Traefik authentication middleware

[lukasmrtvy]

First of all, thanks for the tutorial !

Did not You try to setup flow with Gatekeeper as Traefik`s authentication middleware ?

  Client +-----> Traefik +-----> Application
                  +    ^
                  |    |
                  |    |
                  v    +
                 Gatekeeper
                  +    ^
                  |    |
                  |    |
                  v    +
                 Keycloak

https://docs.traefik.io/configuration/entrypoints/#forward-authentication
v2 https://docs.traefik.io/v2.0/middlewares/forwardauth/

I am not sure, if Gatekeeper can work in this mode, cuz its a basically a reverse proxy. (--upstream-url should redirect in this case..)

Deprecated https://github.com/bitly/oauth2_proxy worked like that, after succesfully 200 from middleware, traefik served content from backend.

Traefik API in this mode can serve proper stats / metrics from backend (not from gatekeeper, which is only middleman here).

[ibuetler]

Thank you for sending this proposal. I was not aware of this feature! Really something I should look into.
If you have an update on this, I am keen to learn from you.
Cheers
Ivan

[lukasmrtvy]

Unfortunatelly I have no time right know, but its on my TODO list ...
P.S. Seems it can be possible with:
https://www.keycloak.org/docs/latest/securing_apps/index.html#forward-signing-proxy
louketo/louketo-proxy#478

[ibuetler]

Awesome. Thank you. Ivan