[PLUGIN] goAuthentik proxy authentication
dmigis opened this issue · 4 comments
Plugin
goAuthentik is Keycloak alternative with Proxy authentication and other features out of the box. Adding support of it to bunkerweb will simplify configuration of secure authentication in bunkerweb environment. For more information see this page: https://goauthentik.io/docs/providers/proxy/forward_auth
Settings (optional)
- Location of goAuthentik Proxy authentification outpost
- Domain level mode. If yes, uses mentioned mode of auth, else switches to single application mode. See goAuthentik docs.
- List of auth_request_set variables and proxy_set_header parameters in order to define,which authentication data nginx passes to proxified service
Implementations ideas (optional)
As I understand, It is required to allow plugin to extend the nginx config file of reverse-proxy plugin and add additional config file to extend server block. Also this plugin can be extended to generic auth_request plugin with pre-defined goAuthentik config templates
Is this then specific to Authentik or will this work in a standardised way (i.e. also supporting Authelia and Keycloak)?
In my opinion, it can be done so:
- Presets for goAuthentik, Authelia and Vouch Proxy (via environment variable)
- About Keycloak - as I remember, Keycloak gatekeeper is discontinued, so I'm not sure, but I can be wrong
- For everything else - option to set generic proxy authenticator
Hello @alexanderadam and @dmigis,
I can confirm that supporting auth_request is more elegant IMO and will allow using different authentication providers. Will be added in 1.4.1.
Hello @dmigis and @alexanderadam,
Generic support for auth_request is now added to BunkerWeb 1.4.1 without any external plugin needed. See the documentation, Authelia example and Authentik example.