I’m having a hard time correctly configuring the Gatekeeper. I’m not even sure it supports my use case, but I can’t really find any description (that I can understand) on what use cases it does support, what its intended to do or what it’s limits are.
My use case seems pretty trivial, but I’ll define it:
I have a Keycloak server as an identity provider, one service and one web frontend. The frontend is to authenticate the user, then pass on the access token when sending requests to the service. Since HttpOnly cookies aren’t that easy to aquire in a frontend only situation, I had to build a authentication proxy backend to it. Auth is however something I don’t want too much custom code in, and the Gatekeeper looked promising.
My need is / I need something to:
- Exchange the code from keycloak to a token and send it back to the user agent as an HttpsOnly cookie
- Proxy requests from the user agent to the service and turn the HttpsOnly access token cookie into an Authorization header bearer token
Is this something the Gatekeeper can do? Is there some guide on how to configure it like this? Any examples? The JSESSIONID cookie, is this also something that should be HttpsOnly?
Right now its set up like this:
- The user agent login button redirects the user to the Gatekeeper (https://gatekeeper:3000/)
- The Gatekeeper sees that the user isn’t authenticated and redirects the user to the Keycloak login form
- User logs in, and the redirect uri points to Gatekeeper’s /oauth/callback url which Keycloak then redirects to on successful login
- Blank screen because the Gatekeeper doesn’t redirect the user back to the site. The HttpsOnly cookie is likely set somewhere strange since theres nothing to redirect to.
Thanks alot for taking the time to read through. Sorry if theres something obvious I’m missing
Gatekeeper config.yaml: https://pastebin.com/AS6zDUPh