🎉Community Raffle - Win $25

An exclusive raffle opportunity for active members like you! Complete your profile, answer questions and get your first accepted badge to enter the raffle.
Join and Win

Can't get JWT Token

User: "cuongdnv"
cuongdnv
New Altair Community Member
Updated by Jocelyn
I am refering below document to get JWT Token . However when I call the API /api/rest/tokenservice it doesn't return the token but returns a web interface asking for login . How can I get JWT Token



Response of postman:

Find more posts tagged with

AI Studio
Sort by:
1 - 7 of 71
    User: "aschaferdiek"
    aschaferdiek
    New Altair Community Member
    Updated by aschaferdiek
    Hi. In order to query the internal tokenservice endpoint, you need a valid "session". In the native installation method, you can use basic auth as "session" as outlined in the documentation.
    curl -u user:pass "http://localhost:8080/api/rest/tokenservice"

    {
      "idToken": "the-valid-token",
      "expirationDate": "the-exp"
    }

    However, for this to work when you've deployed RapidMiner AI Hub with Keycloak (and docker), you need to 1. enable basic auth for Keycloak, 2. access the route by first having a valid "login session" (cookie name is RM_SERVER_JSESSIONID) or 3. use a valid Keycloak token.

    1. Enable basic auth in Keycloak
    # rm-server-homedir/configuration/keycloak/keycloak.json

    {
    ...
    "enable-basic-auth": true,
    ...
    }
    2. Valid cookie value
    Login via web interface, open the browser's developer tools and use the very same RM_SERVER_JSESSIONID cookie value inside the REST request issued to the /api/rest/tokenservice endpoint.

    3. Valid Keycloak token
    Retrieve a valid Keycloak access token (from Keycloak's token endpoint, e.g. via OpenID Connect) and query the /api/rest/tokenservice endpoint with Authorization: Bearer <Keycloak-Access-Token>.


    Not sure what you like to achieve, e.g. schedule a process via REST, I like to outline that you can easily add a process and trigger via Web Service. The triggered process could make use of the Admin Tools extension. You still need to enable Keycloak's basic auth though if you like to trigger it from "outside".






    User: "David_A"
    David_A
    New Altair Community Member
    A guide how to use the extension can be found here:

    User: "cuongdnv"
    cuongdnv
    New Altair Community Member
    OP
    How can i [1. Enable basic auth in Keycloak]
    I get all container , and i guess that , rapidminer/rapidminer-server:9.10.4-gen2 with CONTAINER ID [07a1e28603f6] is rm-server-homedir


    So i access to this container and edit keycloak.json in path [/rapidminer/home/configuration] 



    I changed "enable-basic-auth": true

    and then i get     RM_SERVER_JSESSIONID by  [Login via web interface, open the browser's developer tools and use the very same RM_SERVER_JSESSIONID]


    i got     RM_SERVER_JSESSIONID (b4uTa9Wc23gkbvZmS2akuPah) and go to post man and set Bearer Token to [Keycloak-b4uTa9Wc23gkbvZmS2akuPah] and send request to /api/rest/tokenservice . But i got response [Access denied]


    User: "aschaferdiek"
    aschaferdiek
    New Altair Community Member
    Updated by aschaferdiek
    Hi. Sorry if my list was confusing, but all 3 are different approaches to solve your problem.

    For basic auth 1. you then need to enable it for Keycloak as you did, then use your Keycloak credentials as Authorization
    type in Postman.

    For cookie value 2. you need to login and provide the value of the cookie inside the Postman header, but not as Bearer Token content.

    For Keycloak token 3. approach, you need to get a valid access token from the Keycloak token endpoint or look into what @David_A posted and use this as Bearer Token value.

    We usually recommend approach 3, although I liked to list all of them for the sake of completeness.
    User: "cuongdnv"
    cuongdnv
    New Altair Community Member
    OP
    Updated by cuongdnv
    Thank you for your reply. I have some points to confirm as follows:

    1. For basic auth 1 , Where can I get Keycloak credentials? Please provide detailed instructions

    2.     I got the RM_SERVER_JSESSIONID from the cookie then put it in the RM_SERVER_JSESSIONID field of the header in the request /api/rest/tokenservice but still can't get the token and return "Access denied"



    3.     I get the token through the api /auth/realms/master/protocol/openid-connect/token  . However, when calling the API /executions/jobs using the token obtained first step, the result returns an Unauthorized error.



    Thanks you.
    User: "aschaferdiek"
    aschaferdiek
    New Altair Community Member
    You need to use the access-token of Keycloak to call the /api/rest/tokenservice and use the returned token for any further requests
    User: "cuongdnv"
    cuongdnv
    New Altair Community Member
    OP
    Accepted Answer
    @aschaferdiek
    very simple i modified config in .env file and got token via API api/rest/tokenservice with id and password as described in tokenservice document.
    Which is completely unlike the way you are instructing .






Quick Links