apiman suitable for managing end users?
by Tim Dudgeon
Hi
I've been looking into apiman and like what I see, but have a conceptual
question about its usage.
I need something to manage the end users of my applications, not just
the people who are developing and managing those applications. Is apiman
suitable for this? e.g. each actual user of the applications would
register to apiman and use their own access keys. I need this as I will
want to handle metrics and usage on the level of the individual user.
Also, if this was to be a sensible approach how does one configure the
registration process. I understand apiman is using keycloak for this,
but I see no link in the UI to configure keycloak. And I would need a
way that new users could automatically be assigned to an organisation
(e.g. a default organisation, or a specific one based on their email
address).
Tim
8 years, 6 months
HTTP Methods
by Fadi Abdin
Hey Eric / Marc,
Everything going good so far with the CORS fix but guessing there is
something still, or maybe i'm doing something wrong ( it always happened to
me ).
I have setup my CORS Policy in API Man and included
"Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT".
But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS
verb." on ANY service that is not GET.
OPTIONS Header :
1. Remote Address:
172.26.209.66:443
2. Request URL:
https://dev-internal-api.expdev.local/apiman-gateway/express/integration/...
3. Request Method:
OPTIONS
4. Status Code:
200 OK
1. Response Headersview source
1. Access-Control-Allow-Headers:
Accept, Authorization, Head
2. Access-Control-Allow-Methods:
OPTIONS, GET, POST, DELETE, PUT
3. Access-Control-Allow-Origin:
http://localhost:8383
4. Access-Control-Max-Age:
0
5. Connection:
keep-alive
6. Date:
Thu, 27 Aug 2015 18:44:39 GMT
7. Server:
WildFly/8
8. Transfer-Encoding:
chunked
9. X-Powered-By:
Undertow/1
2. Request Headersview source
1. Accept:
*/*
2. Accept-Encoding:
gzip, deflate, sdch
3. Accept-Language:
en-US,en;q=0.8,ar;q=0.6
4. Access-Control-Request-Headers:
accept, authorization
5. Access-Control-Request-Method:
POST
6. Cache-Control:
no-cache
7. Connection:
keep-alive
8. Host:
dev-internal-api.expdev.local
9. Origin:
http://localhost:8383
10. Pragma:
no-cache
11. Referer:
http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s...
POST HEADER
1. Remote Address:
172.26.209.66:443
2. Request URL:
https://dev-internal-api.expdev.local/apiman-gateway/express/integration/...
3. Request Method:
POST
4. Status Code:
403 Forbidden
1. Response Headersview source
1. Access-Control-Allow-Origin:
http://localhost:8383
2. Connection:
keep-alive
3. Content-Length:
195
4. Content-Type:
application/json
5. Date:
Thu, 27 Aug 2015 18:44:39 GMT
6. Server:
WildFly/8
7. X-Policy-Failure-Code:
400
8. X-Policy-Failure-Message:
CORS: Invalid preflight request; must use OPTIONS verb.
9. X-Policy-Failure-Type:
Authorization
10. X-Powered-By:
Undertow/1
2. Request Headersview source
1. Accept:
application/json, text/plain, */*
2. Accept-Encoding:
gzip, deflate
3. Accept-Language:
en-US,en;q=0.8,ar;q=0.6
4. Authorization:
Bearer
eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ
5. Cache-Control:
no-cache
6. Connection:
keep-alive
7. Content-Length:
0
8. Host:
dev-internal-api.expdev.local
9. Origin:
http://localhost:8383
10. Pragma:
no-cache
11.
12.
8 years, 7 months
Apiman & Keycloak
by Charles Moulliard
Hi,
I have already asked this question but I need some help to figure out
what are the steps required to setup Oauth 2 with Keycloak as I'm
preparing a demo (https://github.com/FuseByExample/rest-dsl-in-action)
covering the point about how to secure & govern Camel REST DSL endpoints
on JBoss Fuse using Apiman & Keycloak ?
I just need the list of the steps to perform from the Web Site. Base on
the input, I will take some screenshots and include the instructions
within the demo content. Such input could be reused to write a blog
article too ;-)
Regards,
Charles
8 years, 7 months
Help with ApiMan oAuth2 plugin tutorial
by Rafael Soares
Hello all!
I'm trying to follow the tutorial for the oAuth2 plugin [1] but I had some
issues.
The authentication policy worked fine! After adding the second policy
(Authorization) I get the following response error
HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 238
Content-Type: application/json
Date: Tue, 25 Aug 2015 21:12:31 GMT
Server: WildFly/8
X-Policy-Failure-Code: 10010
X-Policy-Failure-Message: No roles have been extracted during
authentication. Make sure the authorization policy comes *after* a
compatible authentication policy in your configuration.
X-Policy-Failure-Type: Other
X-Powered-By: Undertow/1
{
"failureCode": 10010,
"headers": {},
"message": *"No roles have been extracted during authentication. Make
sure the authorization policy comes *after* a compatible authentication
policy in your configuration.*",
"responseCode": 0,
"type": "Other"
}
but my JWT access_token appears to be right. I mean, I can see the roles in
it. See my access_toke decoded:
{
"preferred_username": "rincewind",
"name": "",
"resource_access": {
"account": {
"roles": [
"manage-account",
"view-profile"
]
}
},
"*realm_access": {
*
* "roles": [
*
* "echomeister"*
* ]
*
* }*,
"allowed-origins": [],
"client_session": "b25536e6-4331-46fd-afe1-b0adf766b533",
"session_state": "213e75e1-bf8b-4f0c-808e-683fb3a4c1de",
"jti": "43c59d9a-b659-4708-a1da-968ea23004d7",
"exp": 1440536956,
"nbf": 0,
"iat": 1440536656,
"iss": "http://127.0.0.1:8080/auth/realms/stottie",
"aud": "apiman",
"sub": "de4af322-85b2-4dbe-8d53-6a2ee29e4080",
"azp": "apiman"
}
As you can see the "*echomeister*" realm_role is there...
What this response message means?
[1]
http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication...
________________________
Rafael Torres Coelho Soares
8 years, 8 months
PKI Compatibility
by Brooks Isoldi
Hi all,
Does APIMan have the ability to validate inbound HTTPS requests
with custom signed certificates to consume a service via a PKI service?
So...a network where all internal traffic is encrypted with SSL,
signed via an internal PKI service. The request to APIMan to consume
the service would be via HTTPS and I am hoping APIMan can:
- Validate the request based on the certificate and PKI service
- Validate the request based on the rate limiting rules
- Consume the service or reject the request accordingly
Thanks!
--
Brooks Isoldi, Software Developer
Traversed
7164 Columbia Gateway Drive, Suite 120A
Columbia, MD 21046
8 years, 8 months
Announce: Release 1.1.7.Final
by Eric Wittmann
Hi everyone.
From now on we're only going to be fixing bugs in the 1.1.x line of
apiman. To that end, a new release just went out today (1.1.7.Final):
http://www.apiman.io/latest/
All feature work going forward will be put on the 1.2.x line. How many
more 1.1.x releases will there be? Great question! I guess that
depends on how many bugs we find! Get some eyeballs on there and let's
shake them all out.
-Eric
8 years, 8 months
Plugins
by Fadi Abdin
I have setup the DEV server with 1.1.7-SNAPSHOT. but for some reason , i
can not install plugins on apimanui .
Before mvn clean install , i cleaned up my .m2 folder then built the apiman
and the apiman-plugns , then got everything configured and started it ,
everything seems to be working fine but when installing the plugins i get
404 .. here are snapshots
Any idea what should i do ??
8 years, 8 months
Re: [Apiman-user] CORS
by Eric Wittmann
What database are you using? The default h2 database? If you're going
into production with apiman I would not recommend using h2. I'm
currently working on a "apiman in production" guide that should be
available this week.
Ultimately it's likely going to be rather challenging to migrate
existing data from older versions to newer ones until we support such a
feature directly in apiman.
Also note - version 1.1.7.Final should get released next week I think -
so you may be able to wait for that rather than build everything
yourself from scratch.
-Eric
On 8/19/2015 2:05 PM, Fadi Abdin wrote:
> Yup , that was it .. Thanks for your help Marc ... ..
>
> I think i'm good now. But i still need an advice.
>
> I need to get everything to work on our DEV and QA environments and
> since the fix is on 1.1.7-SNAPSHOT , i will need to do the same on the
> environments. and then later i need to upgrade to the new version.
>
> Now, the servers got 1.1.3-Final, and everything configured .
>
> What would you do ? its a lot of re-work since there is no import export
> , and also a lot of work for the developers if they going to change
> their code to update their keys and service endpoints.
>
>
8 years, 8 months