[Apiman-user] external Keycloak server

enrico lists at comiti.name
Fri Jan 29 04:11:04 EST 2016 

Hi Guy,
thank you very much, it works!

For anyone with the same problem, this is my realm.json client definition:

    "applications" : [
        {
            "name" : "apiman",
            "enabled" : true,
            "directGrantsOnly" : true,
            "standardFlowEnabled": true,
            "baseUrl" : "http://apigateway:8080/",
            "redirectUris" : [
                "http://apigateway:8080/apimanui/*",
                "http://apigateway:8080/apiman-gateway-api/*",
                "http://apigateway:8080/apiman-es/*",
                "http://apigateway:8080/apiman/*"
            ],
            "secret" : "password"
        }
    ]

Thanks a lot again.

Cheers,
Enrico

On Thu, Jan 28, 2016 at 10:02 PM, Guy Davis <guydavis.ca at gmail.com> wrote:
> Hi Enrico,
>
> I just made the move to Apiman 1.2.1 (running on port 8081) and Keycloak
> 1.7.0 (running on port 8080), both behind an HAProxy instance.  I've
> attached the section of my standalone-apiman.xml that worked for me.
>
> Note, I'm not using the default 'apiman' realm as I am securing a number of
> other web apps with Keycloak.  So I have 'MyRealm' with Keycloak client of
> 'apiman', which is set for:
>
> Client-protocol: openid-connect
> Access Type: confidential
> Direct Access Grants Enabled: ON
> Valid redirect URIs:
>
> /apimanui/*
> /apiman-gateway-api/*
> /apiman-es/*
> /apiman/*
>
> In that KC client, I have 3 realm roles for this:
>
> apipublisher
> apiadmin
> apiuser
>
> I had tried to keep these roles to just the KC client 'apiman', but it
> wouldn't allow me to login to /apimanui unless the roles were realm-wide.
> I'm going to try client-specific roles again now that apiman is 1.2.1.  I'm
> using Postgres and ElasticSearch for storage, on other VMs.
>
> This was enough to let me login and view /apimanui when I had those roles
> for my Keycloak user.
>
> Hope this helps,
> Guy
>
> On Thu, Jan 28, 2016 at 1:08 AM, enrico <lists at comiti.name> wrote:
>>
>> Hi all,
>> thanks for the responses.
>>
>> @Mark: yes, I know that is a release candidate but looks like the
>> final version is near and, being on a new project, I wanted start with
>> the very last versions :)
>>
>> A part from this, I have tried with 1.7.0.Final too, but I have the
>> same problem:
>>
>> User gets a "Forbidden" page and Keycloak server logs say:
>>
>> WARN  [org.keycloak.events]:
>> type=CODE_TO_TOKEN_ERROR,
>> realmId=352d562a-f3e5-4b7a-99ad-4331cdfdf085, clientId=apimanui,
>> userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials,
>> grant_type=authorization_code
>>
>> Thanks a lot for the help, best regards,
>> Enrico
>>
>>
>> On Wed, Jan 27, 2016 at 5:49 PM, Marc Savy <marc.savy at redhat.com> wrote:
>> > Hi Enrico,
>> >
>> > We haven't tested with Keycloak 1.8, as this is only a candidate release
>> > at the moment (CR == RC).
>> >
>> > I can give it a try, though and will report back.
>> >
>> > Regards,
>> > Marc
>> >
>>
>>
>>
>> --
>> Enrico Comiti
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>

More information about the Apiman-user mailing list