[keycloak-user] Gatekeeper container automatically adds /* uri resource?
bob sheknowdas
bob.skd at googlemail.com
Wed Jul 17 02:08:40 EDT 2019
Hi,
try using White-listed URL's
resources:
- uri: /some_white_listed_url
white-listed: true
- uri: /*
methods:
- GET
roles:
- <CLIENT_APP_NAME>:<ROLE_NAME>
- <CLIENT_APP_NAME>:<ROLE_NAME>
My Source:
https://github.com/jangaraj/keycloak-proxy/blob/master/README.md
Best
Bob
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
[mailto:keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>] On Behalf Of
Nick Powersia
Sent: Tuesday, July 16, 2019 7:55 PM
To: keycloak-user at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
Subject: [keycloak-user] Gatekeeper container automatically adds /*
uri resource?
> Hello,
>
> Below is a snip from my Gatekeeper configuration, related to resources. I
> only have /protected/* listed as a uri resource but loading the index at /
> still initiates a login. I see from the logs (see below) that both
> /protected/* and /* are being protected. How do I make it so only
> /protected/* is a protected resource and the main /* of my site doesn't
> require authentication?
>
> I was able to HACK (see below) it so that /* was only authenticated for a
> single method (DELETE) by defining /* as a uri resource with just DELETE
> listed under methods: but I would rather have a solution that works for all
> methods. Is anyone aware of a way to tell gatekeeper not to authenticate
> for /* and only do so for /protected/*?
>
> Thanks in advance! :) - Nick
>
> SNIP from my gatekeeper configuration:
>
> resources:
> - uri: /protected/*
>
> LOGS showing both /protected:
>
> gatekeeper | {"level":"info","ts":1563319972.1478412,"msg":"protecting
> resource","resource":"uri: /protected/*, methods:
> DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
> only"}
> gatekeeper | {"level":"info","ts":1563319972.1482553,"msg":"protecting
> resource","resource":"uri: /*, methods:
> DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
> only"}
>
> My HACK config:
>
> resources:
> - uri: /protected/*
> - uri: /*
> methods:
> - DELETE
More information about the keycloak-user
mailing list