New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems with allowedIssuers #2578
Comments
Did you make a PR for this? Or you just letting me know about it |
Ehm, that is a good question. |
Unless there is a compelling reason, I'm probably not going to do another v3 release, so may not be worth it. |
Yeah, I guess that is not worth it as this is a very special use case for us. |
In addition to what I've mentioned before re: Apiman 4, I'm focussing on areas as requested by those who financially support the project (i.e. work with Black Parrot Labs to ensure the project can continue), so there will be a fair number of changes both upstream and downstream. Obviously, there's a heck of a lot to do, especially in combination with my other obligations (and trying not to completely burn myself out). |
Apiman Version
3.1.2.Final
Apiman Manager Distro
Tomcat
Apiman Gateway Distro
Vert.x
Java Version
11
Operating System
Linux
Are you running Apiman in a container, or on an orchestration platform?
Kubernetes
Describe the bug
Recent changes (759a0d2) cause problems depending on your keycloak endpoint.
If the auth server url contains an path with
/
(e.g.http://keycloak/my/Cool/Path
) the following does not work:apiman/gateway/platforms/vertx3/vertx3/src/main/java/io/apiman/gateway/platforms/vertx3/api/auth/KeycloakOAuthFactory.java
Lines 178 to 194 in c441939
The path is treated as one segment which causes problems in the later URL constructions as the
/
will be encoded to%2f
which causes problems in the discovery.In addition this feature forces you to use allowedIssuers.
If you do not want this (as you may are only using the internal domain) we should the option in the default config to disabled allowedIssuer checks.
Expected behaviour
Path should be correctly supported.
We could do it something like this, which correctly splits the path by
/
In addition the check can be disabled via
"validateIssuer": false
in the gateway config json.Actual behaviour
No response
How to Reproduce
No response
Relevant log output
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: