redpanda-data
Add Keycloak support
Add Keycloak as supported identity provider for RBAC authentication & authorizations, possibly using claims and claim mappings.
Moved into the 1.6 milestone because the Keycloak session information were too large for a cookie. Therefore we will need to implement a proper session management which was overdue anyways.
@weeco Were the plans to support Keycloak dropped? I can't find any mentions of it within this repo.
Additionally, is it possible to connect to a schema registry that has its authentication managed by Keycloak?
@internetcoffeephone No in fact I can close this issue now because Keycloak support has been added. But it's an enterprise feature (all SSO & Authorization features are part of the Redpanda Enterprise platform).
Depending on how the authentication in front of the schema registry interface looks like (is it just basic auth or something else?) this may already be supported and doesn't require an enterprise license. See the available options here to configure the schema registry connection: https://github.com/redpanda-data/console/blob/ba18a0eecb1e97c2da8250ee66011121e876117e/docs/config/console.yaml#L62-L73
Thanks for your answer!
For the schema registry, it is not basic authorization but OAuth using OpenID Connect, as shown here.
That is not supported and wasn't meant to be covered by this issue. This issue refered to the authentication into Console using Keycloak.
However, if you want to add OAuth support to the schema registry client this would be totally possibly by extending the schema registry client code here: https://github.com/redpanda-data/console/blob/master/backend/pkg/schema/client.go .