You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to setup an Apiman 1.2.2.Final instance in Wildfly 10 to work with an external Keycloak 1.7 instance and it is getting difficult to correctly login with the admin user into the Apiman console ([apiman_server]:[port]/apimanui). I followed the setup steps of the Production Guide.
It is throwing this validation error message in Apiman's output:
11:49:32,468 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator](default task-2) failed to turn code into token
11:49:32,469 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator](default task-2) status from server: 400
11:49:32,470 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator](default task-2) {"error_description":"Client secret not provided in request","error":"unauthorized_client"}
It is apparently obvious that it is because a wrong Client Secret. So I copied the client secrets of each client (apiman, apimanui, apiman-gateway-api) from Apiman realm in Keycloak to the standalone-apiman.xml, matching each secret with its corresponding secure-deployment tag, I didn't find another config where I can set the client secret. I've also set the corresponding realm values in the realm-public-key and auth-server-url tags of the standalone-apiman.xml and disabled the internal Keycloak instance.
I did also try to authenticate with a new Keycloak 1.9 instance, but I got the same result.
Am I missing some configuration or doing something wrong?
Yeah, our apiman realm file is more of a starting point than anything - it requires some tweaking and poking in order to get it working with an external KC server.
For this problem I think you can try two different things.
First, try removing the element from the secure-deployment config for the "apimanui.war" app.
If that doesn't work, then you could switch all your clients (in the KC admin UI) to "Public" instead of "Confidential". That way a secret credential isn't required.
Hi Eric!
I'm trying to setup an Apiman 1.2.2.Final instance in Wildfly 10 to work with an external Keycloak 1.7 instance and it is getting difficult to correctly login with the admin user into the Apiman console ([apiman_server]:[port]/apimanui). I followed the setup steps of the Production Guide.
It is throwing this validation error message in Apiman's output:
Keycloak's output:
It is apparently obvious that it is because a wrong Client Secret. So I copied the client secrets of each client (apiman, apimanui, apiman-gateway-api) from Apiman realm in Keycloak to the standalone-apiman.xml, matching each secret with its corresponding secure-deployment tag, I didn't find another config where I can set the client secret. I've also set the corresponding realm values in the realm-public-key and auth-server-url tags of the standalone-apiman.xml and disabled the internal Keycloak instance.
I did also try to authenticate with a new Keycloak 1.9 instance, but I got the same result.
Am I missing some configuration or doing something wrong?
Added part of my standalone-apiman.xml below.
Thanks a lot in advance!
The text was updated successfully, but these errors were encountered: