9:28 a.m.
Thanks for the feedback. I agree that we can definitely improve the
modularity to better help people get set up in production. Perhaps some
additional distributions that do not include all of the components.
That's actually what we're going to be doing when we turn apiman into a
Red Hat product (three separate ZIP distribuations: all-in-one,
gateway, manager).
As for your question - the secret that goes into standalone-apiman.xml
actually comes from Keycloak. When you create/configure the apiman
clients in the apiman keycloak realm, if you mark them as "confidential"
clients, then KC will generate a credential/secret for them. You have
to copy that secret from the KC admin console into the
standalone-apiman.xml file.
Alternatively you can define those secrets in your realm file so that
they are pre-configured when keycloak starts up and bootstraps the new
realm.
-Eric
On 3/31/2016 2:54 AM, jazz(a)sqmail.me wrote:
I hit 'sent' too fast:
My experience so far with apiman, it works great, but the modularity
could be improved:
1. Option to disable elasticsearch
2. Don't include keycloak in overlay
3. use cli files (like keycloak-install.cli) --> keycloak install works
like this, remove apiman-ds.xml files for the datasource
I have on question: the standalone-apiman.xml file contains
security-realms for each war. How do I know which credential secret is
used for that particular war? It is not set in web.xml?
Regards, Bart
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<realm name="apiman">
<realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB</realm-public-key>
<auth-server-url>/auth</auth-server-url>
<ssl-required>none</ssl-required>
<enable-cors>false</enable-cors>
<principal-attribute>preferred_username</principal-attribute>
</realm>
<secure-deployment name="apiman.war">
<realm>apiman</realm>
<resource>apiman</resource>
<credential
name="secret">5af5458f-0a96-4251-8f92-08ebcc3a8aa2</credential>
<disable-trust-manager>true</disable-trust-manager>
<bearer-only>true</bearer-only>
<enable-basic-auth>true</enable-basic-auth>
</secure-deployment>
<secure-deployment name="apimanui.war">
<realm>apiman</realm>
<resource>apimanui</resource>
<credential
name="secret">722557fd-a725-4cc0-9dff-7d09c0c47038</credential>
<disable-trust-manager>true</disable-trust-manager>
<public-client>true</public-client>
</secure-deployment>
<secure-deployment name="apiman-gateway-api.war">
<realm>apiman</realm>
<resource>apiman-gateway-api</resource>
<credential
name="secret">217b725d-7790-47a7-a3fc-5cf31f92a8db</credential>
<disable-trust-manager>true</disable-trust-manager>
<bearer-only>true</bearer-only>
<enable-basic-auth>true</enable-basic-auth>
</secure-deployment>
</subsystem>