You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/07/20 15:17:56 UTC

[GitHub] [apisix] cgodefroy92 edited a comment on issue #4616: Keycloak integration

cgodefroy92 edited a comment on issue #4616:
URL: https://github.com/apache/apisix/issues/4616#issuecomment-883477444


   Thanks for your help. I understand that the IPs should be the same in order to make the Keycloak authentication with the jwt token works.
   However I don't understand how to to do that. The only way I have found for the moment is by configuring the public IP of the Keycloak service in the APISIX route for the discovery end-point of the authz-keycloak plugin. I think it is not a good practice. I would prefer the request for the discovery plugin stay inside kubernetess.  
   In the other side, I don't know how to ask Keycloak a jwt token on the public ip of keycloak and force keycloak to return a jwt 
   payload with the internal IP of the keycloak server in the iis field value.
   
   To fix the idea, here is my architecture :
   
                        
   ![Capture d’écran 2021-07-20 à 08 23 29](https://user-images.githubusercontent.com/28594536/126350034-045c88af-cef4-4d8a-92e3-da99696f406c.png)
                           
                            
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org