7:16 a.m.
Any chance you can share your full realm file? Perhaps with any secrets
redacted. :)
-Eric
On 1/29/2016 4:11 AM, enrico wrote:
Hi Guy,
thank you very much, it works!
For anyone with the same problem, this is my realm.json client definition:
"applications" : [
{
"name" : "apiman",
"enabled" : true,
"directGrantsOnly" : true,
"standardFlowEnabled": true,
"baseUrl" : "http://apigateway:8080/",
"redirectUris" : [
"http://apigateway:8080/apimanui/*",
"http://apigateway:8080/apiman-gateway-api/*",
"http://apigateway:8080/apiman-es/*",
"http://apigateway:8080/apiman/*"
],
"secret" : "password"
}
]
Thanks a lot again.
Cheers,
Enrico
On Thu, Jan 28, 2016 at 10:02 PM, Guy Davis <guydavis.ca(a)gmail.com> wrote:
> Hi Enrico,
>
> I just made the move to Apiman 1.2.1 (running on port 8081) and Keycloak
> 1.7.0 (running on port 8080), both behind an HAProxy instance. I've
> attached the section of my standalone-apiman.xml that worked for me.
>
> Note, I'm not using the default 'apiman' realm as I am securing a number
of
> other web apps with Keycloak. So I have 'MyRealm' with Keycloak client of
> 'apiman', which is set for:
>
> Client-protocol: openid-connect
> Access Type: confidential
> Direct Access Grants Enabled: ON
> Valid redirect URIs:
>
> /apimanui/*
> /apiman-gateway-api/*
> /apiman-es/*
> /apiman/*
>
> In that KC client, I have 3 realm roles for this:
>
> apipublisher
> apiadmin
> apiuser
>
> I had tried to keep these roles to just the KC client 'apiman', but it
> wouldn't allow me to login to /apimanui unless the roles were realm-wide.
> I'm going to try client-specific roles again now that apiman is 1.2.1. I'm
> using Postgres and ElasticSearch for storage, on other VMs.
>
> This was enough to let me login and view /apimanui when I had those roles
> for my Keycloak user.
>
> Hope this helps,
> Guy
>
> On Thu, Jan 28, 2016 at 1:08 AM, enrico <lists(a)comiti.name> wrote:
>>
>> Hi all,
>> thanks for the responses.
>>
>> @Mark: yes, I know that is a release candidate but looks like the
>> final version is near and, being on a new project, I wanted start with
>> the very last versions :)
>>
>> A part from this, I have tried with 1.7.0.Final too, but I have the
>> same problem:
>>
>> User gets a "Forbidden" page and Keycloak server logs say:
>>
>> WARN [org.keycloak.events]:
>> type=CODE_TO_TOKEN_ERROR,
>> realmId=352d562a-f3e5-4b7a-99ad-4331cdfdf085, clientId=apimanui,
>> userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials,
>> grant_type=authorization_code
>>
>> Thanks a lot for the help, best regards,
>> Enrico
>>
>>
>> On Wed, Jan 27, 2016 at 5:49 PM, Marc Savy <marc.savy(a)redhat.com> wrote:
>>> Hi Enrico,
>>>
>>> We haven't tested with Keycloak 1.8, as this is only a candidate release
>>> at the moment (CR == RC).
>>>
>>> I can give it a try, though and will report back.
>>>
>>> Regards,
>>> Marc
>>>
>>
>>
>>
>> --
>> Enrico Comiti
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user