[Apiman-user] Help with ApiMan oAuth2 plugin tutorial
Rafael Soares
rafaelcba at gmail.com
Tue Aug 25 17:42:08 EDT 2015
Hello all!
I'm trying to follow the tutorial for the oAuth2 plugin [1] but I had some
issues.
The authentication policy worked fine! After adding the second policy
(Authorization) I get the following response error
HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 238
Content-Type: application/json
Date: Tue, 25 Aug 2015 21:12:31 GMT
Server: WildFly/8
X-Policy-Failure-Code: 10010
X-Policy-Failure-Message: No roles have been extracted during
authentication. Make sure the authorization policy comes *after* a
compatible authentication policy in your configuration.
X-Policy-Failure-Type: Other
X-Powered-By: Undertow/1
{
"failureCode": 10010,
"headers": {},
"message": *"No roles have been extracted during authentication. Make
sure the authorization policy comes *after* a compatible authentication
policy in your configuration.*",
"responseCode": 0,
"type": "Other"
}
but my JWT access_token appears to be right. I mean, I can see the roles in
it. See my access_toke decoded:
{
"preferred_username": "rincewind",
"name": "",
"resource_access": {
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"*realm_access": {
*
* "roles": [
*
* "echomeister"*
* ]
*
* }*,
"allowed-origins": [],
"client_session": "b25536e6-4331-46fd-afe1-b0adf766b533",
"session_state": "213e75e1-bf8b-4f0c-808e-683fb3a4c1de",
"jti": "43c59d9a-b659-4708-a1da-968ea23004d7",
"exp": 1440536956,
"nbf": 0,
"iat": 1440536656,
"iss": "http://127.0.0.1:8080/auth/realms/stottie",
"aud": "apiman",
"sub": "de4af322-85b2-4dbe-8d53-6a2ee29e4080",
"azp": "apiman"
}
As you can see the "*echomeister*" realm_role is there...
What this response message means?
[1]
http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
________________________
Rafael Torres Coelho Soares
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150825/0e061bef/attachment.html
More information about the Apiman-user
mailing list