In the Keycloak documentation the base path is defined as: localhost:8080/auth
But if we try to reach the documented endpoints we always get a Not Found response.
We get a 404 if we try to access the endpoint to get the top-level representation of the master realm: GET /{realm} like:
http://localhost:8080/auth/master
But if we try it like:
http://localhost:8080/auth/admin/realms/master
we receive a successful response.
Are we overlooking something or is this an error in the documentation?
Related
I have configured our Azure Data Factory with a REST Link Service. I have obtained a valid token from the end service.
The token successfully works when using the token with POSTMAN, but the token returns Error status code 401 Unauthorized with Azure Data Factory.
As you can see with POSTMAN when I send a GET request with the Token I get data back:
However, with Azure Data Factory I get the error:
{
"errorCode": "2200",
"message": "Failure happened on 'Source' side. ErrorCode=RestCallFailedWithClientError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Rest call failed with client error, status code 401 Unauthorized, please check your activity settings.\nRequest URL: https://pm2.preqinsolutions.com/apiCore/api/countries.\nResponse: ,Source=Microsoft.DataTransfer.ClientLibrary,'",
"failureType": "UserError",
"target": "Copy data1",
"details": []
}
The ADF Link Service is a follows:
Can someone see something obvioius that would prevent access due 401 Unauthorized status with ADF?
I have also tried the following ADF configuration. However, I'm getting the same error:
Please try changing the authHeader name to Authorization and the value to Bearer <your API key>. I suspect from the screenshot of Postman that is what it’s doing. If that does not work then please provide a link to the documentation. This explains Bearer tokens.
You might also check the lifetime of your access token and make sure it doesn’t expire after an hour, for example.
I did a quick test against a REST API I know (Power BI REST API). The linked service looks like this and the value for the Authorization header was Bearer MY_ACCESS_TOKEN_HERE.
The dataset looks like:
The source of the Copy activity looks like:
This succeeded.
I would suggest you contact pm2.preqinsolutions.com support to see if they can provide more information on your access token / API key and have them confirm that the API isn't restricted to be accessed from only certain allowed API addresses. (ADF will not be accessing it from an on-premises IP address like your laptop.) You might also change the REST API linked service to use a self-hosted integration runtime instead of an Azure integration runtime to validate the IP address the API is called from isn't the issue.
I am working on creating a new request in AWS API Gateway. I am having issues with a 404 not found on the URL request.
The request (had to create fake one for the question):
GET https://hello.stackoverflow.com/services/misc/myroute/v1/swagger.json
I created a route in API Gateway ANY /services/misc/myroute/{proxy+}
I attached the route to a Load Balancer Listener integration
I set up the listener rule in the Load Balancer:
IF Path is /services/misc* Then Forward to Target
IF Requests otherwise not routed Then Forward to Default
Created logs for this system in the AWS API Gateway: Monitor -> Logging -> Set Log Destination
Set variables for the log format using the $context variables, Context Variables
Ex Log:
{ "requestId":"QWRHQKWFHWAFZ=",
"routeKey":"ANY /services/misc/myroute/{proxy+}",
"path":"/services/misc/myroute/v1/swagger.json",
"domain":"hello.stackoverflow.com",
"domain_prefix":"hello",
"httpMethod":"GET", "status":"404","protocol":"HTTP/1.1", "endpoint":-" }
One final check I have done to make sure its completing its "route" was see the requests in the monitoring and seeing the 4xx come from this ALB listener.
I can send the request via localhost and get a response with the json body
GET https://localhost:8080/v1/swagger.json --> Status 200 OK with body filled
In my quest to solve the issue, it has lead me to many older (2019) stack overflow questions that seem to be outdated with the AWS Console, same with the AWS documentation. See links below...
AWS API Gateway Method request path parameter not working
AWS API Gateway 404 page not found error when invoking endpoint url
AWS API Gateway Method request path parameter not working
With this being my first project in the AWS cloud space, I am not sure where else to turn. My guess would be the authentication headers from the API Gateway are being lost, but not sure where I can see this loss happening.
From my understanding of how the AWS Request Flow goes, I created this diagram:
I try to access every role for the user 7b244fd8-5e1a-43af-9572-91d50784fda7 and found this code (Keycloak User Roles missing in REST API):
GET /auth/admin/realms/{realm}/users/{user-uuid}/role-mappings/clients/{client-uuid}
This is why I try to make the following GET request (Bearer token correctly provided)
https://mywebsite.com/auth/admin/realms/master/users/7b244fd8-5e1a-43af-9572-91d50784fda7/role-mappings/clients/admin-cli
I get an {"error": "Client not found" } error.
I guess the "admin-cli" in my code is wrong, but this is the Client ID in the master realm. Is this the wrong id? How can I make the request to get all roles for a specific user working?
I get an {"error": "Client not found" } error.
I guess the "admin-cli" in my code is wrong, but this is the Client ID
in the master realm. Is this the wrong id? How can I make the request
to get all roles for a specific user working?
You should use the ID of the client and not the client ID, which you can find on the url:
or via Rest Admin API:
GET /auth/admin/realms/{realm}/clients?clientId=$CLIENT_ID
The /auth path was removed starting with Keycloak 17 Quarkus distribution, in that case the endpoint would be:
GET /admin/realms/{realm}/clients?clientId=$CLIENT_ID
It seems an HTTP response of 403 is accepted as the norm and correct handling of any calls made to a resource or endpoint that does not exist on an API Gateway setup (this post).
Example: a call to a non-existing endpoint on my Gateway would be;
GET -- https://{{MyGatewayDomain}}/api/v1/blah
This would return a 403 forbidden. Which can be rather confusing and misleading.
I'd like to know if anyone has managed to configure their API Gateway so that any call to a non-existing endpoint / resource, returns what I would have thought is a correct response of a 404?
Thanks in advance.
EDIT
As per bejos-aws's suggestion, I am able to override the default behaviour of the 403 Missing Authentication Token however, this will not solve my issue as then all the valid 403 errors would return a 404 response which is incorrect.
Also, my issue is regarding a 403 forbidden which doesn't exist in the default responses in the AWS Gateway Response's list (and even if it did, that wouldn't help).
Seems this is just not possible?
This is not currently a feature of API Gateway. However, there is a workaround. Using Gateway Responses, you can override the 403 Missing Authentication Token response with a 404 and supply whatever message you want as a response.
Note, this only works when the API stage is valid:
So if your API is deployed to a stage named v1
https://{MyGatewayDomain}/api/v1/somepath
And the caller supplies the wrong stage
https://{MyGatewayDomain}/api/invalidStage/somepath
Then the API will still respond with 403 Forbidden
I have an API resource that is working as expected as you can see from the screen-shot below.
But when I deploy and access it through URL something like this...
https://vatultwgoc.execute-api.us-east-1.amazonaws.com/staging/oksoft?url=http://google.com
I get an error:
{"message":"Missing Authentication Token"}
What is the correct way to deploy API ?
Please make sure you invoke your API with the correct http method. I just try to invoke your API, and I am getting "null" which matches your test invoke result.