kong-plugin-jwt-keycloak icon indicating copy to clipboard operation
kong-plugin-jwt-keycloak copied to clipboard

Published 20 hours ago verified publisher icon gbbirkisson

Create tutorial to use with Nokia plugin

Open gbbirkisson opened this issue 5 years ago • 3 comments

Create wiki entry to explain how to use with Nokia plugin.

gbbirkisson avatar Aug 14 '19 11:08 gbbirkisson

hi gbbirkission

thanks for providing this nice plugin.

Currently i am also facing the issue to use the nokia oidc in front of the jwt-keycloak plugin. Unfortunatly i am not able to access the wikipedia page (it will never show). Could you post the explaination also here?

Kind Regards

1naboki1 avatar Oct 30 '19 13:10 1naboki1

Hi, I'm glad you can make use of this plugin :)

I am finally working on the tutorial. It is not ready yet. I'm trying to get help to finish it. See this issue for further discussion: https://github.com/gbbirkisson/kong-plugin-jwt-keycloak/issues/7

If you want to see what I got so far, look at the branch: https://github.com/gbbirkisson/kong-plugin-jwt-keycloak/tree/oidc/demo/nokia-oidc

gbbirkisson avatar Nov 08 '19 09:11 gbbirkisson

Thanks for the reply

So far i managed to run in my docker-composer.yaml to have oidc and jwt-keycloak plugin running in kong 1.3, and that the oidc plugin is attaching the token to the "Authorization" header (instead of X-Auth...), which is picked up by jwt-keycloak, after that i wrote a plugin which will validate the permissions against keycloak, that works for me perfect locally

I am facing an other bottleneck in our deployment... we are using the kong ingress controller in our staging area, and when the local plugins are staged, the kong oidc will run as expected, but the jwt-keycloak and permission-keycloak will fail validating the token (get_issuer). Furthermore its not even failing, it blocks the whole kong-admin pod, and will force the kong ingress controller to restart, after the liveness probe fails.

That only happens when a valid token will be validated, if i send some foos as token i get the correct error handling.

I tested this so far with the retrieve_token function of kong 1.1. and also the new one (where you can customize the headers, instead of the hard-coded one).

My guess is that i have to make a KongPlugin-CRD with a validate configuration, but so far i did not manage to get this to work.

Kind Regads

1naboki1 avatar Nov 08 '19 10:11 1naboki1

I am about to archive this repository. Please move your issues/PRs the successor of this repo: https://github.com/telekom-digioss/kong-plugin-jwt-keycloak

gbbirkisson avatar Aug 14 '23 14:08 gbbirkisson