[Apiman-user] Should the apiman-gateway-api client have direct access grants enabled?
Paul Blair
pblair at clearme.com
Tue Jan 5 17:53:55 EST 2016
Today I've been having a lot of trouble creating a gateway. When I put in the gateway name, description, configuration endpoint and configuration endpoint credentials, I kept getting "Authentication to the gateway failed. Perhaps check that your credentials are correct." I was able to log in to Keycloak using the apimanager credentials, so I know they are correct.
In the Keycloak log I see:
WARN [org.keycloak.events] type=LOGIN_ERROR, realmId=apiman, clientId=apiman-gateway-api, userId=null, ipAddress=[x.x.x.x], error=not_allowed, grant_type=password, auth_method=oauth_credentials, client_auth_method=client-secret
I couldn't figure out why the userId should be null. The apimanager user has the apipublisher role, the apiman-gateway-api client has the proper valid redirect URI and uses the openid-connect protocol with a confidential access type, and the application configurations are using the correct client secret.
I was finally able to fix the issue by enabling direct access grants on the apiman-gateway-api client. Should this be part of the default configuration for apiman-gateway-api in the apiman-realm.json, file, or is there something I'm misssing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20160105/d0bbe90e/attachment-0001.html
More information about the Apiman-user
mailing list