代码之家  ›  专栏  ›  技术社区  ›  kross

Spinnaker GKE oauth-用户信息没有所有必填字段

  •  -1
  • kross  · 技术社区  · 7 年前

    https://www.spinnaker.io/setup/quickstart/halyard-gke-public/

    在本教程之前,spinnaker已确认启动并在上运行 http://localhost:9000 1.3.1 , 1.4.1 1.4.2 .

    在编辑/应用/启用谷歌安全后,我尝试登录,并成功地被谷歌登录屏幕挑战。完成双因素身份验证后,我将按预期重新定向 http://localhost:8084/login ,但我收到以下错误:

    {
      "error": "Unauthorized",
      "message": "Authentication Failed: User's info does not have all required fields.",
      "status": 401,
      "timestamp": 1506985726074
    }
    

    kross@halyard:~$ hal config security authn oauth2 edit --provider google \
    >     --client-id $CLIENT_ID \
    >     --client-secret $CLIENT_SECRET \
    >     --user-info-requirements hd=$DOMAIN
    + Get current deployment
      Success
    + Get authentication settings
      Success
    + Edit oauth2 authentication settings
      Success
    Problems in default.security:
    - WARNING Your UI or API domain does not have override base URLs
      set even though your Spinnaker deployment is a Distributed deployment on a
      remote cloud provider. As a result, you will need to open SSH tunnels against
      that deployment to access Spinnaker.
    ? We recommend that you instead configure an authentication
      mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
      securely, and then register the intended Domain and IP addresses that your
      publicly facing services will be using.
    
    + Successfully edited oauth2 method.
    kross@halyard:~$ hal config security authn oauth2 enable
    + Get current deployment
      Success
    + Edit oauth2 authentication settings
      Success
    Problems in default.security:
    - WARNING Your UI or API domain does not have override base URLs
      set even though your Spinnaker deployment is a Distributed deployment on a
      remote cloud provider. As a result, you will need to open SSH tunnels against
      that deployment to access Spinnaker.
    ? We recommend that you instead configure an authentication
      mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
      securely, and then register the intended Domain and IP addresses that your
      publicly facing services will be using.
    
    + Successfully enabled oauth2
    
    kross@halyard:~$ hal  deploy apply
    + Get current deployment
      Success
    + Apply deployment
      Success
    + Deploy spin-clouddriver
      Success
    + Deploy spin-front50
      Success
    + Deploy spin-orca
      Success
    + Deploy spin-deck
      Success
    + Deploy spin-echo
      Success
    + Deploy spin-gate
      Success
    + Deploy spin-igor
      Success
    + Deploy spin-rosco
      Success
    Problems in default.security:
    - WARNING Your UI or API domain does not have override base URLs
      set even though your Spinnaker deployment is a Distributed deployment on a
      remote cloud provider. As a result, you will need to open SSH tunnels against
      that deployment to access Spinnaker.
    ? We recommend that you instead configure an authentication
      mechanism (OAuth2, SAML2, or x509) to make it easier to access Spinnaker
      securely, and then register the intended Domain and IP addresses that your
      publicly facing services will be using.
    

    我不太确定该怎么办。看起来我是真实的,但由于某种原因,交互中不允许使用必需的用户字段。

    我已经复习过了 spinnaker's authentication setup

    google provider is a packaged OAuth 2 provider with spinnaker

    下一步我可以从哪里开始?有文档的参考/指针吗?

    1 回复  |  直到 7 年前
        1
  •  2
  •   kross    7 年前

    问题是 --user-info-requirements hd=$DOMAIN

    如果您确实使用 --用户信息要求hd=$DOMAIN $DOMAIN 指定的无效,您将收到此错误。请确保使用完全限定的域名作为值。