[Apiman-user] Token audience doesn't match domain when run inside Docker container

Fadi Abdin fadiabdeen at gmail.com
Mon Oct 12 07:52:13 EDT 2015


Hi Tim,

Check the Realm in Keycloak OAuth Policy Configuration page it should match
the one in the token.

i hope this help.

On Mon, Oct 12, 2015 at 7:43 AM, Tim Dudgeon <tdudgeon.ml at gmail.com> wrote:

> Hi,
>
> I've been following this blog on using the OAuth policy:
>
> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
>
> When I do this with Apiman running in a Docker container
> (jboss/apiman-wildfly from Dockerhub) I'm getting an error when I try to
> access the echo service:
>
> $ curl -k -H "Authorization: Bearer eyJhbGciO...<snip>" -s
> https://192.168.59.103:8443/apiman-gateway/Newcastle/EchoService/1.0 | jq
> {
>    "type": "Authentication",
>    "failureCode": 11004,
>    "responseCode": 401,
>    "message": "Token audience doesn't match domain. Token issuer is
> http://192.168.59.103:8080/auth/realms/stottie, but URL from
> configuration is http://127.0.0.1:8080/auth/realms/stottie",
>    "headers": {}
> }
> $
>
> (192.168.59.103 is the IP address of the Docker host running in
> Boot2Docker).
> Any ideas where the wrong "URL from configuration" part is coming from?
>
> Tim
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20151012/5796cba9/attachment.html 


More information about the Apiman-user mailing list