Test the OIDC Secured API

Deploy your API as follows:

  1. In the OpenShift API Management admin portal, navigate to Product: RHOAM API OIDC→Integration→Configuration.
  2. Promote the API to the staging APIcast (Figure 41) and then to the production APIcast (Figure 42).
Promote the API to the staging APICast.
Figure 41: Promote the API to the staging APICast.

 

 

Promote the API to the production APICast.
Figure 42: Promote the API to the production APICast.

 

Now configure the API with the credentials it needs to connect to Red Hat’s SSO. Because the process is complicated, we’ll use the Postman API platform to provide a simple user interface to the process:

  1. Install Postman on your local workstation if you don’t have it installed yet. Navigate to https://www.postman.com/downloads/ and download the version matching your operating system. At the time of writing, the latest version is 9.21.3. Untar or unzip the downloaded archive, and add the Postman binary to your PATH. Verify that the installation was successful. The response of the which command should point to the Postman executable binary:
    $ which Postman
  2. Open the Postman application. If this is the first time you are using Postman, expect to be greeted with a sign-up page (Figure 43). Feel free to skip this stage and go directly to the application.
Open the Postman application.
Figure 43: Open the Postman application.

 

  1. You should see the landing page of the Postman application (Figure 44). Click Create a request.
Click “Create a request” from the Postman landing page
Figure 44: Click “Create a request” from the Postman landing page

 

  1. Enter the URL to the production APIcast of the RHOAM API OIDC application in the Enter request URL text box. The APIcast URL can be obtained from the Configuration page of the API in the 3scale API Management console. Add the /fruits path to the URL. The full URL should look something like:

https://rhoam-api-oidc-3scale-apicast-production.apps.rhoam-xx-yy.zz.p1.openshiftapps.com:443/fruits

  1. Click Send.
  2. Expect a 403 Forbidden return code, and a response of Authentication parameters missing (Figure 45).
A response of “Authentication parameters missing” results in a 403 Forbidden return code.
Figure 45: A response of “Authentication parameters missing” results in a 403 Forbidden return code.

 

  1. Configure Postman to obtain an access token from the SSO server:
    • Click the Authorization tab.
    • From the Type field, select OAuth 2.0.
    • A number of parameters must be entered into the Configure New Token dialog box (Figure 46) A description of the parameters follows the figure.
Many parameters are specified in the Configure New Token dialog box.
Figure 46: Many parameters are specified in the Configure New Token dialog box.

 

Fill out the following fields:

  • Token Name: RHOAM API Access Token.
  • Grant Type: Authorization Code.
  • Callback URL: https://www.getpostman.com/oauth2/callback (as specified in Part 6).
  • Auth URL: https://<RHSSO_HOSTNAME>/auth/realms/<SSO_REALM>/protocol/openid-connect/auth

After you fill in the values, which were discussed in Part 5, the resulting URL should look something like this: https://keycloak-redhat-rhoam-user-sso.apps.rhoam-xx-yy.zz.p1.openshiftapps.com/auth/realms/rhoam-demo/protocol/openid-connect/auth

After you fill in the values, the resulting URL should look something like this: https://keycloak-redhat-rhoam-user-sso.apps.rhoam-xx-yy.zz.p1.openshiftapps.com/auth/realms/rhoam-realm/protocol/openid-connect/token

  • Client ID: The client ID of the application you created for the API in Part 6 (Figure 47).

 An example client ID is Bf951ab8. You can obtain the client ID from the Red Hat SSO Realm→Clients→Client details page.

 

  • Client Secret: The value of client secret of the application you created for the API. You can obtain the secret from the Red Hat SSO Realm→Clients→Client details page.
Copy the client ID and client secret from the “Red Hat SSO Realm→Clients→Client details” page.
Figure 47: Copy the client ID and client secret from the “Red Hat SSO Realm→Clients→Client details” page.

 

  • Scope : openid.
  • Client Authentication : Send as Basic Auth header.

 

  1. Click Get New Access Token. A new dialog box appears that shows the login screen for your realm on the SSO server (Figure 48).
Logins go to your realm on the SSO server.
Figure 48: Logins go to your realm on the SSO server.

 

  1. Get your username from the Users section of Red Hat’s SSO screen (Figure 48)..
Refer to the users in the Users section of Red Hat’s SSO.
Figure 49: Refer to the users in the Users section of Red Hat’s SSO.

 

Enter the username and password you created in Part 3 of this learning resource (Figure 50).

Enter your user’s username and password.
Figure 50: Enter your user’s username and password.

 

  1. A new pop-up appears that shows that an access token was obtained from the SSO server (Figure 51).
A new access token was successfully obtained.
Figure 51: A new access token was successfully obtained.

 

  1. In the next screen that appears,click Use Token (Figure 52).
Click “Use token.”
Figure 52: Click “Use token.”

 

  1. Return to the request page and click Send. This time you should get a successful response (Figure 53).
A successful response with the new token includes JSON from the application.
Figure 53: A successful response with the new token includes JSON from the application.

 

Congratulations: you’ve secured your API on Red Hat OpenShift API Management with Red Hat’s single sign-on technology and OpenID Connect!