How to Define a Service with Path Parameters – like /porfolio/{id} ?
by CAI
My backend system provide REST APIs like /porfolio/{id}, how can I define a service proxying request to such APIs with path parameter? After I filled in Service Name with “/porfolio/{id}” and configured application, I can only access through “/backend/porfolioid/”.
I tried searching documents of APIMan but couldn’t find a solution. Thanks for your help.
Best regards,
Kelvin Cai
9 years, 2 months
Dockerised environment github project
by Tim Dudgeon
Hi all,
I've been working on a fully Dockerised implementation for apiman, with
all key parts running as separate Docker containers, with the view to
generating a setup that is suitable for production use.
Its very much work in progress at present and a long way off being
suitable for production use, but if anyone is interested in taking a
look and providing feedback then that would be great. You can find it on
github here:
https://github.com/tdudgeon/apiman-site
Thanks to all on this list and the keycloak list in helping me get this far.
Tim
9 years, 2 months
applications without plans?
by Tim Dudgeon
I'm wanting to do something that may not be possible :-)
I have a service that I want to offer to multiple organisations.
I want the users of each organisation to authenticate according to the
needs or that organisation (e.g. against their own LDAP server).
I do not want to have to handle API keys as I have lots of organisations
and lots of services and lots of versions of those services, so think
managing those keys will fast become a nightmare. I am happy to use the
service as a public service, as long as the user is authenticated and
authorized.
e.g. I think what I want to do is create an application in each
organisation with a policy that does the authentication, and use a
public service that does the authorization based on expected role
granted to the user.
But the only way I can see to do this is to use plans, which involve the
need for API keys.
Any ways to do this?
Tim
9 years, 2 months
apiman suitable for managing end users?
by Tim Dudgeon
Hi
I've been looking into apiman and like what I see, but have a conceptual
question about its usage.
I need something to manage the end users of my applications, not just
the people who are developing and managing those applications. Is apiman
suitable for this? e.g. each actual user of the applications would
register to apiman and use their own access keys. I need this as I will
want to handle metrics and usage on the level of the individual user.
Also, if this was to be a sensible approach how does one configure the
registration process. I understand apiman is using keycloak for this,
but I see no link in the UI to configure keycloak. And I would need a
way that new users could automatically be assigned to an organisation
(e.g. a default organisation, or a specific one based on their email
address).
Tim
9 years, 2 months
service not being published to gateway after restart?
by Tim Dudgeon
I'm hitting a problem where I'm running apiman in a docker container.
When I first set up a public service it runs fine.
But when I restart the container the service definition is still there,
but the gateway does not respond to requests for the service. If I
create a new version of the service and publish it then it works fine.
Seems like the service definition is not being published to the gateway
after a restart?
I've tried it with the basic Docker container similar to
jboss/apiman-wildfly on Dockerhub and it seems OK with that, so it looks
like its something I've done to cause this, but I don't see any errors
and don't know where to look to try to fix it.
Any ideas what's wrong?
This is with version 1.1.8.Final.
Tim
9 years, 2 months
problems adding users
by Tim Dudgeon
I'm having difficulty adding users to an organisation.
I add the user to the apiman realm in keycloak, but that new user is not
recognised in the list that apiman presents when adding a member to an
organisation.
I think the new user has had the same roles added (including
realm-management) as the admin user.
In one case I did get one new user recognised after a server restart,
but even that doesn't seem to work consistently.
Also noticed that if I change the email of the admin user in keycloak
that change is not reflected in apiman.
I've tried turning off the user cache in keycloak for the realm (using
the UI), but that makes no difference.
I'm using a standalone keycloak server, but suspect that makes no
difference.
Is there some additional caching going on here?
Tim
9 years, 2 months
Invalid token signature
by Tim Dudgeon
Hi, I'm trying to access a service though an application and plan, using
OAuth authentication at the application level and authorization at the
service level (requiring a role assigned to the user during authentication).
I thought I had it all set up correctly, but am getting an Invalid token
signature error.
I generate access token like this:
$ curl -X POST
http://192.168.59.103:8080/auth/realms/Organization1/protocol/openid-conn...
-H "Content-Type: application/x-www-form-urlencoded" -d 'username=user1'
-d 'password=user1' -d 'grant_type=password' -d 'client_id=app1' -s | jq
-r '.access_token'
and get an access token like this:
eyJhb<snip>
Then try to access the service like this:
$ curl -k -H "Authorization: Bearer eyJhb<snip>" -H "X-API-Key:
bb9eb966-<snip>" -s
https://192.168.59.103:8443/apiman-gateway/Organization2/echo/1.5/
And I get this error:
{"type":"Authentication","failureCode":11004,"responseCode":401,"message":"Invalid
token signature.","headers":{}}
Any ideas what the Invalid token signature error relates to?
Thanks
Tim
9 years, 2 months
