问题描述
我正在尝试使用 Azure AD 和 Spring Cloud Data Flow 服务器设置 OAuth 身份验证 (OpenID Connect)。以下文档参考但没有帮助。
https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#appendix-identity-provider-azure https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#configuration-security-oauth2
当我在开源云代工厂中推送数据流服务器时,出现以下错误(如果从 application.yml 中删除 OAuth2 配置,则部署时不会出现问题):
redentials/instance.key 和 /etc/cf-instance-credentials/instance.crt 18:16:57.512: [HEALTH.0] 无法建立到端口 8080 的 TCP 连接:连接被拒绝 18:16:57.512:[CELL.0] 1 分钟后超时:健康检查从未通过。 18:16:57.515: [CELL/SSHD.0] 退出状态 0 18:17:07.588:[APP/PROC/WEB.0]退出状态137(超过10s正常关机间隔) 18:17:07.857:[API.3] 进程崩溃,类型为:“web” 18:17:07.931:[API.3] 应用实例退出,guid ff60a149-d91f-4d9c-90b9-661c3bb8ad0f 有效载荷:{"instance"=>"e35f4a5d-a4f0-433d-6546-"index"82" 0,"cell_id"=>"231ab214-d841-46ba-b20f-243aeac9bbfa","reason"=>"CRASHED","exit_description"=>"1m0s 后实例从未健康: 无法建立到端口 8080 的 TCP 连接: 连接拒绝”,“crash_count”=>3,“crash_timestamp”=>1622845027800626529,“版本”=>“3a0686fb-a43a-4528-a425-21a544
从日志中,我没有看到任何 OAuth2.0 设置正在由数据流服务器生效的提示。这是我的与 OAuth2 配置相关的 application.yml 条目:
spring:
cloud:
dataflow:
security:
authorization:
provider-role-mappings:
dataflow-server:
map-oauth-scopes: true
role-mappings:
ROLE_VIEW: dataflow.view
ROLE_CREATE: dataflow.create
ROLE_MANAGE: dataflow.manage
ROLE_DEPLOY: dataflow.deploy
ROLE_DESTROY: dataflow.destroy
ROLE_MODIFY: dataflow.modify
ROLE_SCHEDULE: dataflow.schedule
security:
oauth2:
client:
registration:
dataflow-server:
provider: azure
redirect-uri: 'https://data-flow-server/dashboard'
client-id: 977-95bc-4f3645d77f43
client-secret: ~02K-5pf182_E-x-PWn
authorization-grant-type: authorization_code
scope:
- openid
- profile
- email
- offline_access
- api://dataflow-server/dataflow.view
- api://dataflow-server/dataflow.deploy
- api://dataflow-server/dataflow.destroy
- api://dataflow-server/dataflow.manage
- api://dataflow-server/dataflow.modify
- api://dataflow-server/dataflow.schedule
- api://dataflow-server/dataflow.create
provider:
azure:
issuer-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/v2.0
user-name-attribute: name
access-token-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/token
token-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/token
user-authorization-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/authorize
authorization-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/authorize
resourceserver:
jwt:
jwk-set-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/discovery/v2.0/keys
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)