KeyCloak + Tyk Pro

Marcos-Oleiro · March 24, 2021, 5:33pm

Hello

Im trying to integrate keycloak with tyk, created realm,client and user on keycloak and im able to get a token normally (using openidconnect.net), but im having problems (and some questions) with configurations on tyk.

What i did on tyk:

Created an API (named Teste OpenId-KeyCloak) with OpenID Connect auth mode, issuer and policy.

Created a Policy with access to api

Questions:

I need to create a key to the policy i’ve created?
Keys’ expiration must be the same as the token (from KeyCloak)?

Problem:

Sometimes i get normal access to the api and sometimes I find the error “Key not authorised” and i dont know what makes it works and not works. Documentation and guides didn’t really helped me.

Valmir · March 24, 2021, 8:37pm

Hi @Marcos-Oleiro,

Thank you for reaching out and attaching the images to your inquiry.

I don’t have the answer at the moment for why you’re only sometimes receiving the “Key not authorised” error message. I’m going to try to recreate this on my end and will get back to you as soon as I find the answer for you.

–
Valmir

Valmir · March 26, 2021, 9:19pm

Hey @Marcos-Oleiro,

Here are the the steps on the Tyk side for protecting your API with Keycloak.

Create API
Set Authentication mode: Open ID Connect
Create Policy with access Rights
Edit your API to include your keycloak realm in the ‘Add issuers’ section. You then need to create a a client ID (user) on Keycloak and then point it to your policy which we created in step number 3.

Which it appears you have done based on the images you provided. The only other thing I can think of would be something to do with the keycloak set up.

Here’s a video that goes into a bit more detail on both the Tyk side as well as the Keycloak side:

One thing to note is that the Dashboard versioning is different at the time of the video versus now, however the process will still be the same *

Please let me know if this video helps with your question!

–
Valmir

Marcos-Oleiro · March 29, 2021, 11:59am

Didn’t helped 'cause i use this video to see the steps to do integration between keycloak and tyk gateway.

Marcos-Oleiro · March 29, 2021, 5:25pm

And my Keycloak its wokiing fine.

Valmir · March 29, 2021, 6:50pm

Hi @Marcos-Oleiro,

When do you get the error ‘Key not authorised’?

Does it show up in a routine, i.e after a certain timeframe or after a certain amount of calls? Or is it completely random?

Marcos-Oleiro · March 30, 2021, 2:25pm

I got this error when i try to use a token, always. I only got access when i create a key for policy.

Valmir · March 30, 2021, 8:47pm

Do you have the Gateway logs when this occurs?

It should have more information as to why we’re receiving the error. It’ll point us in the right direction whether JWT is valid or not.

Marcos-Oleiro · March 31, 2021, 4:18pm

I managed to make it work as expected, it must be some small detail that I ended up missing but when I configured again the procedure it worked. I didn’t find where to close the topic but it can be closed.

Valmir · March 31, 2021, 4:23pm

Hey @Marcos-Oleiro,

Im very happy to hear that! Thank you for letting me know. If you have any other questions in the future regarding Tyk please feel free to reach out at any time.

–
Valmir

Valmir · April 6, 2021, 2:31pm