Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Keycloak issuer #2865

Open
HWiese1980 opened this issue Oct 31, 2023 · 1 comment
Open

Allow Keycloak issuer #2865

HWiese1980 opened this issue Oct 31, 2023 · 1 comment
Labels
area-routing feature-request proposal

Comments

@HWiese1980
Copy link

Describe the solution you'd like
I have a Keycloak authentication service running in my K8s cluster and would like to use that to authenticate fission calls

Describe alternatives you've considered
It might be possible to use some middleware to make Fission work with Keycloak

Additional context
I'm also using Traefik as ingress controller. My other services that run on my K8s cluster are secured using mesosphere/traefik-forward-auth. That works like a charm. But that's for websites with a frontend where users can log in. That wouldn't work for RESTful APIs where no human user can user enter credentials.
@sanketsudake
Copy link
Member

@HWiese1980 If you are already using traefix ingress and auth you can just route traffic from router via traffic ingress and use auth you are already using.

Other way is using any oauth2-proxy which sits in front of fission router.

As of now Fission router supports basic auth, we may extend it to support for consuming OIDC provider in future. But I don't think we can do beyond that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-routing feature-request proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HWiese1980 @sanketsudake