Given a configured keycloak server, is it possible to use this site along with oidc to support multiple users?

[lknite]

I've noticed there is a heimdall oauth2 server so I'm betting there is already an integration available. Maybe?

I've looked into an authenticating proxy: https://github.com/oauth2-proxy/oauth2-proxy

Which has an example of being an interface in front of the kubernetes dashboard, which knows how to accept the token passed along by the oauth2-proxy. Is it possible heimdall apps also knows how to work with such a token? https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/

[lknite]

k, got this working yesterday, have got heimdall setup behind an oauth2-proxy and have set it up to pass along a bearer token

Can heimdall use this token to allow different users access to their own heimdall desktop?

[lknite]

Updated my clusters and redeployed this again. So far this is my favorite dashboard-type app. Hoping it might be possible to support multiple users / oidc.

[lknite]

On the heimdall side, my oauth2-proxy configuration in the annotation section:

      annotations:
        # use oauth2-proxy for login & obtain bearer token
        nginx.ingress.kubernetes.io/auth-url: "https://oauth2-proxy.vc-prod.k.home.net/oauth2/auth"
        nginx.ingress.kubernetes.io/auth-signin: "https://oauth2-proxy.vc-prod.k.home.net/oauth2/start?rd=$escaped_request_uri"

        # header to watch for
        nginx.ingress.kubernetes.io/auth-response-headers: authorization

        # in the following everything after $upstream_http_ is the header you want to pass along to target app
        nginx.ingress.kubernetes.io/configuration-snippet: |
          auth_request_set $token $upstream_http_authorization;
          add_header Authorization $token;

[lknite]

Closing here and opening as a discussion: https://github.com/linuxserver/Heimdall/discussions/898