Re: [Apiman-user] external Keycloak server

Hi Enrico, I just made the move to Apiman 1.2.1 (running on port 8081) and Keycloak 1.7.0 (running on port 8080), both behind an HAProxy instance. I've attached the section of my standalone-apiman.xml that worked for me. Note, I'm *not* using the default 'apiman' realm as I am securing a number of other web apps with Keycloak. So I have 'MyRealm' with Keycloak client of 'apiman', which is set for: - Client-protocol: openid-connect - Access Type: confidential - Direct Access Grants Enabled: ON - Valid redirect URIs: - /apimanui/* - /apiman-gateway-api/* - /apiman-es/* - /apiman/* In that KC client, I have 3 realm roles for this: - apipublisher - apiadmin - apiuser I had tried to keep these roles to just the KC client 'apiman', but it wouldn't allow me to login to /apimanui unless the roles were realm-wide. I'm going to try client-specific roles again now that apiman is 1.2.1. I'm using Postgres and ElasticSearch for storage, on other VMs. This was enough to let me login and view /apimanui when I had those roles for my Keycloak user. Hope this helps, Guy On Thu, Jan 28, 2016 at 1:08 AM, enrico <lists(a)comiti.name&gt; wrote: