Re: [keycloak-dev] combine proxy and keycloak server
One of the main reasons for this whole email thread was to provide a way
to reduce the number of moving parts that need to be installed and
configured. And reduce the number of steps it takes to secure an
application. Integration with other things is interesting, but not the
goal of what I'm proposing.
On 8/16/16 4:53 PM, Marc Boorshtein wrote:
> There's also plenty of options around proxies (Apache, nginx,
APIMan,
> 3scale, etc.). I'm not convinced we should even have our own. Sounds like
> APIMan might actually survive and end up being supported in some form, so
> that may still be a better option to us rolling our own proxy/gateway.
>
For what its worth, OpenUnison could play this role with KC where
OpenUnison does the integration with with applications and KC via OIDC
or SAML2 (I'm working on a POC right now using KC for authentication,
MyVirtualDirectory for multi directory access and OpenUnison/ScaleJS
for provisioning/Reverse Proxy) with Kubernetes and its working great.
We already have a powerful LastMile system for application integration
that lets us integrate with J2EE, LAMP and .NET applications. The
integration between OpenUnison and KC took me about 5 minutes. We
have source2image that makes the deployment even easier.
-
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
Twitter - @mlbiam / @tremolosecurity