0

I am getting a connection refused response from the server when i try to hit the the endpoint via the proxy i have created on kong. The curl command i am using to hit the proxy -

curl --location --request GET 'http://localhost:8000/listProducts/'
--header 'Accept: application/json'
--header 'Authorization: Bearer token'

to get the token I use the following curl -

curl --location --request POST 'http://localhost:8180/auth/realms/experimental/protocol/openid-connect/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'username=username'
--data-urlencode 'password=password'
--data-urlencode 'grant_type=password'
--data-urlencode 'client_id=myapp'

The Client protocol is open-connect and the access type is public.

The config i have done in the Oidc plugin:

consumer:

response type:
code:
introspection endpoint: http://{MyHostIP}:8180/auth/realms/experimental/protocol/openid-connect/token/introspect

filters:

bearer only: yes

ssl verify: no

session secret:

introspection endpoint auth method:

realm: experimental

redirect after logout uri: /

scope: openid

token endpoint auth method:

client_secret_post:

logout path: /logout

client id: kong

discovery: https://{MyHostIP}:8180/auth/realms/master/.well-known/openid-configuration

client secret: myClientSecret

recovery page path:

redirect uri path:

Thanks in advance

Mohit
  • 1
  • 2

1 Answers1

1

How did u deployed Keycloak? I see 2 points:

  • Your discovery endpoint is https
  • Your introspection endpoint is just http

Also, if you are using Docker to deploy Kong + Keycloak, go to your hosts file and add a new line with your local ip with MyHostIP.

sudo nano /etc/hosts

Then add

your.ip.address. keycloak-host

Update the docker-compose file

kong:
    build:
      context: kong/
      dockerfile: Dockerfile
    extra_hosts:
      - "Keycloak-host:your.ip.address"

Now configure your introspection and discovery url using the keycloak-host

Ex: http://keycloak-host:8180/auth/realms/master/protocol/openid-connect/token/introspect

If you need a functional example about Kong + openID + Keycloak, check this repo.

Diego Rojas
  • 237
  • 5
  • 11