5:58 a.m.
I've updated the realm definition. As previously indicated, it seems to
work fine with the version of KC that ships with our quickstart set-ups,
in addition to 'fixing' newer ones.
Paul: if you could try it out that'd be great. It's a tiny change, but
it's one of those areas that could have more impact that initially
anticipated :-).
Check out the PR here - https://github.com/apiman/apiman/pull/318
On 06/01/2016 09:52, Marc Savy wrote:
I presume you're still using the newer version of Keycloak than
our
quickstarts ship with? If you recall, I mentioned you needed to enable
direct grants for the apiman-gateway-api client on newer KCs.
We're going to be moving to a newer version of Keycloak fairly soon, but
perhaps we can document that quirk in the meanwhile. However, I think we
could add the direct grants to our sample realm definition, and it
shouldn't break. I'll test it out now.
On 05/01/2016 22:53, Paul Blair wrote:
> Today I've been having a lot of trouble creating a gateway. When I put
> in the gateway name, description, configuration endpoint and
> configuration endpoint credentials, I kept getting "Authentication to
> the gateway failed. Perhaps check that your credentials are correct." I
> was able to log in to Keycloak using the apimanager credentials, so I
> know they are correct.
>
> In the Keycloak log I see:
>
> WARN [org.keycloak.events] type=LOGIN_ERROR, realmId=apiman,
> clientId=apiman-gateway-api, *userId=null*, ipAddress=[x.x.x.x],
> error=not_allowed, grant_type=password,
> auth_method=oauth_credentials, client_auth_method=client-secret
>
>
> I couldn't figure out why the userId should be null. The apimanager user
> has the apipublisher role, the apiman-gateway-api client has the proper
> valid redirect URI and uses the openid-connect protocol with a
> confidential access type, and the application configurations are using
> the correct client secret.
>
> I was finally able to fix the issue by enabling direct access grants on
> the apiman-gateway-api client. Should this be part of the default
> configuration for apiman-gateway-api in the apiman-realm.json, file, or
> is there something I'm misssing?
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user