Altair RISE
A program to recognize and reward our most engaged community members
Nominate Yourself Now!
Home
Discussions
Community Q&A
Can't get JWT Token
cuongdnv
I am refering below document to get JWT Token . However when I call the API /api/rest/tokenservice it doesn't return the token but returns a web interface asking for login . How can I get JWT Token
Response of postman:
Find more posts tagged with
AI Studio
Accepted answers
cuongdnv
@aschaferdiek
very simple i modified config in .env file and got token via API api/rest/tokenservice with id and password as described in tokenservice document.
Which is completely unlike the way you are instructing .
All comments
aschaferdiek
Hi. In order to query the internal tokenservice endpoint, you need a valid "session". In the native installation method, you can use basic auth as "session" as outlined in the documentation.
curl -u user:pass "
http://localhost:8080/api/rest/tokenservice
"
{
"idToken": "the-valid-token",
"expirationDate": "the-exp"
}
However, for this to work when you've deployed RapidMiner AI Hub with Keycloak (and docker), you need to 1. enable basic auth for Keycloak, 2. access the route by first having a valid "login session" (cookie name is
RM_SERVER_JSESSIONID
) or 3. use a valid Keycloak token.
1. Enable basic auth in Keycloak
# rm-server-homedir/configuration/keycloak/keycloak.json
{
...
"enable-basic-auth": true,
...
}
2. Valid cookie value
Login via web interface, open the browser's developer tools and use the very same
RM_SERVER_JSESSIONID
cookie value inside the REST request issued to the
/api/rest/tokenservice
endpoint.
3. Valid Keycloak token
Retrieve a valid Keycloak access token (from Keycloak's token endpoint, e.g. via OpenID Connect) and query the
/api/rest/tokenservice
endpoint with Authorization: Bearer <Keycloak-
Access-Token
>.
I guess this also relates to
https://stackoverflow.com/questions/71936829/rapidminer-cant-get-jwt-token
Not sure what you like to achieve, e.g. schedule a process via REST, I like to outline that you can easily add a process and trigger via Web Service. The triggered process could make use of the
Admin Tools
extension. You still need to enable Keycloak's basic auth though if you like to trigger it from "outside".
David_A
A guide how to use the extension can be found here:
https://docs.rapidminer.com/latest/studio/connect/aihub/
cuongdnv
How can i [1. Enable basic auth in Keycloak]
I get all container , and i guess that , rapidminer/rapidminer-server:9.10.4-gen2 with CONTAINER ID [07a1e28603f6] is
rm-server-homedir
So i access to this container and edit keycloak.json in path [/rapidminer/home/configuration]
I changed
"enable-basic-auth": true
and then i get
RM_SERVER_JSESSIONID by [Login via web interface, open the browser's developer tools and use the very same
RM_SERVER_JSESSIONID]
i got
RM_SERVER_JSESSIONID (b4uTa9Wc23gkbvZmS2akuPah) and go to post man and set Bearer Token to [Keycloak-b4uTa9Wc23gkbvZmS2akuPah] and send request to /api/rest/tokenservice . But i got response [
Access denied]
aschaferdiek
Hi. Sorry if my list was confusing, but all 3 are different approaches to solve your problem.
For basic auth 1. you then need to enable it for Keycloak as you did, then use your Keycloak credentials as Authorization
type in Postman.
For cookie value 2. you need to login and provide the value of the cookie inside the Postman header, but not as Bearer Token content.
For Keycloak token 3. approach, you need to get a valid access token from the Keycloak token endpoint or look into what
@David_A
posted and use this as Bearer Token value.
We usually recommend approach 3, although I liked to list all of them for the sake of completeness.
cuongdnv
Thank you for your reply. I have some points to confirm as follows:
1. For basic auth 1 ,
Where can I get Keycloak credentials? Please provide detailed instructions
2.
I got the RM_SERVER_JSESSIONID from the cookie then put it in the RM_SERVER_JSESSIONID field of the header in the request /api/rest/tokenservice but still can't get the token and return "Access denied"
3.
I get the token through the api /auth/realms/master/protocol/openid-connect/token . However, when calling the API /executions/jobs using the token obtained first step, the result returns an Unauthorized error.
Thanks you.
aschaferdiek
You need to use the access-token of Keycloak to call the /api/rest/tokenservice and use the returned token for any further requests
cuongdnv
@aschaferdiek
very simple i modified config in .env file and got token via API api/rest/tokenservice with id and password as described in tokenservice document.
Which is completely unlike the way you are instructing .
Quick Links
All Categories
Recent Discussions
Activity
Unanswered
日本語 (Japanese)
한국어(Korean)
Groups