[keycloak-user] Gatekeeper container automatically adds /* uri resource?

Nick Powers sshscp at gmail.com
Wed Jul 17 10:36:12 EDT 2019 

Bob,

Thanks for your quick response.  I tried the following but it still doesn't work

resources:
- uri: /protected/*
- uri: /*
  white-listed: true

Now I get the following error message:

[error] you've asked for a default denial but whitelisted everything

Apparently it doesn't like me marking /*  as white-listed.  I tried
reversing it and marking /protected/* as white-listed and that worked
but I am trying to do the reverse of that.  I want /* to not require
auth, so I can tell people about the site, etc, and provide a link to
the authenticated (login) area in /protected/*

Thanks - Nick

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
[mailto:keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>] On Behalf Of
Bob Sheknowdas

Sent: Wednesday, Jul 17, 2019 2:08 AM
To: keycloak-user at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
Subject: [keycloak-user] Gatekeeper container automatically adds /*
uri resource?

> Hi,
>
> try using White-listed URL's
>
> resources:
>   - uri: /some_white_listed_url
>     white-listed: true
>   - uri: /*
>     methods:
>       - GET
>     roles:
>       - <CLIENT_APP_NAME>:<ROLE_NAME>
>       - <CLIENT_APP_NAME>:<ROLE_NAME>
>
> My Source:
> https://github.com/jangaraj/keycloak-proxy/blob/master/README.md
>
> Best
> Bob

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
[mailto:keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>] On Behalf Of
Nick Powersia
Sent: Tuesday, July 16, 2019 7:55 PM
To: keycloak-user at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
Subject: [keycloak-user] Gatekeeper container automatically adds /*
uri resource?

>* Hello,
*>>* Below is a snip from my Gatekeeper configuration, related to resources.  I
*>* only have /protected/* listed as a uri resource but loading the index at /
*>* still initiates a login.  I see from the logs (see below) that both
*>* /protected/* and /* are being protected.  How do I make it so only
*>* /protected/* is a protected resource and the main /* of my site doesn't
*>* require authentication?
*>>* I was able to HACK (see below) it so that /* was only authenticated for a
*>* single method (DELETE) by defining /* as a uri resource with just DELETE
*>* listed under methods: but I would rather have a solution that works for all
*>* methods.  Is anyone aware of a way to tell gatekeeper not to authenticate
*>* for /* and only do so for /protected/*?
*>>* Thanks in advance! :)   - Nick
*>>* SNIP from my gatekeeper configuration:
*>>* resources:
*>* - uri: /protected/*
*>>* LOGS showing both /protected:
*>>* gatekeeper     | {"level":"info","ts":1563319972.1478412,"msg":"protecting
*>* resource","resource":"uri: /protected/*, methods:
*>* DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
*>* only"}
*>* gatekeeper     | {"level":"info","ts":1563319972.1482553,"msg":"protecting
*>* resource","resource":"uri: /*, methods:
*>* DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
*>* only"}
*>>* My HACK config:
*>>* resources:
*>* - uri: /protected/*
*>* - uri: /*
*>*  methods:
*>*   - DELETE*

More information about the keycloak-user mailing list