1

For my website, I wanted to implement APIMAN and keycloak as a solution so I came up with this architecture :

  • Keycloak as an Authentification provider.
  • Apiman as an API manager
  • Nginx as a reverse proxy

Apiman is set behind a Keycloak Security Proxy that check whether the user is authenticated or not with this configuration :

{
  "target-url": "APIMAN_API_ENDPOINT_URL",
  "send-access-token": true,
  "bind-address": "0.0.0.0", // this is because I'm in a docker container
  "http-port": "8999",
  "applications": [{
    "base-path": "/",
    "adapter-config": {
      // HERE ARE MY ADAPTER CONFIGURATION
    },
    "constraints": [{
      "pattern": "/*",
      "roles-allowed": [
        "CUSTOM ROLE"
      ]
    }]
  }]
}

Everything was working fine until I tried implementing the Keycloak Oauth Plugin by following this documentation. Once configured, I kept having the same message returned :

{"type":"Authentication","failureCode":11005,"responseCode":401,"message":"OAuth2 'Authorization' header or 'access_token' query parameter must be provided.","headers":{"entries":[],"empty":true}}

I've been stuck here since two days now and don't know how to resolve this. Any help would be appreciated.

Ismail H
  • 4,226
  • 2
  • 38
  • 61

1 Answers1

0

This error message tells you that your HTTP API request contains no Authorization HTTP header nor access_token HTTP query parameter.

You need to obtain JWT from Keycloak and then pass it via the header or query parameter.

Also you can check if you have only a single instance of Keycloak OAuth Policy in your policy chain.

Yuri
  • 4,254
  • 1
  • 29
  • 46