This is another artifact from an upcoming series of articles that I'm writing for creating a home/laptop development laboratory ecosystem. I'm sharing these artifacts now because the series that I'm writing won't be released for at least a month (It's a huge undertaking -for me).
These flow charts demonstrate the simplest form (IMHO) of creating Keycloak client services behind an authentication/authorization proxy (Keycloak Gatekeeper). I imagine that if you are reading this article you are already frustrated with just creating a simple client in Keycloak and/or trying to figure out how to restrict authorization so that only specific users of a group are allowed to log in via Keycloak. Hopefully this is enough of a clue to help people until I am able to publish the article series as a whole.
Artifact Specifics:
- Keycloak v5
- Keycloak Gatekeeper v5
- Original PlantUML source + Image Files: here
- Original source edited with:
-
NOTE: While current (v6.0.0) Keycloak documentation specifies that groups can be used directly in
Keycloak Gatekeeperonly role based authorization is available in V5.0.0.
Flowchart Caveates:
- whoami: The example client service being created
- auth_user: A User created to log in the whoami service
- whoami_group: A User Group mapped to a client role for authorization by Keycloak Gatekeeper
- https://whoami.example.com: The URL of our client service
Relevant Documentation References:
Top comments (1)
Hi, typo? IODC => OIDC?