[keycloak-dev] User Group in the response header by proxy

abhishek raghav abhi.raghav007 at gmail.com
Thu Jan 19 00:56:30 EST 2017


I am maintaining a legacy application where i can not install keycloak
adapter. This is secured behind the keycloak proxy.

Keycloak proxy inject some identity headers by default keycloak_subject,
name, username, email and access token.
My requirement is such that that i need role and group should also be going
as part of injected headers. I know for the fact that this information
exists in the access token itself but then i need to add a depency/plugin
on application side to parse the token info and get the roles/groups.

Is there a way on the proxy side, i can add these two headers which can
also be sent along with the identity headers. Secondly, is it a good
approach or breaking the secured design patter.

*- Best Regards*
   Abhishek Raghav

More information about the keycloak-dev mailing list