- login to keycloak and open the appropriate realm
- Go to Realm Settings -> Keys
- Click the
Certificatebutton on the Type=
I’ve started playing with apiman and keycloak to secure an API using OAuth2. I’ve been following this useful blog http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/1.2.x/2016/01/22/keycloak-oauth2-redux.html but as it was last updated at the start of 2016 and it’s now October 2017, there’s some out of date bits.
This section that talks about configuring the OAuth2 policy in apiman has a link to the keycloak admin UI that apparently gets you the
realm certificate: http://localhost:8080/auth/admin/master/console/#/realms/stottie/keys-settings. This link doesn’t work with apiman 1.3.1 (that comes with keycloak 2.5.5 I think). You get a page not found error instead. See below for where to find the certificate.
You can find the realm certificate by:
- Login to keycloak, probably at a URL like http://localhost:8080/auth/admin
- Select the realm that you’re using for the apiman OAuth2 policy. That’s
Stottieif you’re following the blog.
Realm Settingsfrom the menu on the left
- Click the
Keystab at the top
- You should have a table of active keys. One should be of type
RSAand if you look at the far right of that row, there’ll be a
Certificatebutton. Click this button to get your base64 encoded X.509 certificate that you can use in the OAuth2 policy for apiman.