DEV Community

loading...

Keycloak v5 + Gatekeeper v5: Flowcharts - Easily Create and Restrict an Isolated (IODC) Client Service by Group-Role

karlredman profile image Karl N. Redman Originally published at github.com Updated on ・2 min read

This is another artifact from an upcoming series of articles that I'm writing for creating a home/laptop development laboratory ecosystem. I'm sharing these artifacts now because the series that I'm writing won't be released for at least a month (It's a huge undertaking -for me).

These flow charts demonstrate the simplest form (IMHO) of creating Keycloak client services behind an authentication/authorization proxy (Keycloak Gatekeeper). I imagine that if you are reading this article you are already frustrated with just creating a simple client in Keycloak and/or trying to figure out how to restrict authorization so that only specific users of a group are allowed to log in via Keycloak. Hopefully this is enough of a clue to help people until I am able to publish the article series as a whole.

Artifact Specifics:

Flowchart Caveates:

  • whoami: The example client service being created
  • auth_user: A User created to log in the whoami service
  • whoami_group: A User Group mapped to a client role for authorization by Keycloak Gatekeeper
  • https://whoami.example.com: The URL of our client service

Relevant Documentation References:

Flowchart-Legend.png

keycloak-create-client-proxy.png

keycloak-gatekeeper-group-auth.png

Discussion

pic
Editor guide
Collapse
patlachance profile image
patlachance

Hi, typo? IODC => OIDC?