[Apiman-user] Replacing Keycloak
Eric Wittmann
eric.wittmann at redhat.com
Mon Jan 25 15:36:33 EST 2016
Hi Amit.
To be clear, you are trying to replace Keycloak as the authentication
mechanism for logging into the apiman UI, correct?
I can't say I know how to configure a web application to use
pingfederate for authenticaiton (never done that before). But I can
tell you that it's likely that you will not be able to use the settings
in standalone-apiman.xml because those are configuration settings for
the keycloak auth client adapter. The client adapter is the keycloak
specific client that handles authentication redirects to the auth
server. I *assume* this adapter is keycloak-specific.
In order to get pingfederate working I must assume that they
(pingfederate) have some documentation for how to configure a java web
application for authentication. Sadly their documentation server seems
to be broken at the moment.
I'll warn you that, while I'm sure using pingfederate is *possible*, it
is probably not trivial. You may need to contribute some code to apiman
in order to enable support in the UI, for example. If hacking some code
is not a daunting prospect then I'd be happy to help point you in the
direction of all the authentication touch points...
-Eric
On 1/25/2016 3:18 PM, Amit Joshi wrote:
> Hello,
>
> I have the following setup:
>
> Ping server -> external https url (something like
> https://pingfederate.mydomain.com) – through an apache reverse proxy.
> Real server is pingfederate001.internal.com.
>
> APIman -> external https url (something like
> https://apiman.mydomain.com) through ab apache reverse proxy. Real
> server is apiman001.internal.com.
>
> I am trying to replace keycloak with ping federate in APIMan. I have
>
> -Disabled the integrated Keycloak.
>
> -Changed the
> <kc:auth-server-url>https://pingfederate.mydomain.com/as/token.oauth2</kc:auth-server-url
> <https://pingfederate.mydomain.com/as/token.oauth2%3c/kc:auth-server-url>>
>
> However, when I access I see the following as the redirect – which is
> clearly wrong:
>
> https://pingfederate.mydomain.com/as/token.oauth2/relams/apiman/protocol/openid_connect/auth?
>
> with the following parameters:
>
> response_type=code
>
> client_id=apimanui
>
> redirect_uri=http://apiman001.internal.com
>
> I looked the code for the keycloak plugin but can’t seem to see where
> the redirect is generated or set. I assume it is some additional
> properties or settings that I have to do or change code for so I can
> generate a Ping friendly redirect url etc.
>
> Appreciate any help or any pointers.
>
> Regards,
>
> Amit Joshi
>
>
> ------------------------------------------------------------------------
>
> This e-mail, including accompanying communications and attachments, is
> strictly confidential and only for the intended recipient. Any
> retention, use or disclosure not expressly authorised by Markit is
> prohibited. This email is subject to all waivers and other terms at the
> following link: http://www.markit.com/en/about/legal/email-disclaimer.page
>
> Please visit http://www.markit.com/en/about/contact/contact-us.page for
> contact information on our offices worldwide.
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
More information about the Apiman-user
mailing list