[Apiman-user] Apiman & Keycloak

Charles Moulliard cmoulliard at redhat.com
Tue Sep 1 10:54:29 EDT 2015 

On 01/09/15 11:57, Marc Savy wrote:
> I would suggest you refer to the Keycloak documentation, as there are 
> several ways to skin this particular cat. For instance, how you decide 
> to set up your Keycloak configuration is highly dependent upon your 
> specific requirements; whether you want token grants to be via the 
> API-only, or an HTTP redirect based approach (see: 
> https://keycloak.github.io/docs/userguide/html/access-types.html); how 
> you wish to divide up your application; the level of security you 
> desire; any identity provision sources...
>
> At any rate, once you have Keycloak going, you would log in and click 
> on 'create realm' (in my blog demo, that would be 
> http://localhost:8080/auth/admin/master/console/#/create/realm) - 
> then, add your client, roles, users, etc.
>
 >> I have created a very basic use case :
- realm = demo,
- a user = demo and
- a client = demo where Direct Grants Only = ON and Access Type = Public

but when I issue a request to get the Access Token,

curl -X POST 
http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H 
"Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d 
'password=demo' -d 'grant_type=password' -d 'client_id=demo'

I get  this error -->

{"error_description":"Direct Grant REST API not 
enabled","error":"not_enabled"}

Here is the demo.json exported file = 
https://gist.github.com/cmoulliard/c25fef751886ace8c354


> To make your life simple for demo purposes, I suggest your clients be 
> 'Direct Grants Only' and 'Public'.
>
> I'm not entirely clear from your email whether you want to script 
> this, or provide walk-through steps, or provide a pre-baked config 
> (like the blog).
 >> I would like to include instructions (= step by step instructions) + 
screenshots and also a file (= json exported config) for end users not 
interested to setup Keycloak
>
> Do you need to use roles and authorization? Or just simple authentication?
>
> Regards,
> Marc
>
>
> On 01/09/2015 06:20, Charles Moulliard wrote:
>> This blog refers to a link where we will import a pre-defined config
>>
>> First, log into the Keycloak server. If you’re following our
>> walkthrough, the log-in details are identical to those mentioned earlier
>> (admin, admin123!). You can see that there is already an apiman realm
>> defined, but we’re going to create a new one, so navigate to Add Realm
>> (top right), and import and upload "this demonstration realm definition
>> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it
>> provides an extremely simple setup where we have:
>>
>> What I would like to explain how we can create this "stottie" config in
>> Keycloak (step by step, screenshots)
>>
>> On 01/09/15 02:19, Eric Wittmann wrote:
>> > +1
>> >
>> > Thanks for responding, Rafael. I had intended to link this very same
>> > tutorial but then it slipped my mind. :)
>> >
>> > On 8/31/2015 5:48 PM, Rafael Soares wrote:
>> >> Charles,
>> >>
>> >>    Recently I followed the "/Keycloak and dagger: Securing your 
>> services
>> >> with OAuth2/" tutorial [1] and it worked fine! This howto is great!
>> >>
>> >> You don't need to do anything on the Fuse/Camel side. All setup is 
>> done
>> >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and
>> >> all you need to do is install the Apiman oauth2 keycloak plugin and
>> >> configure your service policy to use it. The tutorial [1] 
>> describes each
>> >> step in detail.
>> >>
>> >> [1]
>> >> 
>> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
>> >>
>> >>
>> >>
>> >>
>> >> ________________________
>> >> Rafael Torres Coelho Soares
>> >>
>> >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard
>> >> <cmoulliard at redhat.com <mailto:cmoulliard at redhat.com>> wrote:
>> >>
>> >>      Hi,
>> >>
>> >>      I have already asked this question but I need some help to 
>> figure
>> >> out
>> >>      what are the steps required to setup Oauth 2 with Keycloak as 
>> I'm
>> >>      preparing a demo
>> >> (https://github.com/FuseByExample/rest-dsl-in-action)
>> >>      covering the point about how to secure & govern Camel REST DSL
>> >> endpoints
>> >>      on JBoss Fuse using Apiman & Keycloak ?
>> >>
>> >>      I just need the list of the steps to perform from the Web Site.
>> >> Base on
>> >>      the input, I will take some screenshots and include the 
>> instructions
>> >>      within the demo content. Such input could be reused to write 
>> a blog
>> >>      article too ;-)
>> >>
>> >>      Regards,
>> >>
>> >>      Charles
>> >>      _______________________________________________
>> >>      Apiman-user mailing list
>> >>      Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
>> >> https://lists.jboss.org/mailman/listinfo/apiman-user
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> Apiman-user mailing list
>> >> Apiman-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/apiman-user
>> >>
>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>

More information about the Apiman-user mailing list