Hi Angela, 1.`Tried to verify the service and route by running this command on GG server directly "curl -k -X GET https://localhost -H 'Host: gluugateway'" and got "cannot resolve host: gluugateway"` --> it seems like your GG is not reachable to your machine where you run this command. Also you are hitting proxy endpoint so it will be good to hit with domain name not with `localhost`. Please check again your host file where you hit this culr request and make sure it is reachable. You service and route config looks good to me. 2.`Was able to logged in to the Angular frontend. Click on the protected URL (ex: /api/Airlines) then got Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://gluugateway:44334/api/Airlines/. (Reason: CORS request did not succeed)."` --> that means you are able to hit the kong proxy endpoint, right? what is your angular app URL. if it is `http://localhost:4200` then you need to register same in cors plugin. Please share cors plugin configuration. To copy config, navigate to `Login into UI > PLUGINS > click on eye icon`. copy and past here the json. Same as you can see eye icon in every grid so please share service, route and plugin config. it will help me to understand you configuration. In demo tutorial, I am using this script https://raw.githubusercontent.com/GluuFederation/gluu-gateway-setup/version_4.1/gg-demo/introspection_script.py the link is also available in tutorial. As per demo description, it is checking `admin` role and mike's script has `manager` role check so please take script and made change as per your requirement. I think follow only tutorial first then try other things. Thanks, Meghna Joshi

I'm running Angular with http://localhost:4200 on my local machine and GG is installed on a remote server (gluugateway) with OXD Host set to "https://gluugateway:8443". So in order to verify the service and route: 1. On the GG server, I do have gluugateway in hosts file mapping to both 127.0.0.1 and the IP. Why the CURL command cannot resolve host "gluugateway"? And should I still use "localhost"? 2. On my local machine, I tried to do "curl -k -X GET https://gluugateway:8443 -H 'Host: gluugateway'" but got "https://gluugateway:8443" For CORS plugin, I follwed https://github.com/GluuFederation/docs-gg-prod/blob/4.1/docs/source/tutorials/angular-oauth-role-security.md to have http://localhost:4200 as origins and methods like GET, POST, PUT, DELETE and set credentials to YES. In the introspection script, I do see Mike used "manager". I have change the user's role/user permission to it accordingly. **** In the browser's authorization request I do see: **scope: "openid email profile user-permission"**

Sorry, hit the wrong button. Should not close it. Could you please reopen it? Thanks!

Hi Angela, Is you local machine host file update with this Hosts and IPs? If no, please update it. it seems like your machine is not able to hit your VMs. Your host file should have the config like below ``` <ip-of-gluugateway> gluugateway ``` then try curl `curl -k -X GET https://gluugateway` and `curl -k -X GET https://gluugateway -H 'Host: gluugateway'` If you still face any problem. Please send me output of both command. Best Regards, Meghna Joshi

I do have the entry in hosts file. I can ping it but not able to do CURL: PS C:\Users\ayuan> curl.exe -k -X GET https://gluugateway {"message":"Failed to get bearer token from Authorization header"} PS C:\Users\ayuan> ping gluugateway Pinging gluugateway [10.22.12.50] with 32 bytes of data: Reply from 10.22.12.50: bytes=32 time=17ms TTL=58 Reply from 10.22.12.50: bytes=32 time=33ms TTL=58 Reply from 10.22.12.50: bytes=32 time=26ms TTL=58 Ping statistics for 10.22.12.50: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 17ms, Maximum = 33ms, Average = 25ms PS C:\Users\ayuan> curl.exe -k -X GET https://gluugateway -H 'Host: gluugateway' {"message":"Failed to get bearer token from Authorization header"}

Hi Angela, ``` curl.exe -k -X GET https://gluugateway {"message":"Failed to get bearer token from Authorization header"} curl.exe -k -X GET https://gluugateway -H 'Host: gluugateway' {"message":"Failed to get bearer token from Authorization header"} ``` This means you are able to hit proxy endpoint and it is working and your resources are protected by GG plugins so that it is giving you token error. You can request this endpoint now in angular app or wherever you want, you just need to pass the access token. you can see the flow in angular app. let me know if you are facing any issue. Thanks, Meg

Tried on my machine directly and got: PS C:\Users\ayuan> curl.exe -k -X GET https://localhost:5001/api/Airlines -H 'Host: galuugateway' [{"airlineID":9,"name":"DAL"},{"airlineID":8,"name":"TDY"}] PS C:\Users\ayuan> curl.exe -k -X GET https://gluugateway:8443/api/Airlines -H 'Host: galuugateway' {"code":404,"message":"HTTP 404 Not Found"} However, tried from Angular still got CORS error: Access to XMLHttpRequest at 'https://gluugateway:8443/api/Airlines/' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Hit the URL directly https://gluugateway:8443/api/Airlines and got: { "code": 404, "message": "HTTP 404 Not Found" } environment.ts: export const environment = { production: false, client_id: '6ab094c7-ec96-42e0-b789-7beffdc791e4', redirect_uri: 'http://localhost:4200/login', logout_redirect_uri: 'http://localhost:4200', openid_connect_url: 'https://gluusrv', end_session_endpoint: '/oxauth/restv1/end_session', // you gluu server end_session_endpoint scope: 'openid email profile', extra: {prompt: 'consent', access_type: 'offline'}, ggURL: 'https://gluugateway:8443', airlinesEndpoint: '/api/Airlines/' }; In API server I use GG, is that correct? services.AddCors(options => { options.AddPolicy("_myAllowSpecificOrigins", builder => { builder.WithOrigins("https://gluugateway:8443") .AllowAnyHeader() .AllowAnyMethod(); }); }); On GG, should I use "localhost" or IP to set the origin in CORS plug in and in the service?

Hi Angela, ``` PS C:\Users\ayuan> curl.exe -k -X GET https://gluugateway:8443/api/Airlines -H 'Host: galuugateway' {"code":404,"message":"HTTP 404 Not Found"} ``` Why are you hiiting 8443 it is oxd endpoint. you don't need to request to oxd endpoint. you should request to kong proxy endpoint which is 443, like you did in above comments. your request should be ``` curl.exe -k -X GET https://gluugateway/api/Airlines -H 'Host: galuugateway' ``` For cors, please check docs, 1. https://gluu.org/docs/gg/4.1/tutorials/angular-oauth-role-security/#cors-settings 2. https://gluu.org/docs/gg/4.1/tutorials/angular-oauth-role-security/#cors-plugin

I did follow the above two set up for CORS. Remove port and got: PS C:\Users\ayuan> curl.exe -k -X GET https://gluugateway/api/Airlines -H 'Host: galuugateway' {"message":"no Route matched with those values"} Hit URL directly in browser seems making progress: { "message": "Failed to get bearer token from Authorization header" } The API server is running on https://localhost:5001" on my machine. Just to be sure: 1. In service, I have host as "localhost" 2. In Route, I have host set as "gluugateway" 3. In CORS plugin, I have origin as "http://localhost:4200" Did I miss anything here? Login in Angular and clicked on the protected link got 401 error even though the user's role is "TDYAdmin" and I have "TDYAdmin" in the introspection script. Remove user's role completely but still got 401 error.

Hello Angela, ``` 1. PS C:\Users\ayuan> curl.exe -k -X GET https://gluugateway/api/Airlines -H 'Host: galuugateway' {"message":"no Route matched with those values"} ``` Your host spelling is wrong `galuugateway`. it should be `gluugateway`. I think this is the reason its fail to get route. ```` 2. Login in Angular and clicked on the protected link got 401 error even though the user's role is "TDYAdmin" and I have "TDYAdmin" in the introspection script. Remove user's role completely but still got 401 error. ```` Have you updated the plugin config as well with this role `TDYAdmin`? Please check. If you already updated then please send us whole log file `/usr/local/kong/logs/error.log` and your plugin configuration screenshot. Tip: You can use filezilla to connect and download **error.log** file from gluugateway server, upload it on your sharing system and share link with us. Best Regards, Meg

Hi Angela, is it working now? Please let us know if you face any problem. Thanks, Meg

Hi Meg, The project leads have chosen another solution so I was pulled away from this right away. I'm very appreciated for the support you've provided. WIth you expertise that really easy the learning curve on my end. I hope we will get the chance to work with you and your team down the road for other projects. Regards, Angela