Hi Tim, 

Check the Realm in Keycloak OAuth Policy Configuration page it should match the one in the token. 

i hope this help. 

On Mon, Oct 12, 2015 at 7:43 AM, Tim Dudgeon <tdudgeon.ml@gmail.com> wrote:

Hi,

I've been following this blog on using the OAuth policy:
http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html

When I do this with Apiman running in a Docker container
(jboss/apiman-wildfly from Dockerhub) I'm getting an error when I try to
access the echo service:

$ curl -k -H "Authorization: Bearer eyJhbGciO...<snip>" -s
https://192.168.59.103:8443/apiman-gateway/Newcastle/EchoService/1.0 | jq
{
   "type": "Authentication",
   "failureCode": 11004,
   "responseCode": 401,
   "message": "Token audience doesn't match domain. Token issuer is
http://192.168.59.103:8080/auth/realms/stottie, but URL from
configuration is http://127.0.0.1:8080/auth/realms/stottie",
   "headers": {}
}
$

(192.168.59.103 is the IP address of the Docker host running in
Boot2Docker).
Any ideas where the wrong "URL from configuration" part is coming from?

Tim
_______________________________________________
Apiman-user mailing list
Apiman-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user