[keycloak-user] Gatekeeper container automatically adds /* uri resource?

bob sheknowdas bob.skd at googlemail.com
Wed Jul 17 02:08:40 EDT 2019 

Hi,

try using White-listed URL's

resources:
  - uri: /some_white_listed_url
    white-listed: true
  - uri: /*
    methods:
      - GET
    roles:
      - <CLIENT_APP_NAME>:<ROLE_NAME>
      - <CLIENT_APP_NAME>:<ROLE_NAME>

My Source:
https://github.com/jangaraj/keycloak-proxy/blob/master/README.md

Best
Bob

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
[mailto:keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>] On Behalf Of
Nick Powersia
Sent: Tuesday, July 16, 2019 7:55 PM
To: keycloak-user at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
Subject: [keycloak-user] Gatekeeper container automatically adds /*
uri resource?

> Hello,
>
> Below is a snip from my Gatekeeper configuration, related to resources.  I
> only have /protected/* listed as a uri resource but loading the index at /
> still initiates a login.  I see from the logs (see below) that both
> /protected/* and /* are being protected.  How do I make it so only
> /protected/* is a protected resource and the main /* of my site doesn't
> require authentication?
>
> I was able to HACK (see below) it so that /* was only authenticated for a
> single method (DELETE) by defining /* as a uri resource with just DELETE
> listed under methods: but I would rather have a solution that works for all
> methods.  Is anyone aware of a way to tell gatekeeper not to authenticate
> for /* and only do so for /protected/*?
>
> Thanks in advance! :)   - Nick
>
> SNIP from my gatekeeper configuration:
>
> resources:
> - uri: /protected/*
>
> LOGS showing both /protected:
>
> gatekeeper     | {"level":"info","ts":1563319972.1478412,"msg":"protecting
> resource","resource":"uri: /protected/*, methods:
> DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
> only"}
> gatekeeper     | {"level":"info","ts":1563319972.1482553,"msg":"protecting
> resource","resource":"uri: /*, methods:
> DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
> only"}
>
> My HACK config:
>
> resources:
> - uri: /protected/*
> - uri: /*
>  methods:
>   - DELETE

More information about the keycloak-user mailing list