Details
-
Bug
-
Resolution: Unresolved
-
Critical
-
1.2.6.Final
-
None
Description
1. Setup a MYSQL database on http://localhost:3306/keycloak
2. Added MYSQL jar and module.xml to wildfly in /apiman-1.2.6.Final/wildfly-10.0.0.Final/modules/system/layers/base/com/mysql/main/
3. Added JDBC connection for Keycloak to standalone-apiman.xml
<datasource jndi-name="java:jboss/datasources/MysqlDSkeycloak" pool-name="MysqlDSkeycloak" enabled="true" use-java-context="true"> <connection-url>jdbc:mysql://127.0.0.1:3306/keycloak</connection-url> <driver>mysqlDriver</driver> <pool> <min-pool-size>0</min-pool-size> <initial-pool-size>0</initial-pool-size> <max-pool-size>20</max-pool-size> <prefill>true</prefill> <allow-multiple-users>false</allow-multiple-users> </pool> <security> <user-name>root</user-name> </security> </datasource> <drivers> <driver name="mysqlDriver" module="com.mysql"> <xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class> </driver> <driver name="h2" module="com.h2database.h2"> <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class> </driver> </drivers>
4. Set keycloak-server.json datasource to the MYSQL JNDI name
"connectionsJpa": { "default": { "dataSource": "java:jboss/datasources/MysqlDSkeycloak", "databaseSchema": "update" } },
5. Started APIMan scripts. These populate the MYSQL database with all the base Keycloak tables
6. Login to Keycloak Master Realm, then import APIMan realm. This gets created fine.
7. Login to apiman Admin UI (https://localhost:8443/apimanui) using default admin credentials. This throws a redirect error (Forbidden) in the browser. The console log shows the following :
15:53:38,562 WARN [org.keycloak.events] (default task-9) type=CODE_TO_TOKEN_ERROR, realmId=apiman, clientId=apimanui, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=authorization_code 15:53:38,575 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed to turn code into token 15:53:38,575 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) status from server: 400 15:53:38,575 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) {"error_description":"Client secret not provided in request","error":"unauthorized_client"} 15:56:34,057 WARN [org.keycloak.events] (default task-13) type=LOGIN_ERROR, realmId=apiman, clientId=apiman, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=password
It seems APIMan Admin UI realm cannot permit a login based on the credentials flow. Attached is the Server log