0
我正在嘗試使用OpenAM OpenID連接提供程序爲聯合配置Keystone。當我訪問地平線儀表盤驗證用戶雖然OpenID的連接,我收到以下錯誤:OpenStack Keystone:OpenID Connect提供程序返回錯誤
的ID連接提供商返回錯誤
在Apache日誌,以下錯誤我看到:
2016-08-16 11:56:39.768428 oidc_util_http_call: curl_easy_perform() failed on: (null) (No URL set!)
2016-08-16 11:56:39.768461 oidc_proto_get_key_from_jwk_uri: could not resolve JSON Web Keys
2016-08-16 11:56:39.768478 oidc_proto_idtoken_verify_signature: could not find a key in the JSON Web Keys
2016-08-16 11:56:39.768481 oidc_proto_parse_idtoken: id_token signature could not be validated, aborting
2016-08-16 11:56:39.768485 oidc_handle_authorization_response: could not parse or verify the id_token contents, return HTTP_UNAUTHORIZED
我不知道我在做什麼錯誤。當我使用accounts.google.com OpenID連接提供程序進行配置時,我做了同樣的事情。在那種情況下,它運行良好。 請幫我指出我在做什麼錯誤。
這裏遵循Apache的主機配置:
<VirtualHost *:5000>
...
OIDCClaimPrefix "OIDC-"
OIDCResponseType "id_token"
OIDCScope "openid email profile"
OIDCProviderIssuer https://openam.example.com:8443/openam
OIDCProviderAuthorizationEndpoint https://openam.example.com:8443/openam/oauth2/authorize
OIDCProviderTokenEndpoint https://openam.example.com:8443/openam/oauth2/access_token
OIDCProviderTokenEndpointAuth client_secret_post
OIDCProviderUserInfoEndpoint https://openam.example.com:8443/openam/oauth2/userinfo
OIDCClientID MyClientID
OIDCClientSecret password
OIDCCryptoPassphrase password
OIDCRedirectURI "http://localhost:5000/v3/OS-FEDERATION/identity_providers/openam_idp/protocols/oidc/auth/redirect"
<LocationMatch /v3/OS-FEDERATION/identity_providers/.*?/protocols/oidc/auth>
AuthType openid-connect
Require valid-user
LogLevel debug
</LocationMatch>
OIDCRedirectURI "http://keystonegoogle.com:5000/v3/auth/OS-FEDERATION/websso/redirect"
OIDCRedirectURI "http://keystonegoogle.com:5000/v3/auth/OS-FEDERATION/websso/oidc/redirect"
<Location ~ "/v3/auth/OS-FEDERATION/websso/oidc">
AuthType openid-connect
Require valid-user
</Location>
</VirtualHost>
我創建了OpenStack的映射如下:
[
{
"local": [
{
"group": {
"id": "a79b39d875ad4c80a120213c09e6778a"
}
}
],
"remote": [
{
"type": "HTTP_OIDC_ISS",
"any_one_of": [
"https://openam.example.com:8443/openam"
]
}
]
}
]
你有沒有配置反向代理的OpenAM揭露知名根環境下的端點? –