Skip to content

Commit

Permalink
Update Keycloak examples (#311)
Browse files Browse the repository at this point in the history
  • Loading branch information
guicassolato authored Nov 17, 2023
1 parent d6e0604 commit 2149a91
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
8 changes: 4 additions & 4 deletions doc/user-guides/authenticated-rl-with-jwt-and-k8s-authnz.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ spec:
authentication:
"keycloak-users":
jwt:
issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/auth/realms/kuadrant
issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant
"k8s-service-accounts":
kubernetesTokenReview:
audiences:
Expand Down Expand Up @@ -170,7 +170,7 @@ curl -H 'Host: api.toystore.com' http://localhost:9080/toy -i
Obtain an access token with the Keycloak server:

```sh
ACCESS_TOKEN=$(kubectl run token --attach --rm --restart=Never -q --image=curlimages/curl -- http://keycloak.keycloak.svc.cluster.local:8080/auth/realms/kuadrant/protocol/openid-connect/token -s -d 'grant_type=password' -d 'client_id=demo' -d 'username=john' -d 'password=p' | jq -r .access_token)
ACCESS_TOKEN=$(kubectl run token --attach --rm --restart=Never -q --image=curlimages/curl -- http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant/protocol/openid-connect/token -s -d 'grant_type=password' -d 'client_id=demo' -d 'username=john' -d 'password=p' -d 'scope=openid' | jq -r .access_token)
```

Send a request to the API as the Keycloak-authenticated user while still missing permissions:
Expand Down Expand Up @@ -340,13 +340,13 @@ Each user should be entitled to a maximum of 5 requests every 10 seconds.
Send requests as the Keycloak-authenticated user:

```sh
while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $ACCESS_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
```

Send requests as the Kubernetes service account:

```sh
while :; do curl --write-out '%{http_code}' --silent --output /dev/null -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
while :; do curl --write-out '%{http_code}\n' --silent --output /dev/null -H "Authorization: Bearer $SA_TOKEN" -H 'Host: api.toystore.com' http://localhost:9080/toy | egrep --color "\b(429)\b|$"; sleep 1; done
```

## Cleanup
Expand Down
2 changes: 1 addition & 1 deletion examples/toystore/authpolicy_jwt-k8s-authnz.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ spec:
# Read more about this feature at https://github.com/Kuadrant/authorino/blob/v0.11.0/docs/user-guides/oidc-jwt-authentication.md.
"keycloak-users":
jwt:
issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/auth/realms/kuadrant
issuerUrl: http://keycloak.keycloak.svc.cluster.local:8080/realms/kuadrant

# Authorino will verify Kubernetes Service Account tokens, using Kubernetes TokenReview API,
# as valid authentication tokens to consume the protected API.
Expand Down

0 comments on commit 2149a91

Please sign in to comment.