[Apiman-user] external Keycloak server

enrico lists at comiti.name
Fri Jan 29 08:31:22 EST 2016 

Hi, no problem at all...
It is only for a local test environment.

The Apiman and the Keycloak instances are separated but in the same
host "apigateway".
Apiman runs on port 8080, Keycloak on 32000.

Hope this helps.

Enrico


On Fri, Jan 29, 2016 at 2:16 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
> Any chance you can share your full realm file?  Perhaps with any secrets
> redacted.  :)
>
> -Eric
>
>
> On 1/29/2016 4:11 AM, enrico wrote:
>>
>> Hi Guy,
>> thank you very much, it works!
>>
>> For anyone with the same problem, this is my realm.json client definition:
>>
>>      "applications" : [
>>          {
>>              "name" : "apiman",
>>              "enabled" : true,
>>              "directGrantsOnly" : true,
>>              "standardFlowEnabled": true,
>>              "baseUrl" : "http://apigateway:8080/",
>>              "redirectUris" : [
>>                  "http://apigateway:8080/apimanui/*",
>>                  "http://apigateway:8080/apiman-gateway-api/*",
>>                  "http://apigateway:8080/apiman-es/*",
>>                  "http://apigateway:8080/apiman/*"
>>              ],
>>              "secret" : "password"
>>          }
>>      ]
>>
>> Thanks a lot again.
>>
>> Cheers,
>> Enrico
>>
>> On Thu, Jan 28, 2016 at 10:02 PM, Guy Davis <guydavis.ca at gmail.com> wrote:
>>>
>>> Hi Enrico,
>>>
>>> I just made the move to Apiman 1.2.1 (running on port 8081) and Keycloak
>>> 1.7.0 (running on port 8080), both behind an HAProxy instance.  I've
>>> attached the section of my standalone-apiman.xml that worked for me.
>>>
>>> Note, I'm not using the default 'apiman' realm as I am securing a number
>>> of
>>> other web apps with Keycloak.  So I have 'MyRealm' with Keycloak client
>>> of
>>> 'apiman', which is set for:
>>>
>>> Client-protocol: openid-connect
>>> Access Type: confidential
>>> Direct Access Grants Enabled: ON
>>> Valid redirect URIs:
>>>
>>> /apimanui/*
>>> /apiman-gateway-api/*
>>> /apiman-es/*
>>> /apiman/*
>>>
>>> In that KC client, I have 3 realm roles for this:
>>>
>>> apipublisher
>>> apiadmin
>>> apiuser
>>>
>>> I had tried to keep these roles to just the KC client 'apiman', but it
>>> wouldn't allow me to login to /apimanui unless the roles were realm-wide.
>>> I'm going to try client-specific roles again now that apiman is 1.2.1.
>>> I'm
>>> using Postgres and ElasticSearch for storage, on other VMs.
>>>
>>> This was enough to let me login and view /apimanui when I had those roles
>>> for my Keycloak user.
>>>
>>> Hope this helps,
>>> Guy
>>>
>>> On Thu, Jan 28, 2016 at 1:08 AM, enrico <lists at comiti.name> wrote:
>>>>
>>>>
>>>> Hi all,
>>>> thanks for the responses.
>>>>
>>>> @Mark: yes, I know that is a release candidate but looks like the
>>>> final version is near and, being on a new project, I wanted start with
>>>> the very last versions :)
>>>>
>>>> A part from this, I have tried with 1.7.0.Final too, but I have the
>>>> same problem:
>>>>
>>>> User gets a "Forbidden" page and Keycloak server logs say:
>>>>
>>>> WARN  [org.keycloak.events]:
>>>> type=CODE_TO_TOKEN_ERROR,
>>>> realmId=352d562a-f3e5-4b7a-99ad-4331cdfdf085, clientId=apimanui,
>>>> userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials,
>>>> grant_type=authorization_code
>>>>
>>>> Thanks a lot for the help, best regards,
>>>> Enrico
>>>>
>>>>
>>>> On Wed, Jan 27, 2016 at 5:49 PM, Marc Savy <marc.savy at redhat.com> wrote:
>>>>>
>>>>> Hi Enrico,
>>>>>
>>>>> We haven't tested with Keycloak 1.8, as this is only a candidate
>>>>> release
>>>>> at the moment (CR == RC).
>>>>>
>>>>> I can give it a try, though and will report back.
>>>>>
>>>>> Regards,
>>>>> Marc
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Enrico Comiti
>>>> _______________________________________________
>>>> Apiman-user mailing list
>>>> Apiman-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>
>>>
>>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apiman-realm.json
Type: application/json
Size: 3596 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/apiman-user/attachments/20160129/1957e982/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apiman-keycloak-subsystem.xml
Type: text/xml
Size: 2952 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/apiman-user/attachments/20160129/1957e982/attachment-0001.xml

More information about the Apiman-user mailing list