[Apiman-user] Apiman & Keycloak

Tue Sep 1 11:22:28 EDT 2015

http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings -> 'Direct Grant API' -> ON

Now, curl -X POST http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d 'password=demo' -d 'grant_type=password' -d 'client_id=demo'

Works fine!

As a side-note: I would also point your readers towards the Keycloak docs, as this may not be an optimal setup for their real-world requirements (e.g. they may want redirected login-screens, user registration, SAML, etc, etc).

On 01/09/2015 15:54, Charles Moulliard wrote:
>
> On 01/09/15 11:57, Marc Savy wrote:
> > I would suggest you refer to the Keycloak documentation, as there are
> > several ways to skin this particular cat. For instance, how you decide
> > to set up your Keycloak configuration is highly dependent upon your
> > specific requirements; whether you want token grants to be via the
> > API-only, or an HTTP redirect based approach (see:
> > https://keycloak.github.io/docs/userguide/html/access-types.html); how
> > you wish to divide up your application; the level of security you
> > desire; any identity provision sources...
> >
> > At any rate, once you have Keycloak going, you would log in and click
> > on 'create realm' (in my blog demo, that would be
> > http://localhost:8080/auth/admin/master/console/#/create/realm) -
> > then, add your client, roles, users, etc.
> >
>  >> I have created a very basic use case :
> - realm = demo,
> - a user = demo and
> - a client = demo where Direct Grants Only = ON and Access Type = Public
>
> but when I issue a request to get the Access Token,
>
> curl -X POST
> http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H
> "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d
> 'password=demo' -d 'grant_type=password' -d 'client_id=demo'
>
> I get  this error -->
>
> {"error_description":"Direct Grant REST API not
> enabled","error":"not_enabled"}
>
> Here is the demo.json exported file =
> https://gist.github.com/cmoulliard/c25fef751886ace8c354
>
>
> > To make your life simple for demo purposes, I suggest your clients be
> > 'Direct Grants Only' and 'Public'.
> >
> > I'm not entirely clear from your email whether you want to script
> > this, or provide walk-through steps, or provide a pre-baked config
> > (like the blog).
>  >> I would like to include instructions (= step by step instructions) +
> screenshots and also a file (= json exported config) for end users not
> interested to setup Keycloak
> >
> > Do you need to use roles and authorization? Or just simple
> > authentication?
> >
> > Regards,
> > Marc
> >
> >
> > On 01/09/2015 06:20, Charles Moulliard wrote:
> >> This blog refers to a link where we will import a pre-defined config
> >>
> >> First, log into the Keycloak server. If you’re following our
> >> walkthrough, the log-in details are identical to those mentioned earlier
> >> (admin, admin123!). You can see that there is already an apiman realm
> >> defined, but we’re going to create a new one, so navigate to Add Realm
> >> (top right), and import and upload "this demonstration realm definition
> >> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it
> >> provides an extremely simple setup where we have:
> >>
> >> What I would like to explain how we can create this "stottie" config in
> >> Keycloak (step by step, screenshots)
> >>
> >> On 01/09/15 02:19, Eric Wittmann wrote:
> >> > +1
> >> >
> >> > Thanks for responding, Rafael. I had intended to link this very same
> >> > tutorial but then it slipped my mind. :)
> >> >
> >> > On 8/31/2015 5:48 PM, Rafael Soares wrote:
> >> >> Charles,
> >> >>
> >> >>    Recently I followed the "/Keycloak and dagger: Securing your
> >> services
> >> >> with OAuth2/" tutorial [1] and it worked fine! This howto is great!
> >> >>
> >> >> You don't need to do anything on the Fuse/Camel side. All setup is
> >> done
> >> >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and
> >> >> all you need to do is install the Apiman oauth2 keycloak plugin and
> >> >> configure your service policy to use it. The tutorial [1]
> >> describes each
> >> >> step in detail.
> >> >>
> >> >> [1]
> >> >>
> >> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> ________________________
> >> >> Rafael Torres Coelho Soares
> >> >>
> >> >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard
> >> >> <cmoulliard at redhat.com <mailto:cmoulliard at redhat.com>> wrote:
> >> >>
> >> >>      Hi,
> >> >>
> >> >>      I have already asked this question but I need some help to
> >> figure
> >> >> out
> >> >>      what are the steps required to setup Oauth 2 with Keycloak as
> >> I'm
> >> >>      preparing a demo
> >> >> (https://github.com/FuseByExample/rest-dsl-in-action)
> >> >>      covering the point about how to secure & govern Camel REST DSL
> >> >> endpoints
> >> >>      on JBoss Fuse using Apiman & Keycloak ?
> >> >>
> >> >>      I just need the list of the steps to perform from the Web Site.
> >> >> Base on
> >> >>      the input, I will take some screenshots and include the
> >> instructions
> >> >>      within the demo content. Such input could be reused to write
> >> a blog
> >> >>      article too ;-)
> >> >>
> >> >>      Regards,
> >> >>
> >> >>      Charles
> >> >>      _______________________________________________
> >> >>      Apiman-user mailing list
> >> >>      Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
> >> >> https://lists.jboss.org/mailman/listinfo/apiman-user
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> Apiman-user mailing list
> >> >> Apiman-user at lists.jboss.org
> >> >> https://lists.jboss.org/mailman/listinfo/apiman-user
> >> >>
> >>
> >> _______________________________________________
> >> Apiman-user mailing list
> >> Apiman-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>
> >
>