Hi,
I am maintaining a legacy application where i can not install keycloak
adapter. This is secured behind the keycloak proxy.
Keycloak proxy inject some identity headers by default keycloak_subject,
name, username, email and access token.
My requirement is such that that i need role and group should also be going
as part of injected headers. I know for the fact that this information
exists in the access token itself but then i need to add a depency/plugin
on application side to parse the token info and get the roles/groups.
Is there a way on the proxy side, i can add these two headers which can
also be sent along with the identity headers. Secondly, is it a good
approach or breaking the secured design patter.
*- Best Regards*
Abhishek Raghav