Hello,
I have deployed keycloak and oauth2 in my kubernetes cluster. Also, want to protect my 2 web application with keycloak so I have installed 2 application and nginx ingress is used to redirect the request to keyloak login page. I want to restrict my user to access the application. For example the user1 can access the application app1 but not app2 and user2 can access both application and user3 can access app2 but not app1. I have created 3 separate group and added users to it. But none of the user is not able to login to application if I didn’t add email address in their profile. But If I add an email address all users can login to all application. Can somebody help me what wrong configuration I did?.
Adding my oauth2 env variables
- args:
- --provider=oidc
- --email-domain=*
- --upstream=file:///dev/null
- --http-address=0.0.0.0:4180
# Register a new application
env:
- name: OAUTH2_PROXY_OIDC_ISSUER_URL
value: http://192.24.89.227:8080/realms/local
- name: OAUTH2_PROXY_REDIRECT_URL
value: https://domain-test.com/oauth2/callback
- name: OAUTH2_PROXY_CLIENT_ID
value: gatekeeper
- name: OAUTH2_PROXY_CLIENT_SECRET
value: RjU60ILJdvcX7Lj1Nwb
- name: OAUTH2_PROXY_COOKIE_SECRET
value: GKNuz-mmMK4PONLK7wJ
- name: OAUTH2_PROXY_UPSTREAM
value: https://domain-test.com
value: https://anotherdomain-test.com
- name: OAUTH2_PROXY_SSL_INSECURE_SKIP_VERIFY
value: "true"
- name: OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL
value: "true"
- name: OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER
value: "true"
- name: OAUTH2_PROXY_SSL_UPSTREAM_INSECURE_SKIP_VERIFY
value: "true"
- name: OAUTH2_PROXY_GROUPS_CLAIM
value: groups
- name: OAUTH2_PROXY_ALLOWED_GROUPS
value: my-app
- name: OAUTH2_PROXY_SKIP_PROVIDER_BUTTON
value: "true"
- name: OAUTH2_PROXY_SET_AUTHORIZATION_HEADER
value: "true"
I have tried the steps which is mentioned in the below stack overflow page but it didn’t help.
I was trying to fix this for long time. so can somebody help me here ?
thanks in advance.