1:44 a.m.
Hi,
I implemented apiman with keycloak, it is working fine with
<http://192.168.100.211:8081/apimanui/api-manager/admin/plugins/1008>*k...
OAuth policy* and *authorization policy *plugin but if i logout a user
session from keycloak but it still works on apiman, where it doesn't
have to give access and show 401.
Regards,
Yasir
5:25 p.m.
Hi Yasir,
If I understand your query correctly:
Keycloak's JWT tokens have an expiry (i.e. lifetime, often a few minutes).
Even if you log out that session in Keycloak, it might be a few minutes
until the token already issued to the user expires.
There are mechanisms to explicitly revoke/blacklist tokens before the
expiry has been reached, but they are not currently supported by Apiman.
Regards,
Marc
On Wed, 21 Nov 2018 at 13:34, Yasir Zeeshan <yasir.z(a)3gca.org> wrote:
Hi,
I implemented apiman with keycloak, it is working fine with
<http://192.168.100.211:8081/apimanui/api-manager/admin/plugins/1008>*k...
OAuth policy* and *authorization policy *plugin but if i logout a user
session from keycloak but it still works on apiman, where it doesn't have
to give access and show 401.
Regards,
Yasir
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user
2227
days inactive
2269
days old
1 comments
2 participants
participants (2)
-
Marc Savy -
Yasir Zeeshan