Test the OIDC Secured API
Deploy your API as follows:
- In the OpenShift API Management admin portal, navigate to Product: RHOAM API OIDC→Integration→Configuration.
- Promote the API to the staging APIcast (Figure 41) and then to the production APIcast (Figure 42).
Now configure the API with the credentials it needs to connect to Red Hat’s SSO. Because the process is complicated, we’ll use the Postman API platform to provide a simple user interface to the process:
- Install Postman on your local workstation if you don’t have it installed yet. Navigate to https://www.postman.com/downloads/ and download the version matching your operating system. At the time of writing, the latest version is 9.21.3. Untar or unzip the downloaded archive, and add the Postman binary to your PATH. Verify that the installation was successful. The response of the which command should point to the Postman executable binary:
$ which Postman
- Open the Postman application. If this is the first time you are using Postman, expect to be greeted with a sign-up page (Figure 43). Feel free to skip this stage and go directly to the application.
- You should see the landing page of the Postman application (Figure 44). Click Create a request.
- Enter the URL to the production APIcast of the RHOAM API OIDC application in the Enter request URL text box. The APIcast URL can be obtained from the Configuration page of the API in the 3scale API Management console. Add the /fruits path to the URL. The full URL should look something like:
- Click Send.
- Expect a 403 Forbidden return code, and a response of Authentication parameters missing (Figure 45).
- Configure Postman to obtain an access token from the SSO server:
- Click the Authorization tab.
- From the Type field, select OAuth 2.0.
- A number of parameters must be entered into the Configure New Token dialog box (Figure 46) A description of the parameters follows the figure.
Fill out the following fields:
- Token Name: RHOAM API Access Token.
- Grant Type: Authorization Code.
- Callback URL: https://www.getpostman.com/oauth2/callback (as specified in Part 6).
- Auth URL: https://<RHSSO_HOSTNAME>/auth/realms/<SSO_REALM>/protocol/openid-connect/auth
After you fill in the values, which were discussed in Part 5, the resulting URL should look something like this: https://keycloak-redhat-rhoam-user-sso.apps.rhoam-xx-yy.zz.p1.openshiftapps.com/auth/realms/rhoam-demo/protocol/openid-connect/auth
After you fill in the values, the resulting URL should look something like this: https://keycloak-redhat-rhoam-user-sso.apps.rhoam-xx-yy.zz.p1.openshiftapps.com/auth/realms/rhoam-realm/protocol/openid-connect/token
- Client ID: The client ID of the application you created for the API in Part 6 (Figure 47).
An example client ID is Bf951ab8. You can obtain the client ID from the Red Hat SSO Realm→Clients→Client details page.
- Client Secret: The value of client secret of the application you created for the API. You can obtain the secret from the Red Hat SSO Realm→Clients→Client details page.
- Scope : openid.
- Client Authentication : Send as Basic Auth header.
- Click Get New Access Token. A new dialog box appears that shows the login screen for your realm on the SSO server (Figure 48).
- Get your username from the Users section of Red Hat’s SSO screen (Figure 48)..
Enter the username and password you created in Part 3 of this learning resource (Figure 50).
- A new pop-up appears that shows that an access token was obtained from the SSO server (Figure 51).
- In the next screen that appears,click Use Token (Figure 52).
- Return to the request page and click Send. This time you should get a successful response (Figure 53).
Congratulations: you’ve secured your API on Red Hat OpenShift API Management with Red Hat’s single sign-on technology and OpenID Connect!