admin管理员组

文章数量:1122832

i have a Flask application running on https 172.16.150.36:5000

app = Flask(__name__)
app.config.from_pyfile("idp.py")
oidc = OpenIDConnect(app)

the idp.py

SECRET_KEY = ‘12345678’

OIDC_CLIENT_SECRETS = "/code/app/client_secret.json"
OIDC_RESOURCE_SERVER_ONLY = False
OIDC_SCOPES = ["openid", "email", "profile"]
OIDC_INTROSPECTION_AUTH_METHOD = "client_secret_post"
OIDC_RESOURCE_CHECK_AUD = True

and the client_secret.json

{
     "web": {
       "client_id": "km3-connector",
       "client_secret": "aO71fP5MBaBJdKowaIhadM5hYztPKMOD",
       "auth_uri": "https 172.16.65.49:8443/realms/jb/protocol/openid-connect/auth",
      "token_uri": "https 172.16.65.49:8443/realms/jb/protocol/openid-connect/token",
       "userinfo_uri": "https 172.16.65.49:8443/realms/jb/protocol/openid-connect/userinfo",
       "issuer": "https 172.16.65.49:8443/realms/jb",
       "redirect_uris": [
         "https 172.16.150.36:5000/*"
       ]
     }
}

So in keycloak 26 i have configurated a client service called km3-connector like OIDC root url: https 172.16.150.36:5000/ valid redirect uris: https 172.16.150.36:5000/, http 172.16.150.36:5000/ client auth ON with Authentication flow → Standard flow & Direct access grants

the external IDP give to me the metadata xml so i have created the IDP SAML redirect URI: https 172.16.65.49:8443/realms/jb/broker/km3db/endpoint service provider entity: https 172.16.65.49:8443/realms/jb and set identity provider entity ID, SSO login and SSO logout with his data rest options are all OFF (no assertion signed or encrypted no authrequest signed, ecc)

this is my views.py

@app.route("/abc")
def index_():
    if oidc.user_loggedin:
        return jsonify({"Hello" : f"{oidc.user_getfield('email')}!"})
    else:
        return jsonify({'a' : 'Welcome, please <a href="/login_">log in</a>.'})

@app.route("/login_")
@oidc.require_login
def login_():
    return redirect(url_for("index_"))

@app.route("/logout_")
def logout_():
    oidc.logout_()
    return redirect(url_for("index_"))

when i go in https 172.16.150.36:5000/login_ flask redirect me to my keycloak server https 172.16.65.49:8443/realms/jb/protocol/openid-connect/auth?client_id=km3-connector&redirect_uri=https%253A%252F%252F172.16.150.36%253A5000%252Foidc_callbac…

i see the alias of my idp, click on it and redirect to SSO login. When i try to login i can see the SAML from idp with login ok, keycloak add the new user discovered but the flow redirect me to

https 172.16.150.36:5000/oidc_callback?state=eyJjc3JmX3Rva2VuIjogInprNi1BMHFVZUxiMzNLMmlzU05RUlQ3djUwSkFDMWptIiwgImRlc3RpbmF0aW9uIjogImV5SmhiR2NpT2lKSVV6VXhNaUo5LkltaDBkSEJ6T2k4dk1UY3lMakUyTGpFMU1DNHpOam8xTURBd0wyeHZaMmx1WHlJLl9vUVFfRW9KYWFPUFpqLTlEeC15b0RzNUF6MVZJQmVkSGNndWNvdjRGREFaRmlGc3RueFItckQzQ2FwNlRfVXhjdFJuWEtRcUQyVDdzOUw2MGh6NDVnIn0%3D&session_state=1efef2f0-8821-4d3b-85b2-ece9fe6f28c9&iss=https%3A%2F%2F172.16.65.49%3A8443%2Frealms%2Fjb&code=9aba3b71-b33a-4f67-b83a-40ae002a3ab2.1efef2f0-8821-4d3b-85b2-ece9fe6f28c9.d9294025-03bb-4156-9390-b30985d37971

where a page with error

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1091)

is showed… why??? The external IDP asked me just the redirect uri that i gave https 172.16.65.49:8443/realms/jb/broker/km3db/endpoint and my service provider entity: https 172.16.65.49:8443/realms/jb

What’s the problem? p.s. my ssl certs are all self-signed

本文标签: Flask to Keycloak to SAML External IDP sslSSLCertVerificationErrorStack Overflow

版权声明:本文标题:Flask to Keycloak to SAML External IDP ssl.SSLCertVerificationError? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736309327a1933981.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。