I have also reseted the password to demo and I get an account
temporarily disabled
However, we're straying firmly into Keycloak rather than apiman territory, here.
On 01/09/2015 16:36, Charles Moulliard wrote:
Works better now. I have also reseted the password to demo and I get
an account temporarily disabled
Sent from my iPhone
> On 1 sept. 2015, at 17:22, Marc Savy <marc.savy(a)redhat.com> wrote:
>
>
http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings ->
'Direct Grant API' -> ON
>
> Now, curl -X POST
http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H
"Content-Type: application/x-www-form-urlencoded" -d "username=demo"
-d 'password=demo' -d 'grant_type=password' -d 'client_id=demo'
>
> Works fine!
>
> As a side-note: I would also point your readers towards the Keycloak docs, as this
may not be an optimal setup for their real-world requirements (e.g. they may want
redirected login-screens, user registration, SAML, etc, etc).
>
>> On 01/09/2015 15:54, Charles Moulliard wrote:
>>
>> On 01/09/15 11:57, Marc Savy wrote:
>>> I would suggest you refer to the Keycloak documentation, as there are
>>> several ways to skin this particular cat. For instance, how you decide
>>> to set up your Keycloak configuration is highly dependent upon your
>>> specific requirements; whether you want token grants to be via the
>>> API-only, or an HTTP redirect based approach (see:
>>>
https://keycloak.github.io/docs/userguide/html/access-types.html); how
>>> you wish to divide up your application; the level of security you
>>> desire; any identity provision sources...
>>>
>>> At any rate, once you have Keycloak going, you would log in and click
>>> on 'create realm' (in my blog demo, that would be
>>>
http://localhost:8080/auth/admin/master/console/#/create/realm) -
>>> then, add your client, roles, users, etc.
>>>
>>>> I have created a very basic use case :
>> - realm = demo,
>> - a user = demo and
>> - a client = demo where Direct Grants Only = ON and Access Type = Public
>>
>> but when I issue a request to get the Access Token,
>>
>> curl -X POST
>>
http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H
>> "Content-Type: application/x-www-form-urlencoded" -d
"username=demo" -d
>> 'password=demo' -d 'grant_type=password' -d
'client_id=demo'
>>
>> I get this error -->
>>
>> {"error_description":"Direct Grant REST API not
>> enabled","error":"not_enabled"}
>>
>> Here is the demo.json exported file =
>>
https://gist.github.com/cmoulliard/c25fef751886ace8c354
>>
>>
>>> To make your life simple for demo purposes, I suggest your clients be
>>> 'Direct Grants Only' and 'Public'.
>>>
>>> I'm not entirely clear from your email whether you want to script
>>> this, or provide walk-through steps, or provide a pre-baked config
>>> (like the blog).
>>>> I would like to include instructions (= step by step instructions) +
>> screenshots and also a file (= json exported config) for end users not
>> interested to setup Keycloak
>>>
>>> Do you need to use roles and authorization? Or just simple
>>> authentication?
>>>
>>> Regards,
>>> Marc
>>>
>>>
>>> On 01/09/2015 06:20, Charles Moulliard wrote:
>>>> This blog refers to a link where we will import a pre-defined config
>>>>
>>>> First, log into the Keycloak server. If you’re following our
>>>> walkthrough, the log-in details are identical to those mentioned
earlier
>>>> (admin, admin123!). You can see that there is already an apiman realm
>>>> defined, but we’re going to create a new one, so navigate to Add Realm
>>>> (top right), and import and upload "this demonstration realm
definition
>>>> -
http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it
>>>> provides an extremely simple setup where we have:
>>>>
>>>> What I would like to explain how we can create this "stottie"
config in
>>>> Keycloak (step by step, screenshots)
>>>>
>>>> On 01/09/15 02:19, Eric Wittmann wrote:
>>>>> +1
>>>>>
>>>>> Thanks for responding, Rafael. I had intended to link this very
same
>>>>> tutorial but then it slipped my mind. :)
>>>>>
>>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote:
>>>>>> Charles,
>>>>>>
>>>>>> Recently I followed the "/Keycloak and dagger: Securing
your
>>>> services
>>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto
is great!
>>>>>>
>>>>>> You don't need to do anything on the Fuse/Camel side. All
setup is
>>>> done
>>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service
embedded and
>>>>>> all you need to do is install the Apiman oauth2 keycloak plugin
and
>>>>>> configure your service policy to use it. The tutorial [1]
>>>> describes each
>>>>>> step in detail.
>>>>>>
>>>>>> [1]
>>>>>>
>>>>
http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication...
>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ________________________
>>>>>> Rafael Torres Coelho Soares
>>>>>>
>>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard
>>>>>> <cmoulliard(a)redhat.com
<mailto:cmoulliard@redhat.com>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have already asked this question but I need some help
to
>>>> figure
>>>>>> out
>>>>>> what are the steps required to setup Oauth 2 with Keycloak
as
>>>> I'm
>>>>>> preparing a demo
>>>>>> (
https://github.com/FuseByExample/rest-dsl-in-action)
>>>>>> covering the point about how to secure & govern Camel
REST DSL
>>>>>> endpoints
>>>>>> on JBoss Fuse using Apiman & Keycloak ?
>>>>>>
>>>>>> I just need the list of the steps to perform from the Web
Site.
>>>>>> Base on
>>>>>> the input, I will take some screenshots and include the
>>>> instructions
>>>>>> within the demo content. Such input could be reused to
write
>>>> a blog
>>>>>> article too ;-)
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Charles
>>>>>> _______________________________________________
>>>>>> Apiman-user mailing list
>>>>>> Apiman-user(a)lists.jboss.org
<mailto:Apiman-user@lists.jboss.org>
>>>>>>
https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Apiman-user mailing list
>>>>>> Apiman-user(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>>>
>>>>
>>>> _______________________________________________
>>>> Apiman-user mailing list
>>>> Apiman-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>
>>>
>