[Apiman-user] apiman using external keycloak and elasticsearch
jazz at sqmail.me
jazz at sqmail.me
Thu Mar 31 02:54:55 EDT 2016
I hit 'sent' too fast:
My experience so far with apiman, it works great, but the modularity
could be improved:
1. Option to disable elasticsearch
2. Don't include keycloak in overlay
3. use cli files (like keycloak-install.cli) --> keycloak install
works like this, remove apiman-ds.xml files for the datasource
I have on question: the standalone-apiman.xml file contains
security-realms for each war. How do I know which credential secret is
used for that particular war? It is not set in web.xml?
Regards, Bart
<subsystem xmlns="urn:jboss:domain:keycloak:1.1">
<realm name="apiman">
<realm-public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB</realm-public-key>
<auth-server-url>/auth</auth-server-url>
<ssl-required>none</ssl-required>
<enable-cors>false</enable-cors>
<principal-attribute>preferred_username</principal-attribute>
</realm>
<secure-deployment name="apiman.war">
<realm>apiman</realm>
<resource>apiman</resource>
<credential
name="secret">5af5458f-0a96-4251-8f92-08ebcc3a8aa2</credential>
<disable-trust-manager>true</disable-trust-manager>
<bearer-only>true</bearer-only>
<enable-basic-auth>true</enable-basic-auth>
</secure-deployment>
<secure-deployment name="apimanui.war">
<realm>apiman</realm>
<resource>apimanui</resource>
<credential
name="secret">722557fd-a725-4cc0-9dff-7d09c0c47038</credential>
<disable-trust-manager>true</disable-trust-manager>
<public-client>true</public-client>
</secure-deployment>
<secure-deployment name="apiman-gateway-api.war">
<realm>apiman</realm>
<resource>apiman-gateway-api</resource>
<credential
name="secret">217b725d-7790-47a7-a3fc-5cf31f92a8db</credential>
<disable-trust-manager>true</disable-trust-manager>
<bearer-only>true</bearer-only>
<enable-basic-auth>true</enable-basic-auth>
</secure-deployment>
</subsystem>
More information about the Apiman-user
mailing list