[keycloak-user] keycloak-gatekeeper + fine-grained authorization
Bruno Oliveira
bruno at abstractj.org
Thu May 23 09:11:17 EDT 2019
I created the following Jira
https://issues.jboss.org/browse/KEYCLOAK-10367, so we don't miss it.
Authorization services is something that we would like to include in
Gatekeeper.
Regards if there are any other options. Being very honest, I don't know.
On 2019-05-21, Tyler Johnson wrote:
> Yeah, that's exactly what I was trying to do.
>
> My goal is to stand up something that sits in front of services and
> enforces the authorization I defined in Keycloak so I don't have to include
> any authorization logic or use any keycloak adapters in the services
> themselves. It sounds like gatekeeper doesn't have that functionality
> though. Are there any other options around that?
>
> On Tue, May 21, 2019 at 8:15 AM Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > It seems to me that you're trying to use authorization services with
> > Gatekeeper (I can be wrong). If that's the case, unfortunatelly that's
> > not supported yet. But certainly something that we might consider in the
> > future.
> >
> > If I guessed it all wrong, please share how you're configuring
> > Gatekeeper.
> >
> > On 2019-05-21, Tyler Johnson wrote:
> > > I'm trying to figure out how to use keycloak-gatekeeper with the
> > > fine-grained authorization option in Keycloak.
> > >
> > > I set up the authorization and ran an evaluation within the Keycloak UI
> > > that correctly gave DENY for user 'test', but when I use that same user
> > to
> > > log in through gatekeeper, it says it's permitted and directs me to
> > > upstream.
> > >
> > > Is there anything I need to enable on gatekeeper side to have it enforce,
> > > or any pointers here?
> > >
> > > Thanks,
> > > Tyler
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > --
> >
> > abstractj
> >
--
abstractj
More information about the keycloak-user
mailing list