WildFly/EAP Production Guide
The easiest way to install just the API Gateway is to download and install the Apiman quickstart overlay ZIP and then remove the extraneous components.
Follow that up with some modification of the
apiman.properties configuration file, and you’ll be Gatewaying in no time!
Here are the steps you should take to install a standalone API Gateway:
Download and unpack WildFly
Unpack Apiman into WildFly
Remove unused Apiman deployments from standalone/deployments
Which Apiman deployments should you delete? These:
standalone/deployments/apiman-ds.xml standalone/deployments/apiman-es.war standalone/deployments/apiman.war standalone/deployments/apimanui.war
Disabling the Keycloak Server
Because you will be using an external/standalone Keycloak server, it is useful to disable the Keycloak components that are bundled with the Apiman quickstart overlay ZIP.
To do that, remove the following subsystem from the
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1"> <web-context>auth</web-context> </subsystem>
Configuring Keycloak Authentication for the Gateway API
The API Gateway has a REST based configuration API which the API Manager uses when publishing APIs to it. This API is protected by Keycloak authentication.
The configuration included in the Apiman quickstart overlay ZIP assumes that the Keycloak server is local, so you’ll need to modify the
standalone-apiman.xml file to point to the remote Keycloak instance.
Here is the relevant portion of the
standalone-apiman.xml file that you must change:
<realm name="apiman"> <realm-public-key>MIIB..snip..QAB</realm-public-key> <auth-server-url>https://keycloak-host.org:8443/auth</auth-server-url> <ssl-required>none</ssl-required> <enable-cors>false</enable-cors> <principal-attribute>preferred_username</principal-attribute> </realm>