Raouf Rhimi
Reputation: 11
How to integrate spring authorization server into keycloak as OIDC an identity proivider
i have implemented a simple authorization server with Spring boot.my goal is to use it as an OIDC identity provider an register it with keycloak. this is my configuration:
@Configuration
@Import(OAuth2AuthorizationServerConfiguration.class)
public class AuthorizationServerConfig {
@Bean
public RegisteredClientRepository registeredClientRepository() {
RegisteredClient registeredClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("client")
.clientSecret("{noop}secret")
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.redirectUri("http://KEYCLOAK_URL:8082/*")
.scope(OidcScopes.OPENID)
.build();
return new InMemoryRegisteredClientRepository(registeredClient);
}
@Bean
UserDetailsService users() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("admin")
.roles("ADMIN")
.build();
UserDetails user2 = User.withDefaultPasswordEncoder()
.username("test")
.password("test")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user,user2);
}
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
public SecurityFilterChain authServerSecurityFilterChain(HttpSecurity http) throws Exception {
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
return http.formLogin(Customizer.withDefaults()).build();
}
@Bean
public JWKSource<SecurityContext> jwkSource() throws NoSuchAlgorithmException {
RSAKey rsaKey = generateRsa();
JWKSet jwkSet = new JWKSet(rsaKey);
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
private static RSAKey generateRsa() throws NoSuchAlgorithmException {
KeyPair keyPair = generateRsaKey();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
return new RSAKey.Builder(publicKey)
.privateKey(privateKey)
.keyID(UUID.randomUUID().toString())
.build();
}
private static KeyPair generateRsaKey() throws NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
return keyPairGenerator.generateKeyPair();
}
@Bean
public ProviderSettings providerSettings() {
return ProviderSettings.builder()
.issuer("http://AUTH_SRVER_URL:9000")
.build();
}
}
@EnableWebSecurity
public class DefaultSecurityConfig {
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin();
return http.build();
}
}
then i registered the string authorization server as an idp in keycloak. when i perform "login_with_spring" it redirects me to spring auth server login page. after submitting the form, it doesn't redirect me back to keycloak.
Upvotes: 1
Views: 350
Answers (1)
Steve Riesenberg
Reputation: 6158
It looks like you've configured client_credentials as the grant type, but are attempting to use it with OpenID Connect 1.0. OIDC works with the authorization_code grant type. I haven't tested the setup you are describing here, but I believe you can simply use instead:
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
Upvotes: 0
Related Questions
- How to retrieve JSON from an element with Selenium?
- How to extract the values from the response body in postman
- Java Selenium get JSON response body
- how to grab from JSON in selenium python
- How to fetch a parameter value from parsed String (Json Request)
- How can I get a specific response value from response body in postman
- How to get Json response by selenium webdriver using Java?
- How to read data from an API which returns data in json in selenium webdriver?
- Read JSON response in Python
- Get json field values from a response when using robotframework