[Apiman-user] Apiman & Keycloak

Eric Wittmann eric.wittmann at redhat.com
Tue Sep 1 13:24:18 EDT 2015


Well that's pretty cool. :)

On 9/1/2015 12:09 PM, Rafael Soares wrote:
> Hi!
>
> One nice thing you could add to your post is the use of Postman REST
> Client App [1] (Chrome addon).
> Postman offers a way to get an oAuth2 access_token (JWT) and add it to
> your request. All visually without have to get the access_token using
> 'curl' or 'httpie' (CLI utilities).
>
> See the attached Screenshot. I used it for my demos when working with
> REST endpoints. I managed to get it working with the APIMan/Keycloak oauth2.
>
> [1] https://www.getpostman.com/
>
>
>
> ________________________
> Rafael Torres Coelho Soares
>
> On Tue, Sep 1, 2015 at 12:41 PM, Charles Moulliard <cmoullia at redhat.com
> <mailto:cmoullia at redhat.com>> wrote:
>
>     Fixed after changing user parameter. I'm able to get an access token
>
>     So i will be able to take some screenshots now & elaborate the
>     instructions as addon of the excellent apiman & keycloak blog
>     article ;-)
>
>     Sent from my iPhone
>
>      > On 1 sept. 2015, at 17:36, Charles Moulliard <cmoullia at redhat.com
>     <mailto:cmoullia at redhat.com>> wrote:
>      >
>      > Works better now. I have also reseted the password to demo and I
>     get an account temporarily disabled
>      >
>      > Sent from my iPhone
>      >
>      >> On 1 sept. 2015, at 17:22, Marc Savy <marc.savy at redhat.com
>     <mailto:marc.savy at redhat.com>> wrote:
>      >>
>      >>
>     http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings
>     -> 'Direct Grant API' -> ON
>      >>
>      >> Now, curl -X POST
>     http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token
>     -H "Content-Type: application/x-www-form-urlencoded" -d
>     "username=demo" -d 'password=demo' -d 'grant_type=password' -d
>     'client_id=demo'
>      >>
>      >> Works fine!
>      >>
>      >> As a side-note: I would also point your readers towards the
>     Keycloak docs, as this may not be an optimal setup for their
>     real-world requirements (e.g. they may want redirected
>     login-screens, user registration, SAML, etc, etc).
>      >>
>      >>> On 01/09/2015 15:54, Charles Moulliard wrote:
>      >>>
>      >>> On 01/09/15 11:57, Marc Savy wrote:
>      >>>> I would suggest you refer to the Keycloak documentation, as
>     there are
>      >>>> several ways to skin this particular cat. For instance, how
>     you decide
>      >>>> to set up your Keycloak configuration is highly dependent upon
>     your
>      >>>> specific requirements; whether you want token grants to be via the
>      >>>> API-only, or an HTTP redirect based approach (see:
>      >>>>
>     https://keycloak.github.io/docs/userguide/html/access-types.html); how
>      >>>> you wish to divide up your application; the level of security you
>      >>>> desire; any identity provision sources...
>      >>>>
>      >>>> At any rate, once you have Keycloak going, you would log in
>     and click
>      >>>> on 'create realm' (in my blog demo, that would be
>      >>>> http://localhost:8080/auth/admin/master/console/#/create/realm) -
>      >>>> then, add your client, roles, users, etc.
>      >>>>
>      >>>>> I have created a very basic use case :
>      >>> - realm = demo,
>      >>> - a user = demo and
>      >>> - a client = demo where Direct Grants Only = ON and Access Type
>     = Public
>      >>>
>      >>> but when I issue a request to get the Access Token,
>      >>>
>      >>> curl -X POST
>      >>>
>     http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H
>      >>> "Content-Type: application/x-www-form-urlencoded" -d
>     "username=demo" -d
>      >>> 'password=demo' -d 'grant_type=password' -d 'client_id=demo'
>      >>>
>      >>> I get  this error -->
>      >>>
>      >>> {"error_description":"Direct Grant REST API not
>      >>> enabled","error":"not_enabled"}
>      >>>
>      >>> Here is the demo.json exported file =
>      >>> https://gist.github.com/cmoulliard/c25fef751886ace8c354
>      >>>
>      >>>
>      >>>> To make your life simple for demo purposes, I suggest your
>     clients be
>      >>>> 'Direct Grants Only' and 'Public'.
>      >>>>
>      >>>> I'm not entirely clear from your email whether you want to script
>      >>>> this, or provide walk-through steps, or provide a pre-baked config
>      >>>> (like the blog).
>      >>>>> I would like to include instructions (= step by step
>     instructions) +
>      >>> screenshots and also a file (= json exported config) for end
>     users not
>      >>> interested to setup Keycloak
>      >>>>
>      >>>> Do you need to use roles and authorization? Or just simple
>      >>>> authentication?
>      >>>>
>      >>>> Regards,
>      >>>> Marc
>      >>>>
>      >>>>
>      >>>>> On 01/09/2015 06:20, Charles Moulliard wrote:
>      >>>>> This blog refers to a link where we will import a pre-defined
>     config
>      >>>>>
>      >>>>> First, log into the Keycloak server. If you’re following our
>      >>>>> walkthrough, the log-in details are identical to those
>     mentioned earlier
>      >>>>> (admin, admin123!). You can see that there is already an
>     apiman realm
>      >>>>> defined, but we’re going to create a new one, so navigate to
>     Add Realm
>      >>>>> (top right), and import and upload "this demonstration realm
>     definition
>      >>>>> -
>     http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it
>      >>>>> provides an extremely simple setup where we have:
>      >>>>>
>      >>>>> What I would like to explain how we can create this "stottie"
>     config in
>      >>>>> Keycloak (step by step, screenshots)
>      >>>>>
>      >>>>>> On 01/09/15 02:19, Eric Wittmann wrote:
>      >>>>>> +1
>      >>>>>>
>      >>>>>> Thanks for responding, Rafael. I had intended to link this
>     very same
>      >>>>>> tutorial but then it slipped my mind. :)
>      >>>>>>
>      >>>>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote:
>      >>>>>>> Charles,
>      >>>>>>>
>      >>>>>>>   Recently I followed the "/Keycloak and dagger: Securing your
>      >>>>> services
>      >>>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto
>     is great!
>      >>>>>>>
>      >>>>>>> You don't need to do anything on the Fuse/Camel side. All
>     setup is
>      >>>>> done
>      >>>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service
>     embedded and
>      >>>>>>> all you need to do is install the Apiman oauth2 keycloak
>     plugin and
>      >>>>>>> configure your service policy to use it. The tutorial [1]
>      >>>>> describes each
>      >>>>>>> step in detail.
>      >>>>>>>
>      >>>>>>> [1]
>      >>>>>
>     http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
>      >>>>>
>      >>>>>>>
>      >>>>>>>
>      >>>>>>>
>      >>>>>>>
>      >>>>>>> ________________________
>      >>>>>>> Rafael Torres Coelho Soares
>      >>>>>>>
>      >>>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard
>      >>>>>>> <cmoulliard at redhat.com <mailto:cmoulliard at redhat.com>
>     <mailto:cmoulliard at redhat.com <mailto:cmoulliard at redhat.com>>> wrote:
>      >>>>>>>
>      >>>>>>>     Hi,
>      >>>>>>>
>      >>>>>>>     I have already asked this question but I need some help to
>      >>>>> figure
>      >>>>>>> out
>      >>>>>>>     what are the steps required to setup Oauth 2 with
>     Keycloak as
>      >>>>> I'm
>      >>>>>>>     preparing a demo
>      >>>>>>> (https://github.com/FuseByExample/rest-dsl-in-action)
>      >>>>>>>     covering the point about how to secure & govern Camel
>     REST DSL
>      >>>>>>> endpoints
>      >>>>>>>     on JBoss Fuse using Apiman & Keycloak ?
>      >>>>>>>
>      >>>>>>>     I just need the list of the steps to perform from the
>     Web Site.
>      >>>>>>> Base on
>      >>>>>>>     the input, I will take some screenshots and include the
>      >>>>> instructions
>      >>>>>>>     within the demo content. Such input could be reused to
>     write
>      >>>>> a blog
>      >>>>>>>     article too ;-)
>      >>>>>>>
>      >>>>>>>     Regards,
>      >>>>>>>
>      >>>>>>>     Charles
>      >>>>>>>     _______________________________________________
>      >>>>>>>     Apiman-user mailing list
>      >>>>>>> Apiman-user at lists.jboss.org
>     <mailto:Apiman-user at lists.jboss.org>
>     <mailto:Apiman-user at lists.jboss.org
>     <mailto:Apiman-user at lists.jboss.org>>
>      >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>      >>>>>>>
>      >>>>>>>
>      >>>>>>>
>      >>>>>>>
>      >>>>>>> _______________________________________________
>      >>>>>>> Apiman-user mailing list
>      >>>>>>> Apiman-user at lists.jboss.org
>     <mailto:Apiman-user at lists.jboss.org>
>      >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>      >>>>>
>      >>>>> _______________________________________________
>      >>>>> Apiman-user mailing list
>      >>>>> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>      >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>      >>
>
>


More information about the Apiman-user mailing list