[keycloak-user] Gatekeeper container automatically adds /* uri resource?
Nick Powers
sshscp at gmail.com
Wed Jul 17 10:36:12 EDT 2019
Bob,
Thanks for your quick response. I tried the following but it still doesn't work
resources:
- uri: /protected/*
- uri: /*
white-listed: true
Now I get the following error message:
[error] you've asked for a default denial but whitelisted everything
Apparently it doesn't like me marking /* as white-listed. I tried
reversing it and marking /protected/* as white-listed and that worked
but I am trying to do the reverse of that. I want /* to not require
auth, so I can tell people about the site, etc, and provide a link to
the authenticated (login) area in /protected/*
Thanks - Nick
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
[mailto:keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>] On Behalf Of
Bob Sheknowdas
Sent: Wednesday, Jul 17, 2019 2:08 AM
To: keycloak-user at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
Subject: [keycloak-user] Gatekeeper container automatically adds /*
uri resource?
> Hi,
>
> try using White-listed URL's
>
> resources:
> - uri: /some_white_listed_url
> white-listed: true
> - uri: /*
> methods:
> - GET
> roles:
> - <CLIENT_APP_NAME>:<ROLE_NAME>
> - <CLIENT_APP_NAME>:<ROLE_NAME>
>
> My Source:
> https://github.com/jangaraj/keycloak-proxy/blob/master/README.md
>
> Best
> Bob
-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
[mailto:keycloak-user-bounces at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>] On Behalf Of
Nick Powersia
Sent: Tuesday, July 16, 2019 7:55 PM
To: keycloak-user at lists.jboss.org
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
Subject: [keycloak-user] Gatekeeper container automatically adds /*
uri resource?
>* Hello,
*>>* Below is a snip from my Gatekeeper configuration, related to resources. I
*>* only have /protected/* listed as a uri resource but loading the index at /
*>* still initiates a login. I see from the logs (see below) that both
*>* /protected/* and /* are being protected. How do I make it so only
*>* /protected/* is a protected resource and the main /* of my site doesn't
*>* require authentication?
*>>* I was able to HACK (see below) it so that /* was only authenticated for a
*>* single method (DELETE) by defining /* as a uri resource with just DELETE
*>* listed under methods: but I would rather have a solution that works for all
*>* methods. Is anyone aware of a way to tell gatekeeper not to authenticate
*>* for /* and only do so for /protected/*?
*>>* Thanks in advance! :) - Nick
*>>* SNIP from my gatekeeper configuration:
*>>* resources:
*>* - uri: /protected/*
*>>* LOGS showing both /protected:
*>>* gatekeeper | {"level":"info","ts":1563319972.1478412,"msg":"protecting
*>* resource","resource":"uri: /protected/*, methods:
*>* DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
*>* only"}
*>* gatekeeper | {"level":"info","ts":1563319972.1482553,"msg":"protecting
*>* resource","resource":"uri: /*, methods:
*>* DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT,TRACE, required: authentication
*>* only"}
*>>* My HACK config:
*>>* resources:
*>* - uri: /protected/*
*>* - uri: /*
*>* methods:
*>* - DELETE*
More information about the keycloak-user
mailing list