wn/traefik-forward-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
107 Commits 2 Branches 18 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Wolfgang Hottgenroth 506fdc56ad
changes
2023-11-07 10:02:31 +01:00
cmd
documentation
2023-11-07 09:59:46 +01:00
examples
documentation
2023-11-07 09:59:46 +01:00
examples-thomseddon
documentation
2023-11-07 09:59:46 +01:00
images
documentation
2023-11-07 09:59:46 +01:00
internal
role added to configuration
2023-11-06 22:25:00 +01:00
test
Handle unknown ini options
2019-05-07 19:17:42 +01:00
.dockerignore
ignore ci script for docker
2023-11-07 09:10:16 +01:00
.gitlab-ci.yml
add ci script
2023-11-07 09:08:20 +01:00
Dockerfile
Update go1.12 -> go1.13 + update dependencies + mod tidy
2020-02-10 17:09:09 +00:00
go.mod
Update go1.12 -> go1.13 + update dependencies + mod tidy
2020-02-10 17:09:09 +00:00
go.sum
tidied up
2023-11-07 08:54:40 +01:00
LICENSE.md
changes
2023-11-07 10:02:31 +01:00
Makefile
Add logout endpoint (#107)
2020-06-03 14:00:47 +01:00
README.md
changes
2023-11-07 10:02:31 +01:00
README.thomseddon.md
add ci script
2023-11-07 09:08:20 +01:00

README.md

Traefik Forward Auth

Yet another minimal modification of a great minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer.

Why?

The original traefik-forward-auth provides the forwarding of authentication between an Identity Provider like keycloak and the ForwardAuth middleware of traefik.

The modification of this project is to add minimal authorization functionality. The traefik-forward-auth is configured with a REQUIRED_ROLE and access to the resource is only granted if the access token issued by the Identity Provider contains a claim with that particular role.

Configuration

... of traefik-forward-auth

In the examples directory the ymls to deploy a whoami service (at GitHub, at Docker Hub) and the related ymls to deploy and configure the traefik-forward-auth service. The only relevant modification to the original advanced separate pod example is the configuration parameter REQUIRED_ROLE.

... of the Identity Provider

Keycloak Client General Settings

Keycloak Client Access Settings

Keycloak Client Capability Settings

KeyCloak Client Roles

Keycloak Client Mapper

Copyright

2018 Thom Seddon 2023 Wolfgang Hottgenroth

License

MIT

MIT

Description
No description provided
Readme 503 KiB
Languages
Go 99%
Dockerfile 0.6%
Shell 0.3%
Makefile 0.1%