I was trying to integrate Tyk and Azure AD to secure my API and got this in Tyk Cloud. However, now I’m trying to do the same configuration I did there in Tyk Open-Source and I don’t know what’s missing. Here’s my Tyk Cloud configuration:
Created an API.
(images 1.png and 2.png)
Configurated the OpenId Connect (issuer, client id and policy) in authentication section.
(image 3.png)
Enabled CORS.
(image 4.png)
Created a policy for the created API.
(images 5.png and 6.png)
Defined the name and the key expiration time for the policy.
(image 7.png)
In Tyk Gateway (Open-Source), I cloned the Github project from GitHub - TykTechnologies/tyk-gateway-docker: Docker compose deployment to run Tyk OSS Gateway. I created a keyless API and everything worked fine. Then, I tried to configure the OpenID Connect, using the configurations below:
// tyk-gateway/apps/a888d8c162964271492fcfb90ce00766.json
(file api.json)
// tyk-gateway/policies/polices.json
(file policy.json)
I also added the policies to the volumes in the docker-compose.yml (I don’t know if it’s necessary) and deleted all the files I was not using, the tyk.conf is the tyk.standalone.conf from Github (everything still worked with the keyless API).
(image tyk-gateway.png)
What am I missing? I need to create a key? I would appreciate if someone could help me.
Did you delete the message with the token or was it not sent?
I did not. I think you private messaged me so only me can see it. Considering your cloud endpoint was visible, I wanted to prevent sharing sensitive information on a pubic forum.
I have copied the token and asked a colleague to spin up a test environment to test since I had some problems with my own environment. From the outcome it appears it works on 3.1.2 version.
I will fix my own environment and test, however I wanted to inquire what version of the gateway are you using locally?
I restarted the container and tested a new token and got another error when submitting the request: “Unauthorized key: no matching policy”. I saw the logs: “Trying to apply policy from different organization to key, skipping”. So I put “org_id”: “60f08cb4b4c0be0001a87762” in my policy inside tyk-gateway/policies/policies.json and everything worked.
I think you can close this topic, thanks for the help.