[Apiman-user] Token audience doesn't match domain when run inside Docker container
Tim Dudgeon
tdudgeon.ml at gmail.com
Mon Oct 12 08:18:43 EDT 2015
Thanks. That's the trick!
On 12/10/2015 12:52, Fadi Abdin wrote:
> Hi Tim,
>
> Check the Realm in Keycloak OAuth Policy Configuration page it should
> match the one in the token.
>
> i hope this help.
>
> On Mon, Oct 12, 2015 at 7:43 AM, Tim Dudgeon <tdudgeon.ml at gmail.com
> <mailto:tdudgeon.ml at gmail.com>> wrote:
>
> Hi,
>
> I've been following this blog on using the OAuth policy:
> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
>
> When I do this with Apiman running in a Docker container
> (jboss/apiman-wildfly from Dockerhub) I'm getting an error when I
> try to
> access the echo service:
>
> $ curl -k -H "Authorization: Bearer eyJhbGciO...<snip>" -s
> https://192.168.59.103:8443/apiman-gateway/Newcastle/EchoService/1.0
> | jq
> {
> "type": "Authentication",
> "failureCode": 11004,
> "responseCode": 401,
> "message": "Token audience doesn't match domain. Token issuer is
> http://192.168.59.103:8080/auth/realms/stottie, but URL from
> configuration is http://127.0.0.1:8080/auth/realms/stottie",
> "headers": {}
> }
> $
>
> (192.168.59.103 is the IP address of the Docker host running in
> Boot2Docker).
> Any ideas where the wrong "URL from configuration" part is coming
> from?
>
> Tim
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20151012/f092cc44/attachment-0001.html
More information about the Apiman-user
mailing list