[Apiman-user] apiman using external keycloak and elasticsearch

jazz at sqmail.me jazz at sqmail.me
Thu Mar 31 02:54:55 EDT 2016 

I hit 'sent' too fast:

My experience so far with apiman, it works great, but the modularity
could be improved:
1. Option to disable elasticsearch
2. Don't include keycloak in overlay
3. use cli files (like keycloak-install.cli) --> keycloak install  
works like this, remove apiman-ds.xml files for the datasource

I have on question: the standalone-apiman.xml file contains  
security-realms for each war. How do I know which credential secret is  
used for that particular war? It is not set in web.xml?

Regards, Bart

  <subsystem xmlns="urn:jboss:domain:keycloak:1.1">
           <realm name="apiman">
              
<realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB</realm-public-key>
             <auth-server-url>/auth</auth-server-url>
             <ssl-required>none</ssl-required>
             <enable-cors>false</enable-cors>
             <principal-attribute>preferred_username</principal-attribute>
           </realm>
           <secure-deployment name="apiman.war">
             <realm>apiman</realm>
             <resource>apiman</resource>
             <credential  
name="secret">5af5458f-0a96-4251-8f92-08ebcc3a8aa2</credential>
             <disable-trust-manager>true</disable-trust-manager>
             <bearer-only>true</bearer-only>
             <enable-basic-auth>true</enable-basic-auth>
           </secure-deployment>
           <secure-deployment name="apimanui.war">
             <realm>apiman</realm>
             <resource>apimanui</resource>
             <credential  
name="secret">722557fd-a725-4cc0-9dff-7d09c0c47038</credential>
             <disable-trust-manager>true</disable-trust-manager>
             <public-client>true</public-client>
           </secure-deployment>
           <secure-deployment name="apiman-gateway-api.war">
             <realm>apiman</realm>
             <resource>apiman-gateway-api</resource>
             <credential  
name="secret">217b725d-7790-47a7-a3fc-5cf31f92a8db</credential>
             <disable-trust-manager>true</disable-trust-manager>
             <bearer-only>true</bearer-only>
             <enable-basic-auth>true</enable-basic-auth>
           </secure-deployment>
         </subsystem>

More information about the Apiman-user mailing list