[Apiman-user] Receiving HTML instead of JSON from Keycloak when trying to point apimanui to the API gateway

Paul Blair pblair at clearme.com
Mon Dec 14 17:00:14 EST 2015 

I'm getting a strange error in my production deployment which I'm having difficulty troubleshooting.

After deploying the apiman UI and gateway on separate hosts, according to the production guide I have to point the API Manager to the API gateway. If I hit the "New Gateway" button, I need to add the URI of the gateway.  I'm assuming this should be

[PROTOCOL]://[GATEWAY_HOST]:[GATEWAY_PORT]/apiman-gateway-api/ -- which should also be set as the redirect URI for the gateway in the Apiman realm in Keycloak (followed by a star). This is different from my public endpoint, which is [PROTOCOL]://[GATEWAY_HOST]:[GATEWAY_PORT]/apiman-gateway

When I use the apimanager user (set up in the default realm file) to test the gateway in the "New Gateway" screen I'm getting this error:

Gateway Configuration Invalid
Something has gone wrong when testing the Gateway. Hopefully the details (below) will help you figure out what.

org.codehaus.jackson.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (number, String, array, object, 'true', 'false' or 'null')
 at [Source: org.apache.http.conn.EofSensorInputStream at 450a7e3f; line: 1, column: 2]

If I look at what's happening in the API manager log, it looks like the error is coming from getting HTML back from Keycloak where it's expecting JSON. Is there some configuration I'm missing? Here are the relevant API manager server logs:


21:38:49,715 DEBUG [org.keycloak.adapters.RequestAuthenticator] (default task-1) Bearer AUTHENTICATED
21:38:49,717 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-1) AuthenticatedActionsValve.invoke https://[APIMANUI]/apiman/gateways
...
21:38:50,796 DEBUG [org.apache.http.impl.execchain.MainClientExec] (default task-1) Opening connection {s}->https://[GATEWAY]
...
21:38:50,864 DEBUG [org.apache.http.impl.execchain.MainClientExec] (default task-1) Executing request GET /apiman-gateway-api/system/status HTTP/1.1
21:38:50,864 DEBUG [org.apache.http.impl.execchain.MainClientExec] (default task-1) Proxy auth state: UNCHALLENGED
21:38:50,866 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-0 >> GET /apiman-gateway-api/system/status HTTP/1.1
21:38:50,866 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-0 >> Authorization: Basic YXBpbWFuYWdlcjphcGltYW4xMjMh
21:38:50,866 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-0 >> Host: [GATEWAY]
...
21:38:50,881 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-0 << "HTTP/1.1 302 Found[\r][\n]"
21:38:50,881 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-0 << "Expires: 0[\r][\n]"
21:38:50,881 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-0 << "Set-Cookie: OAuth_Token_Request_State=19/8069a233-7d97-4f9d-8696-673f72815124; secure[\r][\n]"
21:38:50,882 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-0 << "Location: https://[KEYCLOAK]/auth/realms/apiman/protocol/openid-connect/auth?response_type=code&client_id=apiman-gateway-api&redirect_uri=https%3A%2F%2F[GATEWAY]%2Fapiman-gateway-api%2Fsystem%2Fstatus&state=19%2F8069a233-7d97-4f9d-8696-673f72815124&login=true[\r][\n]"
...
21:38:50,894 DEBUG [org.apache.http.client.protocol.ResponseProcessCookies] (default task-1) Cookie accepted [OAuth_Token_Request_State="19/8069a233-7d97-4f9d-8696-673f72815124", version:0, domain:ec2-52-34-81-26.us-west-2.compute.amazonaws.com, path:/apiman-gateway-api/system, expiry:null]
21:38:50,894 DEBUG [org.apache.http.impl.client.DefaultRedirectStrategy] (default task-1) Redirect requested to location 'https://[KEYCLOAK]/auth/realms/apiman/protocol/openid-connect/auth?response_type=code&client_id=apiman-gateway-api&redirect_uri=https%3A%2F%2F[GATEWAY]%2Fapiman-gateway-api%2Fsystem%2Fstatus&state=19%2F8069a233-7d97-4f9d-8696-673f72815124&login=true'
21:38:50,900 DEBUG [org.apache.http.impl.execchain.RedirectExec] (default task-1) Resetting target auth state
21:38:50,900 DEBUG [org.apache.http.impl.execchain.RedirectExec] (default task-1) Redirecting to 'https://[KEYCLOAK]/auth/realms/apiman/protocol/openid-connect/auth?response_type=code&client_id=apiman-gateway-api&redirect_uri=https%3A%2F%2F[GATEWAY]%2Fapiman-gateway-api%2Fsystem%2Fstatus&state=19%2F8069a233-7d97-4f9d-8696-673f72815124&login=true' via {s}->https://[KEYCLOAK]
...
21:38:50,902 DEBUG [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] (default task-1) Connection request: [route: {s}->https://[KEYCLOAK]][total kept alive: 1; route allocated: 0 of 2; total allocated: 1 of 20]
...
21:38:50,935 DEBUG [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] (default task-1) Connection established 172.17.1.52:46173<->172.31.41.242:8443
21:38:50,936 DEBUG [org.apache.http.impl.execchain.MainClientExec] (default task-1) Executing request GET /auth/realms/apiman/protocol/openid-connect/auth?response_type=code&client_id=apiman-gateway-api&redirect_uri=https%3A%2F%2F[GATEWAY]%2Fapiman-gateway-api%2Fsystem%2Fstatus&state=19%2F8069a233-7d97-4f9d-8696-673f72815124&login=true HTTP/1.1
21:38:50,936 DEBUG [org.apache.http.impl.execchain.MainClientExec] (default task-1) Proxy auth state: UNCHALLENGED
21:38:50,936 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-1 >> GET /auth/realms/apiman/protocol/openid-connect/auth?response_type=code&client_id=apiman-gateway-api&redirect_uri=https%3A%2F%2F[GATEWAY]%2Fapiman-gateway-api%2Fsystem%2Fstatus&state=19%2F8069a233-7d97-4f9d-8696-673f72815124&login=true HTTP/1.1
21:38:50,936 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-1 >> Authorization: Basic YXBpbWFuYWdlcjphcGltYW4xMjMh
21:38:50,936 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-1 >> Host: [KEYCLOAK]
21:38:50,936 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-1 >> User-Agent: Apache-HttpClient/4.5 (Java/1.8.0_25)
21:38:50,936 DEBUG [org.apache.http.headers] (default task-1) http-outgoing-1 >> Accept-Encoding: gzip,deflate
...
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "HTTP/1.1 200 OK[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "X-Powered-By: Undertow/1[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Set-Cookie: KC_RESTART=[COOKIE]; Version=1; Path=/auth/realms/apiman; HttpOnly[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Server: WildFly/9[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "X-Frame-Options: SAMEORIGIN[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Content-Security-Policy: frame-src 'self'[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Date: Mon, 14 Dec 2015 21:38:50 GMT[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Connection: keep-alive[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Content-Type: text/html[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "Content-Length: 4171[\r][\n]"
21:38:50,960 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "[\r][\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "<html xmlns="http://www.w3.org/1999/xhtml" class="login-pf">[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "<head>[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "            <meta name="viewport" content="width=device-width,initial-scale=1"/>[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "    <title>        Log in to apiman[\n]"
21:38:50,961 DEBUG [org.apache.http.wire] (default task-1) http-outgoing-1 << "</title>[\n]"
... more html...


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20151214/326bc13d/attachment.html

More information about the Apiman-user mailing list