我第一次尝试在我的应用程序中实现azure ad b2c 安全性,但面临这个问题。请帮助我。
应用程序.属性
spring.application.name=Azure B2C SSO Sample
logging.level.org.springframework.security=trace
logging.level.org.springframework.web=trace
spring.security.oauth2.client.registration.azure.client-id=d9353b2a-a3c1-49c2-9252-77fxxxxxx
spring.security.oauth2.client.registration.azure.client-secret=Idv8Q~BL1GRyirEaO-AXDaSQgFxxxxxx
spring.security.oauth2.client.registration.azure.redirect-uri=http://localhost:8080/login/oauth2/code/azure
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure.client-authentication-method=post
spring.security.oauth2.client.provider.azure.issuer-uri=https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signupsignin
安全配置.java
package config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated() // Secure all requests
)
.oauth2Login(oauth2 -> oauth2 // Configure OAuth2 Login
.authorizationEndpoint(authorization ->
authorization.baseUri("/oauth2/authorize")) // Customize the authorization endpoint
.redirectionEndpoint(redirection ->
redirection.baseUri("/login/oauth2/code/*")) // Customize the redirection endpoint
)
.logout(logout ->
logout.logoutSuccessUrl("/").permitAll() // Redirect to home on logout
);
return http.build(); // Return the built HttpSecurity
}
}
我收到此错误
Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signupsignin"
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:231) ~[spring-security-oauth2-client-6.3.3.jar:6.3.3]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromIssuerLocation(ClientRegistrations.java:152) ~[spring-security-oauth2-client-6.3.3.jar:6.3.3]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesMapper.java:97) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.getClientRegistration(OAuth2ClientPropertiesMapper.java:71) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.lambda$asClientRegistrations$0(OAuth2ClientPropertiesMapper.java:65) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at java.base/java.util.HashMap.forEach(HashMap.java:1429) ~[na:na]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.asClientRegistrations(OAuth2ClientPropertiesMapper.java:64) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:49) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[na:na]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:146) ~[spring-beans-6.1.13.jar:6.1.13]
... 73 common frames omitted
我已经检查了颁发者 uri ,直接在我的浏览器上运行,它返回 json 响应。
我已验证客户端 ID、秘密、颁发者 URI 和重定向 URI。请帮助我。
Issuer Identifier设置
issuer-uri,而不是使用发现端点 URI根据 OIDC 发现规范,配置 URI 是通过将
/.well-known/openid-configurationissueriss在您的情况下,
issuer-urihttps://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/“OpenID 配置”的
issuer 值中所述,并且发现端点 URI 应为 https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration
Microsoft 授权服务器不是 OIDC 提供商p
中的
https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signupsignin请求参数,Spring Security 在启动时尝试获取 OpenID 配置以自动配置
authorization、
token和
jwk-set端点(以及当未请求
userinfo范围时为
openid端点)。此外,如果底层 Microsoft 授权服务器与 Entra ID 相同,则颁发的令牌很可能带有错误的
iss
声明值:围绕
sts.windows.net而不是 OpenIDIssuer Identifier 构建的东西发现端点。 我一个月前就第二点开了一张票,但我通过电子邮件发送给“支持”的人似乎没有遵循规范的链接或理解它:/
解决方案
设置
spring.security.oauth2.client.provider.{provider-id}.issuer-uri 属性,而不是使用发现 URI,并且仅在配置实际的 OIDC 提供程序时执行此操作。否则,将其留空并手动设置提供者的其他每个 URI 属性。