9:54 a.m.
On 01/09/15 11:57, Marc Savy wrote:
I would suggest you refer to the Keycloak documentation, as there are
several ways to skin this particular cat. For instance, how you decide
to set up your Keycloak configuration is highly dependent upon your
specific requirements; whether you want token grants to be via the
API-only, or an HTTP redirect based approach (see:
https://keycloak.github.io/docs/userguide/html/access-types.html); how
you wish to divide up your application; the level of security you
desire; any identity provision sources...
At any rate, once you have Keycloak going, you would log in and click
on 'create realm' (in my blog demo, that would be
http://localhost:8080/auth/admin/master/console/#/create/realm) -
then, add your client, roles, users, etc.
> I have created a very basic use case :
- realm = demo,
- a user = demo and
- a client = demo where Direct Grants Only = ON and Access Type = Public
but when I issue a request to get the Access Token,
curl -X POST
http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H
"Content-Type: application/x-www-form-urlencoded" -d "username=demo"
-d
'password=demo' -d 'grant_type=password' -d 'client_id=demo'
I get this error -->
{"error_description":"Direct Grant REST API not
enabled","error":"not_enabled"}
Here is the demo.json exported file =
https://gist.github.com/cmoulliard/c25fef751886ace8c354
To make your life simple for demo purposes, I suggest your clients be
'Direct Grants Only' and 'Public'.
I'm not entirely clear from your email whether you want to script
this, or provide walk-through steps, or provide a pre-baked config
(like the blog).
> I would like to include instructions (= step by step instructions) +
screenshots and also a file (= json exported config) for end users not
interested to setup Keycloak
Do you need to use roles and authorization? Or just simple authentication?
Regards,
Marc
On 01/09/2015 06:20, Charles Moulliard wrote:
> This blog refers to a link where we will import a pre-defined config
>
> First, log into the Keycloak server. If you’re following our
> walkthrough, the log-in details are identical to those mentioned earlier
> (admin, admin123!). You can see that there is already an apiman realm
> defined, but we’re going to create a new one, so navigate to Add Realm
> (top right), and import and upload "this demonstration realm definition
> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it
> provides an extremely simple setup where we have:
>
> What I would like to explain how we can create this "stottie" config in
> Keycloak (step by step, screenshots)
>
> On 01/09/15 02:19, Eric Wittmann wrote:
> > +1
> >
> > Thanks for responding, Rafael. I had intended to link this very same
> > tutorial but then it slipped my mind. :)
> >
> > On 8/31/2015 5:48 PM, Rafael Soares wrote:
> >> Charles,
> >>
> >> Recently I followed the "/Keycloak and dagger: Securing your
> services
> >> with OAuth2/" tutorial [1] and it worked fine! This howto is great!
> >>
> >> You don't need to do anything on the Fuse/Camel side. All setup is
> done
> >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and
> >> all you need to do is install the Apiman oauth2 keycloak plugin and
> >> configure your service policy to use it. The tutorial [1]
> describes each
> >> step in detail.
> >>
> >> [1]
> >>
>
http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication...
> >>
> >>
> >>
> >>
> >> ________________________
> >> Rafael Torres Coelho Soares
> >>
> >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard
> >> <cmoulliard(a)redhat.com <mailto:cmoulliard@redhat.com>> wrote:
> >>
> >> Hi,
> >>
> >> I have already asked this question but I need some help to
> figure
> >> out
> >> what are the steps required to setup Oauth 2 with Keycloak as
> I'm
> >> preparing a demo
> >> (https://github.com/FuseByExample/rest-dsl-in-action)
> >> covering the point about how to secure & govern Camel REST DSL
> >> endpoints
> >> on JBoss Fuse using Apiman & Keycloak ?
> >>
> >> I just need the list of the steps to perform from the Web Site.
> >> Base on
> >> the input, I will take some screenshots and include the
> instructions
> >> within the demo content. Such input could be reused to write
> a blog
> >> article too ;-)
> >>
> >> Regards,
> >>
> >> Charles
> >> _______________________________________________
> >> Apiman-user mailing list
> >> Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org>
> >> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Apiman-user mailing list
> >> Apiman-user(a)lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>