[Apiman-user] APIMAN with Keycloak
Marc Savy
marc.savy at redhat.com
Thu Nov 22 18:25:40 EST 2018
Hi Yasir,
If I understand your query correctly:
Keycloak's JWT tokens have an expiry (i.e. lifetime, often a few minutes).
Even if you log out that session in Keycloak, it might be a few minutes
until the token already issued to the user expires.
There are mechanisms to explicitly revoke/blacklist tokens before the
expiry has been reached, but they are not currently supported by Apiman.
Regards,
Marc
On Wed, 21 Nov 2018 at 13:34, Yasir Zeeshan <yasir.z at 3gca.org> wrote:
> Hi,
>
> I implemented apiman with keycloak, it is working fine with
> <http://192.168.100.211:8081/apimanui/api-manager/admin/plugins/1008>*keycloak
> OAuth policy* and *authorization policy *plugin but if i logout a user
> session from keycloak but it still works on apiman, where it doesn't have
> to give access and show 401.
>
>
> Regards,
>
> Yasir
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20181122/af5965d0/attachment.html
More information about the Apiman-user
mailing list