[keycloak-user] keycloak-gatekeeper bearer-only

Bruno Oliveira bruno at abstractj.org
Fri Nov 2 11:05:34 EDT 2018


Hi Eric, we're still polishing the docs and fixing some high priority
issues. The README files and the docs will change in the next release.
Few answers inline.

On Wed, Oct 31, 2018 at 6:57 PM Eric Boyd Ramirez
<eric.ramirez.sv at gmail.com> wrote:
>
> Dear All,
> I am trying to test Keycloak-gatekeeper, have read the docs I could find (keaycloak-proxy as well) but I still have a few questions:
>
> 1- I am trying to secure a number of REST APIs, configured behind bearer-only clients. I think I need to first get a access token trough a confidential client using a 'grant-type=password' request and then do a second request to the REST client resource. Is this the right approach, how would I implement this using Keycloak-Gatekeeper?.

I believe Geoffrey answered already. But I hope to include your
scenario to the quickstarts too.

>
> 2- Keycloak-Gatekeeper uses uri->methods->roles to manage resource access. Is there a way to use Keycloak's authorization settings to manage access to a client's resource  (i.e. policies, permissions, uma-ticket, etc.)?

Not at the moment, as far as I can tell. But I would appreciate if you
file a feature request. In this way we don't miss this.

>
> 3- How do I set up multiple clients, do I have to run and configure separate instances of Keycloak-Gatekeeper?

Yes, you have to configure and run multiple instances. Gatekeeper is
more like a sidecar, instead of a proxy.

>
> Thanks in advance for your time and help.
>
> Regards,
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 
- abstractj



More information about the keycloak-user mailing list