我第一次尝试在我的应用程序中实现azure ad b2c 安全性,但面临这个问题。请帮助我。
应用程序.属性
spring.application.name=Azure B2C SSO Sample
logging.level.org.springframework.security=trace
logging.level.org.springframework.web=trace
spring.security.oauth2.client.registration.azure.client-id=d9353b2a-a3c1-49c2-9252-77fxxxxxx
spring.security.oauth2.client.registration.azure.client-secret=Idv8Q~BL1GRyirEaO-AXDaSQgFxxxxxx
spring.security.oauth2.client.registration.azure.redirect-uri=http://localhost:8080/login/oauth2/code/azure
spring.security.oauth2.client.registration.azure.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.azure.client-authentication-method=post
spring.security.oauth2.client.provider.azure.issuer-uri=https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signupsignin
安全配置.java
package config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated() // Secure all requests
)
.oauth2Login(oauth2 -> oauth2 // Configure OAuth2 Login
.authorizationEndpoint(authorization ->
authorization.baseUri("/oauth2/authorize")) // Customize the authorization endpoint
.redirectionEndpoint(redirection ->
redirection.baseUri("/login/oauth2/code/*")) // Customize the redirection endpoint
)
.logout(logout ->
logout.logoutSuccessUrl("/").permitAll() // Redirect to home on logout
);
return http.build(); // Return the built HttpSecurity
}
}
我收到此错误
Caused by: java.lang.IllegalArgumentException: Unable to resolve Configuration with the provided Issuer of "https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signupsignin"
at org.springframework.security.oauth2.client.registration.ClientRegistrations.getBuilder(ClientRegistrations.java:231) ~[spring-security-oauth2-client-6.3.3.jar:6.3.3]
at org.springframework.security.oauth2.client.registration.ClientRegistrations.fromIssuerLocation(ClientRegistrations.java:152) ~[spring-security-oauth2-client-6.3.3.jar:6.3.3]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.getBuilderFromIssuerIfPossible(OAuth2ClientPropertiesMapper.java:97) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.getClientRegistration(OAuth2ClientPropertiesMapper.java:71) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.lambda$asClientRegistrations$0(OAuth2ClientPropertiesMapper.java:65) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at java.base/java.util.HashMap.forEach(HashMap.java:1429) ~[na:na]
at org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper.asClientRegistrations(OAuth2ClientPropertiesMapper.java:64) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientRegistrationRepositoryConfiguration.clientRegistrationRepository(OAuth2ClientRegistrationRepositoryConfiguration.java:49) ~[spring-boot-autoconfigure-3.3.4.jar:3.3.4]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:580) ~[na:na]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:146) ~[spring-beans-6.1.13.jar:6.1.13]
... 73 common frames omitted
我已经检查了颁发者 uri ,直接在我的浏览器上运行,它返回 json 响应。
我已验证客户端 ID、秘密、颁发者 URI 和重定向 URI。请帮助我。
根据 OIDC 配置发现规范,配置 URI 是通过在
Issuer Identifier添加
/.well-known/openid-configuration.well-known/openid-configuration 来获取的(OpenID 配置中 issueriss因此,如果您的授权服务器符合 OIDC,则其 Issuer Identifier 将为
https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/“OpenID 配置”的
issuer 值中所述
不幸的是:
https://learningakash.b2clogin.com/learningakash.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signupsignin看起来像一个格式错误的发现端点 -
p请求参数在那里没有任何作用,Spring Security 很难从
issuerURI 推断它以在启动时获取 OpenID 配置。
iss声明值:围绕
sts.windows.net而不是在发现端点上找到的 OpenID发行者标识符 构建的内容
解决方案