Hello,
I’m using Keycloak (19.0.1-legacy) to secure several apps behind Traefik Proxy with traefik-forward-auth handling the OIDC SSO. This works well for user interactive logins. I can login to any one of my apps and the other apps are then also authenticated.
My trouble comes from trying to create a monitor (using NodeRed) to check a few web pages - basically to logon, request a page and report on the status code and response time.
I can use Postman to request an Access Token and then send a request to my app with the Bearer token, but it always redirects to the Keycloak login page.
user-interactive
http GET request app → redirect to keycloak login page → authentication → redirect back to app.
monitor
request access-token with six month expiry
http GET request app with bearer: access-token → redirect to keycloak to confirm valid token → redirect back to app. (does not work).
.
- Is this the right concept for authenticating non-interactively?
- Does the web app need to be changed in any way (I’m using a simple test app https://hub.docker.com/r/containous/whoami) ?
- Does Keycloak need additional settings to accept the bearer token?
- Do I need to set additional cookies?
Sorry for all the questions - I’ve been picking at this on and off for months, but still unsure where I need to focus my efforts.