Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-789

Steps to add OpenID Connect config to the APIcast configuration file missing

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Obsolete
    • Major
    • None
    • 2.1 GA, SaaS
    • Documentation

    Description

      Issue

      I want to use 

      THREESCALE_CONFIG_FILE

      either for importing a policy to the gateway or simply to use a local config file instead of depending on the remote loader API. When using oidc authentication mode the config from Red Hat Single Sign-On server needs to be imported to APIcast but this won't be included in the JSON config when downloading the JSON from the APIcast configuration history section.

      I can't authenticate with a valid JWT.

      Resolution

      Add the following block to the JSON config file downloaded from the admin portal.

      {
      "services": [{...}],
      "oidc": [
        {
          "issuer": "http://{SSO-SERVER-HOST-NAME}/auth/realms/{REALM-NAME}",
          "config": {
            "public_key": "<YOUR-REALM-PUBLIC-KEY>",
            "openid": {
              "id_token_signing_alg_values_supported": [ "RS256" ]
            }
          }
        }
      ]
    }

      You can get your <YOUR-REALM-PUBLIC-KEY> from "public_key" field in the JSON here: http://

      {SSO-SERVER-HOST-NAME}

      /auth/realms/

      {REALM-NAME}

      Attachments

        Issue Links

          relates to

          Feature Request - Feature requests from customers and/or users THREESCALE-669 Export service proxy configuration for all services

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed
          links to

          Web Link KCS

          Activity

            People

              Unassigned Unassigned
              rhn-support-keprice Kevin Price
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: