Keycloak as a keymanager for WSO 2 APIM v 3.2.0

Question

I had configured Keycloak key manager in the admin portal. I did what is exactly mentioned in the WSO APIM documentation and I cloned the WSO2 API-M Keycloak connector project from GitHub and copied the jar file in the /repository/components/dropins/ directory but nothing has changed. Still, I was not able to generate the application keys in the devPortal of WSO2 using the keycloak keymanager.

Logs of WSO2 APIM :

Caused by: feign.FeignException$Forbidden: [403 Forbidden] during [POST] to [http://localhost:8080/auth/realms/apim/clients-registrations/openid-connect] [DCRClient#createApplication(ClientInfo)]: [{"error":"insufficient_scope","error_description":"Forbidden"}]
        at feign.FeignException.clientErrorStatus(FeignException.java:199) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.FeignException.errorStatus(FeignException.java:177) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.FeignException.errorStatus(FeignException.java:169) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.codec.ErrorDecoder$Default.decode(ErrorDecoder.java:92) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.AsyncResponseHandler.handleResponse(AsyncResponseHandler.java:96) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.SynchronousMethodHandler.executeAndDecode(SynchronousMethodHandler.java:138) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.SynchronousMethodHandler.invoke(SynchronousMethodHandler.java:89) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at feign.ReflectiveFeign$FeignInvocationHandler.invoke(ReflectiveFeign.java:100) ~[io.github.openfeign.feign-core_11.0.0.jar:?]
        at com.sun.proxy.$Proxy480.createApplication(Unknown Source) ~[?:?]
        at org.wso2.keycloak.client.KeycloakClient.createApplication(KeycloakClient.java:134) ~[keycloak.key.manager_2.0.2.jar:?]
        at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication_aroundBody8(AbstractApplicationRegistrationWorkflowExecutor.java:150) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
        at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:124) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
        at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication_aroundBody6(AbstractApplicationRegistrationWorkflowExecutor.java:120) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
        at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:117) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
        at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete_aroundBody2(ApplicationRegistrationSimpleWorkflowExecutor.java:78) ~[org.wso2.carbon.apimgt.impl_6.7.206.jar:?]
        ... 59 more

Stacktrace of Keycloak :

21:03:57,491 WARN  [org.keycloak.events] (default task-4) type=CLIENT_REGISTER_ERROR, realmId=apim, clientId=null, userId=null, ipAddress=127.0.0.1, error=not_allowed

score 0 · Answer 1 · answered Mar 28 '21 at 14:41

0

It is not required to add the Keycloak connector to the APIM server externally. In the APIM-3.2.0 version, the Keycloak connector is pre-packed in the server.

Can you try without adding the Key cloak connector? This should solve the problem.

answered Mar 28 '21 at 14:41

Wasura Wattearachchi

216
2
10

Keycloak as a keymanager for WSO 2 APIM v 3.2.0

1 Answers1