I am playing around with the keycloak (http://www.keycloak.org/) SSO framework. I want to have a central service for the user registration, password policy, OAuth2, permissions, grants, roles, login via Google, Facebook and more.
I am a RESTful API enthusiast and want to have all important services as APIs available. Thus, the GUI and application logic are properly seperated what allows me to change the GUI very easily if I like to do so. This is important to me, as we have React, Vue.js, Play, Bootstrap and more...
Furthermore, my micro-services and APIs are all behind the traefik (https://traefik.io/) load balancer.
The keycloak auth proxy that is being used in this project is maintained by https://github.com/8gears/keycloak-auth-proxy. This guy(s) is/are really responsible for the proxy auth software.
Use the scripts and knowledge in this repo when you want to play around with keycloak auth proxies. Secure your API with roles and grants configured in the keycloak SSO framework.
git clone https://github.com/ibuetler/keycloak-auth-proxy-golang.git
cd keycloak-auth-proxy
./create_docker.sh
Please adjust the following files for your environment
./config
./docker-compose.yml
docker-compose upPlease adjust the ./start_via_traefik.sh for your needs
./start_via_traefik.shIf you don't want to 'build' the docker image, pls use the following docker hub
- example of what the upstream server receives from the auth Proxy
GET / HTTP/1.0
Host: hsr.requestcatcher.com
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip
Accept-Language: en-US,en;q=0.5
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJyUnJMRnl4ejhhOTh3c0V2UkRoU3c2OFBpZTRna0c0c1lfa2dDbmM1WUxrIn0.eyJqdGkiOiI2YjY5Yzk4Yy01MjU3LTRjNzQtOTFjYi0zNmE2NGMwY2YzZWQiLCJleHAiOjE1MTkyMjc2NDEsIm5iZiI6MCwiaWF0IjoxNTE5MjI3MzQxLCJpc3MiOiJodHRwczovL2F1dGguaWRvY2tlci5oYWNraW5nLWxhYi5jb20vYXV0aC9yZWFsbXMvSGFja2luZy1MYWIiLCJhdWQiOiJrZXljbG9hay1kZW1vIiwic3ViIjoiNjFiNDk0MjYtMmEzZC00NWY3LTkwMmEtMjJiMjdjYTMxY2E2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstZGVtbyIsImF1dGhfdGltZSI6MTUxOTIyNzM0MSwic2Vzc2lvbl9zdGF0ZSI6ImFhMjNhZGJhLTdlMzEtNDMwMi04N2M0LWQ3YzhjZDkxMmM5NSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9kZW1vLmlkb2NrZXIuaGFja2luZy1sYWIuY29tIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJnbG9ja2VuIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiSGFucyBNdXN0ZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpYnVldGxlckBoc3IuY2giLCJnaXZlbl9uYW1lIjoiSGFucyIsImZhbWlseV9uYW1lIjoiTXVzdGVyIiwiZW1haWwiOiJpYnVldGxlckBoc3IuY2gifQ.Et83c8BlKUVGLVY0glDgDDym1mkkTeDe04z6VZi81jSRPDB-A_lSxXcB633Roz8q16QWFvMb2PZKDqlnkvJSKIbbbzw1N6yJHyitHh8meUS0OHg8W2IG5Y4J4CYK9B98J0UxtAXoW3U-AqlC85tNY_DXQ8k2PxpBzADxDk9c-BCpF9nyowTxwJaI3TZNl_CSk8d6XuXK8OW_15DuX8Uku8orpWYLhldALm8Yt9TnuztxQ5kkox_yBFHpiD3mSHwfDmEOKxwydHT72HSoe2olxflRN5KRAail-f5vJJwBrEO1NFUyJ1qR5yPuJXO-WPmhSVeDzI03jiX8DTnVidPB3g
Cache-Control: no-cache
Connection: close
Cookie: kc-access=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJyUnJMRnl4ejhhOTh3c0V2UkRoU3c2OFBpZTRna0c0c1lfa2dDbmM1WUxrIn0.eyJqdGkiOiI2YjY5Yzk4Yy01MjU3LTRjNzQtOTFjYi0zNmE2NGMwY2YzZWQiLCJleHAiOjE1MTkyMjc2NDEsIm5iZiI6MCwiaWF0IjoxNTE5MjI3MzQxLCJpc3MiOiJodHRwczovL2F1dGguaWRvY2tlci5oYWNraW5nLWxhYi5jb20vYXV0aC9yZWFsbXMvSGFja2luZy1MYWIiLCJhdWQiOiJrZXljbG9hay1kZW1vIiwic3ViIjoiNjFiNDk0MjYtMmEzZC00NWY3LTkwMmEtMjJiMjdjYTMxY2E2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstZGVtbyIsImF1dGhfdGltZSI6MTUxOTIyNzM0MSwic2Vzc2lvbl9zdGF0ZSI6ImFhMjNhZGJhLTdlMzEtNDMwMi04N2M0LWQ3YzhjZDkxMmM5NSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9kZW1vLmlkb2NrZXIuaGFja2luZy1sYWIuY29tIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJnbG9ja2VuIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiSGFucyBNdXN0ZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpYnVldGxlckBoc3IuY2giLCJnaXZlbl9uYW1lIjoiSGFucyIsImZhbWlseV9uYW1lIjoiTXVzdGVyIiwiZW1haWwiOiJpYnVldGxlckBoc3IuY2gifQ.Et83c8BlKUVGLVY0glDgDDym1mkkTeDe04z6VZi81jSRPDB-A_lSxXcB633Roz8q16QWFvMb2PZKDqlnkvJSKIbbbzw1N6yJHyitHh8meUS0OHg8W2IG5Y4J4CYK9B98J0UxtAXoW3U-AqlC85tNY_DXQ8k2PxpBzADxDk9c-BCpF9nyowTxwJaI3TZNl_CSk8d6XuXK8OW_15DuX8Uku8orpWYLhldALm8Yt9TnuztxQ5kkox_yBFHpiD3mSHwfDmEOKxwydHT72HSoe2olxflRN5KRAail-f5vJJwBrEO1NFUyJ1qR5yPuJXO-WPmhSVeDzI03jiX8DTnVidPB3g; kc-state=ZZwvyfEEMrQ/cY9uItDaS9ncJ0ukiuFjNVqQddNJoIsEFwX1SgotAEvsFbzKlMZ4641tvoy+s1b4vcwrTAoeyrz4uVp/Py0i5c4108qjAXG2N2ZFariGLfDk8cS/Fq6/WPsBo7izB9ytTxDJUEuvX08q8uHm0QFf8kDka21Ry82PdPzGGO7WmUIRW3lN/aFP9rAC1P8iRTeKqB6Y+tFRb6KAaJIW3MGJwAO+rOibjCkijTHAS40f2bylC6sJrUhIIRDzLq6a3kDghPu36v4nQIAGSctEYO2t7R3alN0CXpoBIrlMhAwbiyXiq+neWb6EzNoLnOBUBANSfc5OQh9GtRQQ0+JY18zM3PFqah81u1P0MErr6mcQVagaTmAaO79d6VLP5G95DuQLT3+b8kvAB/DI+ndQuJlewcrDklVwzG6NArvvMcwagONg2w48X8TdmJ0LgoKVFGCzMCZxQ2rvjy8orh3ROj0hWnzKHLWKpPAQ0Sv2N4E7HBr6co8OTqeIoK9hXLzyIQAzSn7s2WMfgJRGK1S9XVlMq16MpjX5lD8qI7LgfTxK3op8saKLvVITbYbxrGtFQsFXJWgzaPuukI+jD6r1zql3VFOh1g21dCFcN/NUcUVBkv26z3RDz96ZT0ezQ3K6LSwcgJ/lhrMRYfngPSl933/vheKmZ3jLmweUR1KANa3fpn+/bM8oYGrJM2OyzjNmC6v/mGdUbSpgDykFvaJ+7Dg0XOxgqmsJ9eIE2S5x8h1vJ6XCmHwTdxqEv/BEk7GRB2OBBMFGTc7D0Bz+dx45PMfPNHQJTeFmyvNvkvPMDuJMe76Phk82R7v1Weq4x+9XUz4c0aL7M9KEvFCj0HQvsONVF7n6mraBLXT/5GwU93f5gakijwiT8XMlX+lLzzAk2opFq9hSI3F1ToA5yh/OkjorO3PzPgzTfwUvMkrsWCQBJBf0xR+PBvk+28eD0BFqBvu1ukXh1UBwZY00EIa3LC/2NeSVu0JytHd7hsTJDbhDBDjrYRgDjPpJ4+8mSWrieZPJhArMMIHKAtuL1lT8BTnpdSCusuV32qG8IgfV2psYpR7CkpnBQAiUxXVZYtyGMMTz56eECOgD1KGtRrdWqh6XdUALGG1TF6/qGa73DoS0gBncWTpqmdbhV/B14r9Y/wTVEHnQf5oYwooO35qHcKxfAKll7LwalQj/tBmfCxFkv2P8ZqQYc3wcZhYW+OTcu1aGtlFe8qV/OsnqkCa509yYYIA9hCwxokohsjzbwfM267i6O0SEojDu92Yh104X8oRc1TFcuIwaqkC2ODr0vs9rApb+w2/aUUP4T8PecgI2JscnfJ1DkO1GdVrqij40E1Jz1hy2wq+vHvCukpZuSjEEPfQk21cB/WbQ7TiYvsUsVpITFMoke7W3xSBOVNXazZ0qdqYhvsH4rMy8Ks+2n+Cf7pyCmof0/LPEdsieWH0XXBlJohDjX+1N+9zSAVnURl8EsRBJsNBBT+ZwE4q/GNZILC4
Dnt: 1
Pragma: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0
X-Auth-Email: ibuetler@hsr.ch
X-Auth-Expiresin: 2018-02-21 15:40:41 +0000 UTC
X-Auth-Groups:
X-Auth-Roles: glocken,uma_authorization,account:manage-account,account:manage-account-links,account:view-profile
X-Auth-Subject: 61b49426-2a3d-45f7-902a-22b27ca31ca6
X-Auth-Token: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJyUnJMRnl4ejhhOTh3c0V2UkRoU3c2OFBpZTRna0c0c1lfa2dDbmM1WUxrIn0.eyJqdGkiOiI2YjY5Yzk4Yy01MjU3LTRjNzQtOTFjYi0zNmE2NGMwY2YzZWQiLCJleHAiOjE1MTkyMjc2NDEsIm5iZiI6MCwiaWF0IjoxNTE5MjI3MzQxLCJpc3MiOiJodHRwczovL2F1dGguaWRvY2tlci5oYWNraW5nLWxhYi5jb20vYXV0aC9yZWFsbXMvSGFja2luZy1MYWIiLCJhdWQiOiJrZXljbG9hay1kZW1vIiwic3ViIjoiNjFiNDk0MjYtMmEzZC00NWY3LTkwMmEtMjJiMjdjYTMxY2E2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoia2V5Y2xvYWstZGVtbyIsImF1dGhfdGltZSI6MTUxOTIyNzM0MSwic2Vzc2lvbl9zdGF0ZSI6ImFhMjNhZGJhLTdlMzEtNDMwMi04N2M0LWQ3YzhjZDkxMmM5NSIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cHM6Ly9kZW1vLmlkb2NrZXIuaGFja2luZy1sYWIuY29tIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJnbG9ja2VuIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiSGFucyBNdXN0ZXIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJpYnVldGxlckBoc3IuY2giLCJnaXZlbl9uYW1lIjoiSGFucyIsImZhbWlseV9uYW1lIjoiTXVzdGVyIiwiZW1haWwiOiJpYnVldGxlckBoc3IuY2gifQ.Et83c8BlKUVGLVY0glDgDDym1mkkTeDe04z6VZi81jSRPDB-A_lSxXcB633Roz8q16QWFvMb2PZKDqlnkvJSKIbbbzw1N6yJHyitHh8meUS0OHg8W2IG5Y4J4CYK9B98J0UxtAXoW3U-AqlC85tNY_DXQ8k2PxpBzADxDk9c-BCpF9nyowTxwJaI3TZNl_CSk8d6XuXK8OW_15DuX8Uku8orpWYLhldALm8Yt9TnuztxQ5kkox_yBFHpiD3mSHwfDmEOKxwydHT72HSoe2olxflRN5KRAail-f5vJJwBrEO1NFUyJ1qR5yPuJXO-WPmhSVeDzI03jiX8DTnVidPB3g
X-Auth-Userid: ibuetler@hsr.ch
X-Auth-Username: ibuetler@hsr.ch
X-Forwarded-For: 152.96.214.217
X-Forwarded-For: 152.96.214.217
X-Forwarded-Host: hsr.requestcatcher.com
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: idocker-prod
X-Real-Ip: 152.96.214.217
