[Apiman-user] Apiman & Keycloak

Marc Savy marc.savy at redhat.com
Tue Sep 1 11:39:54 EDT 2015 

 > I have also reseted the password to demo and I get an account temporarily disabled

You should probably hit the slider that says "temporary" to OFF, then.

http://localhost:8080/auth/admin/master/console/#/realms/demo/users/demo/user-credentials

However, we're straying firmly into Keycloak rather than apiman territory, here.

On 01/09/2015 16:36, Charles Moulliard wrote:
> Works better now. I have also reseted the password to demo and I get an account temporarily disabled
>
> Sent from my iPhone
>
> > On 1 sept. 2015, at 17:22, Marc Savy <marc.savy at redhat.com> wrote:
> >
> > http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings -> 'Direct Grant API' -> ON
> >
> > Now, curl -X POST http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d 'password=demo' -d 'grant_type=password' -d 'client_id=demo'
> >
> > Works fine!
> >
> > As a side-note: I would also point your readers towards the Keycloak docs, as this may not be an optimal setup for their real-world requirements (e.g. they may want redirected login-screens, user registration, SAML, etc, etc).
> >
> >> On 01/09/2015 15:54, Charles Moulliard wrote:
> >>
> >> On 01/09/15 11:57, Marc Savy wrote:
> >>> I would suggest you refer to the Keycloak documentation, as there are
> >>> several ways to skin this particular cat. For instance, how you decide
> >>> to set up your Keycloak configuration is highly dependent upon your
> >>> specific requirements; whether you want token grants to be via the
> >>> API-only, or an HTTP redirect based approach (see:
> >>> https://keycloak.github.io/docs/userguide/html/access-types.html); how
> >>> you wish to divide up your application; the level of security you
> >>> desire; any identity provision sources...
> >>>
> >>> At any rate, once you have Keycloak going, you would log in and click
> >>> on 'create realm' (in my blog demo, that would be
> >>> http://localhost:8080/auth/admin/master/console/#/create/realm) -
> >>> then, add your client, roles, users, etc.
> >>>
> >>>> I have created a very basic use case :
> >> - realm = demo,
> >> - a user = demo and
> >> - a client = demo where Direct Grants Only = ON and Access Type = Public
> >>
> >> but when I issue a request to get the Access Token,
> >>
> >> curl -X POST
> >> http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H
> >> "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d
> >> 'password=demo' -d 'grant_type=password' -d 'client_id=demo'
> >>
> >> I get  this error -->
> >>
> >> {"error_description":"Direct Grant REST API not
> >> enabled","error":"not_enabled"}
> >>
> >> Here is the demo.json exported file =
> >> https://gist.github.com/cmoulliard/c25fef751886ace8c354
> >>
> >>
> >>> To make your life simple for demo purposes, I suggest your clients be
> >>> 'Direct Grants Only' and 'Public'.
> >>>
> >>> I'm not entirely clear from your email whether you want to script
> >>> this, or provide walk-through steps, or provide a pre-baked config
> >>> (like the blog).
> >>>> I would like to include instructions (= step by step instructions) +
> >> screenshots and also a file (= json exported config) for end users not
> >> interested to setup Keycloak
> >>>
> >>> Do you need to use roles and authorization? Or just simple
> >>> authentication?
> >>>
> >>> Regards,
> >>> Marc
> >>>
> >>>
> >>> On 01/09/2015 06:20, Charles Moulliard wrote:
> >>>> This blog refers to a link where we will import a pre-defined config
> >>>>
> >>>> First, log into the Keycloak server. If you’re following our
> >>>> walkthrough, the log-in details are identical to those mentioned earlier
> >>>> (admin, admin123!). You can see that there is already an apiman realm
> >>>> defined, but we’re going to create a new one, so navigate to Add Realm
> >>>> (top right), and import and upload "this demonstration realm definition
> >>>> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it
> >>>> provides an extremely simple setup where we have:
> >>>>
> >>>> What I would like to explain how we can create this "stottie" config in
> >>>> Keycloak (step by step, screenshots)
> >>>>
> >>>> On 01/09/15 02:19, Eric Wittmann wrote:
> >>>>> +1
> >>>>>
> >>>>> Thanks for responding, Rafael. I had intended to link this very same
> >>>>> tutorial but then it slipped my mind. :)
> >>>>>
> >>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote:
> >>>>>> Charles,
> >>>>>>
> >>>>>>     Recently I followed the "/Keycloak and dagger: Securing your
> >>>> services
> >>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto is great!
> >>>>>>
> >>>>>> You don't need to do anything on the Fuse/Camel side. All setup is
> >>>> done
> >>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and
> >>>>>> all you need to do is install the Apiman oauth2 keycloak plugin and
> >>>>>> configure your service policy to use it. The tutorial [1]
> >>>> describes each
> >>>>>> step in detail.
> >>>>>>
> >>>>>> [1]
> >>>>>>
> >>>> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
> >>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> ________________________
> >>>>>> Rafael Torres Coelho Soares
> >>>>>>
> >>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard
> >>>>>> <cmoulliard at redhat.com <mailto:cmoulliard at redhat.com>> wrote:
> >>>>>>
> >>>>>>       Hi,
> >>>>>>
> >>>>>>       I have already asked this question but I need some help to
> >>>> figure
> >>>>>> out
> >>>>>>       what are the steps required to setup Oauth 2 with Keycloak as
> >>>> I'm
> >>>>>>       preparing a demo
> >>>>>> (https://github.com/FuseByExample/rest-dsl-in-action)
> >>>>>>       covering the point about how to secure & govern Camel REST DSL
> >>>>>> endpoints
> >>>>>>       on JBoss Fuse using Apiman & Keycloak ?
> >>>>>>
> >>>>>>       I just need the list of the steps to perform from the Web Site.
> >>>>>> Base on
> >>>>>>       the input, I will take some screenshots and include the
> >>>> instructions
> >>>>>>       within the demo content. Such input could be reused to write
> >>>> a blog
> >>>>>>       article too ;-)
> >>>>>>
> >>>>>>       Regards,
> >>>>>>
> >>>>>>       Charles
> >>>>>>       _______________________________________________
> >>>>>>       Apiman-user mailing list
> >>>>>>       Apiman-user at lists.jboss.org <mailto:Apiman-user at lists.jboss.org>
> >>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> Apiman-user mailing list
> >>>>>> Apiman-user at lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>>>>>
> >>>>
> >>>> _______________________________________________
> >>>> Apiman-user mailing list
> >>>> Apiman-user at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/apiman-user
> >>>>
> >>>
> >

More information about the Apiman-user mailing list