[keycloak-user] Keycloak Gatekeeper (forwarding proxy) does nothing

[bob sheknowdas]

Hi,


I have a docker-compose setup with service 1 (grafana) sending requests to
service 2 (prometheus). I've put a Keycloak Gatekeeper in front of service
2, asking for authentication. That works perfectly fine.

Now my idea was to also place a second Keycloak Gatekeeper in front of
service 1, injecting said authentication.

Unfortunately, that doesnt work. Observing my traffic via wireshark, it
seems my second Keycloak Gatekeeper is not even involved in any
communication.

My docker compose file for service 1 and the forwarding proxy looks roughly
like this:

  keycloak-forwarder:
      image: quay.io/keycloak/keycloak-gatekeeper
      command:
        - --enable-forwarding=true
        - --forwarding-username=<my_username>
        - --forwarding-password=<my_password>
        - --forwarding-domains=${BASE_DOMAIN}/grafana
        - --listen=:3001
        - --client-id=<my_keycloak_client_id>
        - --client-secret=<my_keycloak_client_secret>
        - --discovery-url=${DOMAIN_PROTOCOL}://${KEYCLOAK_DOMAIN}/auth/realms/<my_keycloak_realm>
      networks:
        - webgateway

  grafana:
      image: grafana/grafana
      networks:
        - webgateway
      labels:
        traefik.enable: true
        traefik.backend: grafana
        traefik.frontend.rule:
Host:${BASE_DOMAIN};PathPrefix:/grafana;PathPrefixStrip:/grafana
        traefik.port: 3000
        traefik.docker.network: webgateway

Do you have any idea how to fix this?

Best
Bob