Uploaded image for project: 'apiman (API Management)'
  1. apiman (API Management)
  2. APIMAN-1191

Unable to login to APIMan Admin UI when Keycloak uses an external RDMBS e.g. MYSQL

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Critical
    • 1.3.x
    • 1.2.6.Final
    • Management UI
    • None

    Description

      1. Setup a MYSQL database on http://localhost:3306/keycloak

      2. Added MYSQL jar and module.xml to wildfly in /apiman-1.2.6.Final/wildfly-10.0.0.Final/modules/system/layers/base/com/mysql/main/

      3. Added JDBC connection for Keycloak to standalone-apiman.xml 

                      <datasource jndi-name="java:jboss/datasources/MysqlDSkeycloak" pool-name="MysqlDSkeycloak" enabled="true" use-java-context="true">
                    <connection-url>jdbc:mysql://127.0.0.1:3306/keycloak</connection-url>
                    <driver>mysqlDriver</driver>
                    <pool>
                        <min-pool-size>0</min-pool-size>
                        <initial-pool-size>0</initial-pool-size>
                        <max-pool-size>20</max-pool-size>
                        <prefill>true</prefill>
                        <allow-multiple-users>false</allow-multiple-users>
                    </pool>
                    <security>
                        <user-name>root</user-name>
                    </security>
                </datasource>
                <drivers>
                    <driver name="mysqlDriver" module="com.mysql">
                        <xa-datasource-class&gt;com.mysql.jdbc.Driver</xa-datasource-class&gt;
                    </driver>
                    <driver name="h2" module="com.h2database.h2">
                        <xa-datasource-class&gt;org.h2.jdbcx.JdbcDataSource</xa-datasource-class&gt;
                    </driver>
                </drivers>

      4. Set keycloak-server.json datasource to the MYSQL JNDI name

          "connectionsJpa": {
        "default": {
            "dataSource": "java:jboss/datasources/MysqlDSkeycloak",
            "databaseSchema": "update"
        }
    },

      5. Started APIMan scripts. These populate the MYSQL database with all the base Keycloak tables

      6. Login to Keycloak Master Realm, then import APIMan realm. This gets created fine.

      7. Login to apiman Admin UI (https://localhost:8443/apimanui) using default admin credentials. This throws a redirect error (Forbidden) in the browser. The console log shows the following :

      15:53:38,562 WARN  [org.keycloak.events] (default task-9) type=CODE_TO_TOKEN_ERROR, realmId=apiman, clientId=apimanui, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=authorization_code
15:53:38,575 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) failed to turn code into token
15:53:38,575 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6) status from server: 400
15:53:38,575 ERROR [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-6)    {"error_description":"Client secret not provided in request","error":"unauthorized_client"}
15:56:34,057 WARN  [org.keycloak.events] (default task-13) type=LOGIN_ERROR, realmId=apiman, clientId=apiman, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials, grant_type=password

      It seems APIMan Admin UI realm cannot permit a login based on the credentials flow. Attached is the Server log

      Attachments

        1. server.log
          217 kB
          imran qureshi

        Activity

          People

            msavy_jira Marc Savy (Inactive)
            imran.qureshi_jira imran qureshi (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated: