0

我正在尝试使用 Azure AD 和 Spring Cloud Data Flow 服务器设置 OAuth 身份验证(OpenID Connect)。遵循以下文档参考但没有帮助。

https://docs.spring.io/spring-cloud-dataflow/docs/current/reference/htmlsingle/#appendix-identity-provider-azure https://docs.spring.io/spring-cloud-dataflow/docs/当前/参考/htmlsingle/#configuration-security-oauth2

当我在开源 Cloud Foundry 中推送数据流服务器时,出现以下错误(如果从 application.yml 中删除 OAuth2 配置,它会毫无问题地部署):

redentials/instance.key 和 /etc/cf-instance-credentials/instance.crt 18:16:57.512: [HEALTH.0] 无法与端口 8080 建立 TCP 连接:连接被拒绝 18:16:57.512: [CELL.0 ] 1m0s 后超时:健康检查从未通过。18:16:57.515:[CELL/SSHD.0] 退出状态 0 18:17:07.588:[APP/PROC/WEB.0] 退出状态 137(超过 10 秒的正常关机间隔) 18:17:07.857:[API. 3] 进程已崩溃,类型为:“web”18:17:07.931:[API.3] 应用程序实例以 guid ff60a149-d91f-4d9c-90b9-661c3bb8ad0f 有效负载退出:{“instance”=>“e35f4a5d-a4f0-433d -6546-82ed", "index"=>0, "cell_id"=>"231ab214-d841-46ba-b20f-243aeac9bbfa", "reason"=>"CRASHED", "exit_description"=>"实例在 1m0s 后不再健康: 无法与端口 8080 建立 TCP 连接:

从日志中,我没有看到 OAuth2.0 设置正在由数据流服务器生效的任何提示。这是我与 OAuth2 配置相关的 application.yml 条目:

spring:
  cloud:
    dataflow:
      security:
        authorization:
          provider-role-mappings:
            dataflow-server:
              map-oauth-scopes: true
              role-mappings:
                ROLE_VIEW: dataflow.view
                ROLE_CREATE: dataflow.create
                ROLE_MANAGE: dataflow.manage
                ROLE_DEPLOY: dataflow.deploy
                ROLE_DESTROY: dataflow.destroy
                ROLE_MODIFY: dataflow.modify
                ROLE_SCHEDULE: dataflow.schedule
  security:
    oauth2:
      client:
        registration:
          dataflow-server:
            provider: azure
            redirect-uri: 'https://data-flow-server/dashboard'
            client-id: 977-95bc-4f3645d77f43
            client-secret: ~02K-5pf182_E-x-PWn
            authorization-grant-type: authorization_code
            scope:
            - openid
            - profile
            - email
            - offline_access
            - api://dataflow-server/dataflow.view
            - api://dataflow-server/dataflow.deploy
            - api://dataflow-server/dataflow.destroy
            - api://dataflow-server/dataflow.manage
            - api://dataflow-server/dataflow.modify
            - api://dataflow-server/dataflow.schedule
            - api://dataflow-server/dataflow.create
        provider:
          azure:
            issuer-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/v2.0
            user-name-attribute: name
            access-token-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/token
            token-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/token
            user-authorization-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/authorize
            authorization-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/oauth2/v2.0/authorize
      resourceserver:
        jwt:
          jwk-set-uri: https://login.microsoftonline.com/sdf3s-3244f65-b82d-5ec2fd32d5aa/discovery/v2.0/keys
4

0 回答 0