws = false 

does nothing.

humhub/protected/config/common.php:

return [
'params' => [
    'enablePjax' => false
],
'components' => [
    'urlManager' => [
        'showScriptName' => false,
        'enablePrettyUrl' => false,
    ],
'authClientCollection' => [
        'class' => 'yii\authclient\Collection',
    'clients' => [
        'keycloak' => [
        'class' => 'yii\authclient\OpenIdConnect',
        'issuerUrl' => 'https://xxxx/auth/realms/humhub',
        'clientId' => 'humhub',
        'clientSecret' => 'xxxxxxx',
        'name' => 'keycloak',
        'title' => 'Keycloak OpenID Connect',
        'tokenUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/token',
        'authUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/auth',
        'validateAuthState' => 'false',
        'validateJws' => 'false',

        ],
    ],
    ]
]

];

Can anyone help? Further information required?

UPDATE


After updating "spomky-labs/jose" to "spomky-labs/jose:~6.1.0", the response from humhub changed to:

"Unable to verify JWS: The provided sector identifier URI is not valid: scheme must be one of the following: ["https"]."

UPDATE


I have enabled https also on my local apache2 server which runs humhub. I also downgraded spomky-labs/jose back to version 5.0.6, because of compatibility problems with the current humhub version 1.3.14. After that, the JWS error seems to be fixed but a new error accured:

enter image description here

Coult it be caused by the content type in the JWS which is not "application/json" but instead just "" (empty)? if so, how can this be fixed?

dqwh0109
dqwh0109 是的,你是对的,那比评论更好。
大约一年之前 回复
doutenglou6588
doutenglou6588 您应该在更新标题下的新帖子中添加新信息
大约一年之前 回复
dsyk33753
dsyk33753 将“spomky-labs/jose”更新为“spomky-labs/jose:~6.1.0”之后,humhub的响应变为:“无法验证JWS:提供的扇区标识符URI无效:方案必须是以下之一以下内容:[“https”]。“
大约一年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐