[keycloak-user] keycloak-gatekeeper + fine-grained authorization
Tyler Johnson
tsjnsn at gmail.com
Tue May 21 10:08:50 EDT 2019
Yeah, that's exactly what I was trying to do.
My goal is to stand up something that sits in front of services and
enforces the authorization I defined in Keycloak so I don't have to include
any authorization logic or use any keycloak adapters in the services
themselves. It sounds like gatekeeper doesn't have that functionality
though. Are there any other options around that?
On Tue, May 21, 2019 at 8:15 AM Bruno Oliveira <bruno at abstractj.org> wrote:
> It seems to me that you're trying to use authorization services with
> Gatekeeper (I can be wrong). If that's the case, unfortunatelly that's
> not supported yet. But certainly something that we might consider in the
> future.
>
> If I guessed it all wrong, please share how you're configuring
> Gatekeeper.
>
> On 2019-05-21, Tyler Johnson wrote:
> > I'm trying to figure out how to use keycloak-gatekeeper with the
> > fine-grained authorization option in Keycloak.
> >
> > I set up the authorization and ran an evaluation within the Keycloak UI
> > that correctly gave DENY for user 'test', but when I use that same user
> to
> > log in through gatekeeper, it says it's permitted and directs me to
> > upstream.
> >
> > Is there anything I need to enable on gatekeeper side to have it enforce,
> > or any pointers here?
> >
> > Thanks,
> > Tyler
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
>
> abstractj
>
More information about the keycloak-user
mailing list