<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Thanks. That's the trick!<br>
<br>
<div class="moz-cite-prefix">On 12/10/2015 12:52, Fadi Abdin wrote:<br>
</div>
<blockquote
cite="mid:CABXXV0Qxv6Xu0djktFbWt8ytjnbM_yS5SObkzf8=3X6wVkWP6A@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Tim,
<div><br>
</div>
<div>Check the Realm in <span
style="color:rgb(51,51,51);font-family:'Open
Sans',Helvetica,Arial,sans-serif;font-size:16px;line-height:1.1">Keycloak
OAuth Policy Configuration page it should match the one in
the token. </span></div>
<div><span style="color:rgb(51,51,51);font-family:'Open
Sans',Helvetica,Arial,sans-serif;font-size:16px;line-height:1.1"><br>
</span></div>
<div><span style="color:rgb(51,51,51);font-family:'Open
Sans',Helvetica,Arial,sans-serif;font-size:16px;line-height:1.1">i
hope this help. </span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 12, 2015 at 7:43 AM, Tim
Dudgeon <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:tdudgeon.ml@gmail.com" target="_blank">tdudgeon.ml@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I've been following this blog on using the OAuth policy:<br>
<a moz-do-not-send="true"
href="http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"
rel="noreferrer" target="_blank">http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html</a><br>
<br>
When I do this with Apiman running in a Docker container<br>
(jboss/apiman-wildfly from Dockerhub) I'm getting an error
when I try to<br>
access the echo service:<br>
<br>
$ curl -k -H "Authorization: Bearer
eyJhbGciO...<snip>" -s<br>
<a moz-do-not-send="true"
href="https://192.168.59.103:8443/apiman-gateway/Newcastle/EchoService/1.0"
rel="noreferrer" target="_blank">https://192.168.59.103:8443/apiman-gateway/Newcastle/EchoService/1.0</a>
| jq<br>
{<br>
"type": "Authentication",<br>
"failureCode": 11004,<br>
"responseCode": 401,<br>
"message": "Token audience doesn't match domain. Token
issuer is<br>
<a moz-do-not-send="true"
href="http://192.168.59.103:8080/auth/realms/stottie"
rel="noreferrer" target="_blank">http://192.168.59.103:8080/auth/realms/stottie</a>,
but URL from<br>
configuration is <a moz-do-not-send="true"
href="http://127.0.0.1:8080/auth/realms/stottie"
rel="noreferrer" target="_blank">http://127.0.0.1:8080/auth/realms/stottie</a>",<br>
"headers": {}<br>
}<br>
$<br>
<br>
(192.168.59.103 is the IP address of the Docker host running
in<br>
Boot2Docker).<br>
Any ideas where the wrong "URL from configuration" part is
coming from?<br>
<br>
Tim<br>
_______________________________________________<br>
Apiman-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:Apiman-user@lists.jboss.org">Apiman-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/apiman-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>