duanmu8911 2019-07-28 15:32
浏览 118

如何将Keycloak设置为humhub的身份验证提供程序

I have a local apache2 server running humhub 1.3.14. My goal is to set Keycloak located on my rancher cluster as the authentication provider for humhub.

After selecting "keycloak OpenId Connect" the user is successfully redirected to the keycloak server. After the user has authenticated, keycloak redirects back to my local humhub server. There humhub complains: "Unable to verify JWS: Unsecured connection" . to validate the JWS, humhub uses yii2-authclient/src/OpenIdConnect.php which requires "spomky-labs/jose:~5.0.6" (which is abandoned, but yii2 does still use it).

in humhub/protected/vendor/yiisoft/yii2-authclient/src/OpenIdConnect.php setting

$validateJws = false

does nothing.

humhub/protected/config/common.php:

return [
'params' => [
    'enablePjax' => false
],
'components' => [
    'urlManager' => [
        'showScriptName' => false,
        'enablePrettyUrl' => false,
    ],
'authClientCollection' => [
        'class' => 'yii\authclient\Collection',
    'clients' => [
        'keycloak' => [
        'class' => 'yii\authclient\OpenIdConnect',
        'issuerUrl' => 'https://xxxx/auth/realms/humhub',
        'clientId' => 'humhub',
        'clientSecret' => 'xxxxxxx',
        'name' => 'keycloak',
        'title' => 'Keycloak OpenID Connect',
        'tokenUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/token',
        'authUrl' => 'https://xxxx/auth/realms/humhub/protocol/openid-connect/auth',
        'validateAuthState' => 'false',
        'validateJws' => 'false',

        ],
    ],
    ]
]

];

Can anyone help? Further information required?

UPDATE

After updating "spomky-labs/jose" to "spomky-labs/jose:~6.1.0", the response from humhub changed to:

"Unable to verify JWS: The provided sector identifier URI is not valid: scheme must be one of the following: ["https"]."

UPDATE

I have enabled https also on my local apache2 server which runs humhub. I also downgraded spomky-labs/jose back to version 5.0.6, because of compatibility problems with the current humhub version 1.3.14. After that, the JWS error seems to be fixed but a new error accured:

enter image description here

Coult it be caused by the content type in the JWS which is not "application/json" but instead just "" (empty)? if so, how can this be fixed?

  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 YoloV5 第三方库的版本对照问题
    • ¥15 请完成下列相关问题!
    • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?
    • ¥15 求daily translation(DT)偏差订正方法的代码
    • ¥15 js调用html页面需要隐藏某个按钮
    • ¥15 ads仿真结果在圆图上是怎么读数的
    • ¥20 Cotex M3的调试和程序执行方式是什么样的?
    • ¥20 java项目连接sqlserver时报ssl相关错误
    • ¥15 一道python难题3
    • ¥15 牛顿斯科特系数表表示