-
Bug
-
Resolution: Done
-
Minor
-
None
-
1.4.1.Final
-
None
-
I use the following keycloak config in conf-es.json:
// Gateway API Authentication. See documentation for further possibilities.. "auth": { "type": "keycloak", "config": { "flowType": "PASSWORD", "requiredRole": "realm:apipublisher", // Paste and overwrite your Keycloak config here. "realm": "apiman", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", "auth-server-url": "https://192.168.99.100:8282/auth", "ssl-required": "none", "resource": "apiman-gateway-api", // A limitation in the current OAuth2 implementation means a credentials section is required // even if your client is not set to "confidential". Leave this dummy section if you're using non-confidential. "credentials": { "secret": "password" } // "truststore": "/usr/src/apiman/apiman.jks", // "truststore-password": "secret", // "client-keystore": "/usr/src/apiman/apiman.jks", // "client-keystore-password": "secret" // End paste here } },
I use the following keycloak config in conf-es.json: // Gateway API Authentication. See documentation for further possibilities.. "auth" : { "type" : "keycloak" , "config" : { "flowType" : "PASSWORD" , "requiredRole" : "realm:apipublisher" , // Paste and overwrite your Keycloak config here. "realm" : "apiman" , "realm- public -key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB" , "auth-server-url" : "https: //192.168.99.100:8282/auth" , "ssl-required" : "none" , "resource" : "apiman-gateway-api" , // A limitation in the current OAuth2 implementation means a credentials section is required // even if your client is not set to "confidential" . Leave this dummy section if you're using non-confidential. "credentials" : { "secret" : "password" } // "truststore" : "/usr/src/apiman/apiman.jks" , // "truststore-password" : "secret" , // "client-keystore" : "/usr/src/apiman/apiman.jks" , // "client-keystore-password" : "secret" // End paste here } },
I am not sure if this is realy a bug or a wrong configuration.
I try to authenticate vertx via keycloak over https.
If I request "/system/status" I got the following error in postman:
"Basic realm="apiman-gw" error="invalid_token" error_message="Failed to create SSL connection""
I use a self signed certificate for this.
If I add this SSL-Options in KeycloakOAuthFactory.java, I am able to create a https connection:
It seems that every SSL-Option (ssl-required) in the keycloak section in conf-es.json is ignored. Also truststure and Keystore?
msavy_jira May you can give me a hint to the right config or my mistake since you wrote the code for this? 
