-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API Manager 3.2.0 and Keycloak - Unclassified Authentication Failure #9286
Comments
Hi @molinab297-unisys , |
Hi @CrowleyRajapakse, it contains the same exception. Here's a snippet from wso2carbon.log:
I think the problem is that API Manager isn't able to validate the JWT for some reason. How does it do that? Does it use the public certificate from Keycloak to validate the JWT just like API Microgateway? |
Hi @molinab297-unisys , |
Hi @CrowleyRajapakse, thanks for your help. I retrieved the issuer certificate from Keycloak by making the following request:
and then I extract the certificate from the 'x5c' field and put it in a 'keycloak.crt' file. Then I convert that crt file into a 'pem' file and copy the contents into the API Manager: Then I go to my Application in API Manager, select Production Keys, then Keycloak and generate a JWT: I still get the following error whenever I make a request to my backend API with that JWT:
However like I said earlier, if I use a JWT generated by the Resident Key Manager, it works. |
@molinab297-unisys Can you try by giving the JWKS endpoint as the above mentioned and try the same scenario. |
I have the same problem. Any news on this? |
Hi @molinab297-unisys , |
Description:
Hello, I'm trying to configure API Manager 3.2.0 to use Keycloak. I followed the instructions here, however when I use API Manager to generate an access token and then try to access my API, I get the following error:
In the wso2-apigw-errors.log file, I see this:
Am I missing something? It seems that my API Manager can communicate with Keycloak, as it can create clients and generate access tokens just fine. But I get this error whenever I make a request to my backend API using a JWT that was generated by keycloak. If I use the built-in "Resident Key Manager" to generate a JWT and then use that, everything works just fine. Do I need to import any other Keycloak certificates other than the SSL cert that the instructions say to import? Or does API Manager make a request to Keycloak to validate the incoming JWT?
Steps to reproduce:
1). Follow the Configure Keycloak as a Key Manager instructions here.
2). Create an API and Application, then have that Application subscribe to the API.
3). Under the Production keys > keycloak tab, generate an access token.
4). Make request to the gateway with that access token.
Affected Product Version:
3.2.0
Environment details (with versions):
Optional Fields
Related Issues:
Suggested Labels:
Suggested Assignees:
The text was updated successfully, but these errors were encountered: