Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem of integration krakend with keycloak #495

Closed
ugene77 opened this issue May 12, 2022 · 2 comments
Closed

Problem of integration krakend with keycloak #495

ugene77 opened this issue May 12, 2022 · 2 comments
Labels
locked question

Comments

@ugene77
Copy link

ugene77 commented May 12, 2022
edited

Hello. I have keycloak bitnami chart and krakend deployed in in k8s. Also I have a test api, and I want being authenticated before access it. I'm able to get valid jwt token from keycloak, but when I'm trying to access my api through krakend, it returns 401 error
Any help is really appreciated.

Software versions:
keycloak: 16.1.1
crakend: 2.0.4

my config file:

{
  "$schema": "https://www.krakend.io/schema/v3.json",
  "version": 3,
  "timeout": "3000ms",
  "cache_ttl": "300s",
  "output_encoding": "json",
  "port": 8080,
  "endpoints": [
      {
          "endpoint": "/mock/parents/{id}",
          "method": "GET",
          "input_headers": [
             "Authorization"
           ],
          "extra_config": {
              "auth/validator": {
                  "alg": "RS256",
                  "jwk-url": "http://keycloak-headless:8080/auth/realms/master/protocol/openid-connect/certs",
                  "disable_jwk_security": true,
                  "roles_key_is_nested": true,
                  "roles_key": "realm_access.roles",
                  "roles": ["test-app-parent"],
                  "operation_debug": true
              }
          },
          "output_encoding": "json",
          "concurrent_calls": 1,
          "backend": [
              {
                  "url_pattern": "/parents/{id}",
                  "encoding": "json",
                  "sd": "static",
                  "extra_config": {},
                  "host": [
                    "http://testapp-service:8400"
                  ],
                  "disable_host_sanitize": false,
                  "blacklist": [
                      "super_secret_field"
                  ]
              },
              {
                  "url_pattern": "/siblings/{id}",
                  "encoding": "json",
                  "sd": "static",
                  "extra_config": {},
                  "host": [
                      "http://testapp-service:8400"
                  ],
                  "blacklist": [
                      "sibling_id"
                  ],
                  "group": "extra_info",
                  "disable_host_sanitize": false
              },
              {
                  "url_pattern": "/parents/{id}/children",
                  "encoding": "json",
                  "sd": "static",
                  "extra_config": {},
                  "host": [
                      "http://testapp-service:8400"
                  ],
                  "disable_host_sanitize": false,
                  "mapping": {
                      "content": "cars"
                  },
                  "whitelist": [
                      "content"
                  ]
              }
          ]
      },
      {
          "endpoint": "/mock/bogus-new-api/{path}",
          "method": "GET",
          "extra_config": {
              "auth/validator": {
                  "alg": "RS256",
                  "jwk-url": "http://keycloak-headless:8080/auth/realms/master/protocol/openid-connect/certs",
                  "disable_jwk_security": true
              },
              "github.com/devopsfaith/krakend/proxy": {
                  "static": {
                      "data": {
                          "new_field_a": 123,
                          "new_field_b": [
                              "arr1",
                              "arr2"
                          ],
                          "new_field_c": {
                              "obj": "obj1"
                          }
                      },
                      "strategy": "always"
                  }
              }
          },
          "output_encoding": "json",
          "concurrent_calls": 1,
          "backend": [
              {
                  "url_pattern": "/not-finished-yet",
                  "encoding": "json",
                  "sd": "static",
                  "extra_config": {},
                  "host": [
                      "nothing-here"
                  ],
                  "disable_host_sanitize": false
              }
          ]
      }
  ]
 }  ```

Commands, I'm using to start  krakend:
kubectl apply -f krakend.yml

There are following logs:
KRAKEND ERROR: [ENDPOINT: /mock/parents/:id][JWTValidator] Unable to validate the token: Get "": unsupported protocol scheme ""
[GIN] 2022/05/12 - 11:15:07 | 401 |     368.798µs |       10.42.4.0 | GET      "/mock/parents/8f01e84c-6bdf-4cc0-bf5f-566698d30277"
@ugene77 ugene77 changed the title Problem with integration krakend with keycloak Problem of integration krakend with keycloak May 12, 2022
@alombarte
Copy link
Member

Hi @ugene77 ,

It looks like you have migrated from a KrakenD 1.x to a KrakenD 2.0 but you have not replaced jwk-url by jwk_url. You also have blacklist which is not currently allowed (use deny) instead.

You can find problems like this in the future by running krakend check -dtc krakend.json --lint

@github-actions
Copy link

This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alombarte @ugene77